This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 73%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Hello,
I'm just curious about a behaviour in my NDES deployment and I hope that someone with experience can answer my question. I will use NDES NOT with intune, but with other MDM solution, it's JAMF Pro. I've followed the instructions of the deployment, and everything seems fine and I can get a challenge password and also simulate cert enrollment and works fine, however, I have a question about the NDES service account authentication to the mscep_admin page. Unfortunatelly, the MDM is still being prepared as it's not within my scope, I was just responsible for preparing NDES, so, I had no real production test. Let me explain more:
1- if I navigate to "https://localhost/certsrv/mscep/mscep.dll" it opens successfully.
2- if I navigate to "https://localhost/certsrv/mscep_admin" also works fine and I can get a challenge password, I mean the page opens successfully.
3- if I navigate to "https://FQDNofNDES/certsrv/mscep/mscep.dll" also opens fine, but;
4- if I navigate to "https://FQDNofNDES/certsrv/mscep_admin", this time the page doesn't open and I get a login popup, when I enter the service account credentials (or even an enterprise admin credentials) it refuses to authenticate and the page doesn't open (I have more clarification about this point a bit below), so.
Hint: the mscep_admin authenticates successfully with the local admin account of the machine, so I believe the issue now is in the Active Directory (in other words Windows Authentication?)
Now, my question is, is the setup okay and MDM will be able to authenticate in a programatic way (maybe)? or this means that there's something wrong? I can't wait till the MDM is ready to be tested, I need to be sure that my work is fine.
One observation about the login. I have actually two NDES servers with identical con figuration, on one of them the service account can authenticate (as in remark #4) and the mscep_admin page opens, but the other server refuses the authentication. I believe something in IIS needs to be changed, I've applied couple of changes to IIS on both machines, one succeeded as I've mentioned, but not for the other server, and it only says that authorization fails, again, both servers works fine with "localhost" as the hostname in the URL.. so, I hope my clarification was clear and my question as well.
Awaiting your kind help please!
I have anupdate to share, after spending many hours troubleshooting this. it's the EDGE web browser's issue. I've installed chrome on the same machine(s) and the authentication of the SA account worked perfectlly fine. Thanks Microsoft for the problematic Edge browser
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.
NDES (Network Device Enrollment Service) is a component of Microsoft Certificate Services that enables the secure distribution of digital certificates to network devices such as routers, switches, and firewalls.
If your NDES server is working with "localhost" but failing to authenticate with the fully qualified domain name (FQDN), it is likely a configuration issue. Here are a few things you can check:
If these steps do not resolve the issue, you may need to consult the event logs or perform further troubleshooting to determine the root cause of the authentication failure.
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.
Double post
Thsnks for responding. I've already mentioned above that my problem got fixed. it was all about Microsoft Edge, I shifted to Chrome and the authentication worked fine. No idea what's Edge's problem. Don't use Microsoft Edge for testing guys!