Share via

Unable to issue certs through SCEP : The client and server cannot communicate, because they do not possess a common algorithm

SChau 26 Reputation points
2021-10-12T01:24:53.667+00:00

NDES/SCEp configured as per MS docs , but SCEP certificates cannot be issues to clients . I get these errors on the server event logs , intune > CertificateConnectors > Operational

Event ID : 2

SCEP Policy Module:

Error occured while processing verify request.

System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)

at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)

at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, X509Certificate2 selectedCert, Flags flags)

at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)

at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)

at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)

at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)

at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)

at System.Net.TlsStream.BeginWrite(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback asyncCallback, Object asyncState)

at System.Net.ConnectStream.WriteHeaders(Boolean async)

--- End of inner exception stack trace ---

at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)

--- End of inner exception stack trace ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Intune.Connectors.AgentAuth.RestUserAuthLocationServiceProvider.<RefreshServiceMapAsync>d__10.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Intune.Connectors.AgentAuth.RestUserAuthLocationServiceProvider.<GetServiceEndpointAsync>d__9.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Intune.Connectors.AgentAuth.IntuneServiceClient.<RequestAsync>d__10.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Intune.Connectors.ScepValidationClient.<PostAsync>d__12.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Intune.Connectors.ScepValidationClient.<ValidateRequestAsync>d__9.MoveNext()

--- End of inner exception stack trace ---

at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)

at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)

at System.Threading.Tasks.Task.Wait(TimeSpan timeout)

at Microsoft.Intune.Ndes.PolicyModule.NDESPolicy.VerifyRequest(CertificateTransferData certRequest, CertificateTransferData signingCertForRenewal, String templateName, String transactionId)

at Microsoft.Intune.Ndes.PolicyModule.NDESPolicyInterop.VerifyRequest(_CERTTRANSBLOB& pctbRequest, _CERTTRANSBLOB& pctbSigningCertEncoded, UInt16& pwszTemplate, UInt16& pwszTransactionId)

---> (Inner Exception #0) System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)

at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)

at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, X509Certificate2 selectedCert, Flags flags)

at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)

at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)

at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)

at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)

at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)

at System.Net.TlsStream.BeginWrite(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback asyncCallback, Object asyncState)

at System.Net.ConnectStream.WriteHeaders(Boolean async)

--- End of inner exception stack trace ---

at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)

--- End of inner exception stack trace ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Intune.Connectors.AgentAuth.RestUserAuthLocationServiceProvider.<RefreshServiceMapAsync>d__10.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Intune.Connectors.AgentAuth.RestUserAuthLocationServiceProvider.<GetServiceEndpointAsync>d__9.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Intune.Connectors.AgentAuth.IntuneServiceClient.<RequestAsync>d__10.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Intune.Connectors.ScepValidationClient.<PostAsync>d__12.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

at Microsoft.Intune.Connectors.ScepValidationClient.<ValidateRequestAsync>d__9.MoveNext()<---

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,534 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,378 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,279 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,546 questions
0 comments
Accepted answer
  1. Crystal-MSFT 44,836 Reputation points Microsoft Vendor
    2021-10-12T03:05:24.53+00:00

    @SChau , For the error , it seems the issue is with .Net. Here, we suggest to check if TLS 1.2 is enabled and try to update and configure .NET Framework to support TLS 1.2
    https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment

    During my research, I find one issue is fixed by hardened the .Net TLS version. Maybe we can also try to see if it can help.

    Hope it can help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest