Verify on-premises NDES configuration for SCEP certificates in Intune
This article gives troubleshooting steps to help determine whether you have correctly configured your on-premises infrastructure to use Simple Certificate Enrollment Protocol (SCEP) certificates in Microsoft Intune.
Complete these steps to validate your on-premises Network Device Enrollment Service (NDES) configuration.
Open the Validate-NDESConfiguration.ps1 script and copy it to your NDES server.
On the NDES server, run PowerShell as administrator. You may have to change PowerShell ExecutionPolicy to Unrestricted to run the script.
Do not forget to change it back to the original setting once done .
Values for the following parameters are required:
This is the account that you created in the Accounts section of the Configure infrastructure to support SCEP with Intune.
The following format is used: Domain\<username>. For example: contoso\ndes.
Do not specify the root domain part of the account such as contoso.lab\ndes as this does not work.
This is the fully qualified domain name (FQDN) of your issuing certification authority (CA) server such as dc2.consoto.lab.
This is the template name that is specified in the Configure the certification authority section of the Configure infrastructure to support SCEP with Intune.
The following screenshot occurs when the Validate-NDESConfiguration.ps1 script is run.
Type Y to continue.
The Validate-NDESConfiguration.ps1 script continues and finishes all required checks.
When the Validate-NDESConfiguration.ps1 script is finished, you are prompted to generate a report.
Type Y or N to review the reports.