NDES and SCEP: A security error occurred 0x2f8f (WinHttp: 12175 ERROR_WINHTTP_SECURE_FAILURE)

I was recently trying to get a device to retrieve a new certificate via SCEP and NDES through a Windows Server Certificate Authority.

Our HTTPS certificate had recently changed, so I had updated IIS however I was still receiving this error:

PkiStatus(2): SCEPDispositionFailure
FailInfo(1): SCEPFailBadMessageCheck
EnrollStatus(256): EnrollDenied
A security error occurred 0x2f8f (WinHttp: 12175 ERROR_WINHTTP_SECURE_FAILURE)

I originally couldn’t find anything about error code 0x2f8f however a similar error code pointed me to a help article from Microsoft.

Turns out there’s a Certificate Thumbprint stored in the registry at the registry location below. Updating this thumbprint allowed things to work.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\Modules\NDESPolicy\NDESCertThumbprint

After updating this value, make sure you restart the Intune Connector Service (and give the Certificate Private Key access if you used a domain account for the service).

Failed to send http request /CertificateRegistrationSvc/Certificate/VerifyRequest. Error 12186

PkiStatus(2): SCEPDispositionFailure
FailInfo(1): SCEPFailBadMessageCheck
EnrollStatus(256): EnrollDenied
The client certificate credentials were not recognized. 0x2f9a (WinHttp: 12186 ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY)

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

 

More Posts