- #How to enter win500 client registration key install#
- #How to enter win500 client registration key windows#
#How to enter win500 client registration key windows#
In this article we do this using Azure Application Proxy, however you can achieve the same by using the Windows Application Proxy (WAP). The portal is having issues getting authentication tokens for Microsoft_Intune_DeviceSettingsĪs a next step, we need publish your NDES server to the Internet and generate an external FQDN. If this is not done, none of your devices will be able to receive a SCEP certificate profile and you’ll see the following authentication error messages within the Intune Ibiza portal: These settings will make sure that the NDES server can receive https requests which are large in size. Next, launch Registry Editor (regedit) and go to HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters, then edit the values as shown here: On the NDES computer, open IIS Manager and select Default Website -> Request Filtering then select Edit feature settings’:Ĭonfigure Maximum URL length and Maximum query string as shown below: The NDES server needs to accept long URL requests so we first need to configure IIS accordingly. Once the installation completes, we now need to do a few steps to finish configuring the NDES computer. This information will be used when the signing certificate is created:Ĭonfigure the cryptography as shown below:Ĭontinue through the wizard to complete the installation of NDES. Leave RA Information set to the defaults. Please note that the CA and the NDES server must be installed on separate servers. Now we need to connect your Enterprise CA with the NDES server. Next, choose the NDES service account you created for the service account: Wait until installation completes, then start the post-installation steps:Ĭhoose Network Device Enrollment Service: On the computer you want to use for the NDES role, open Server Manager and select Add Roles and Features:Ĭhoose Role-based or feature-based installation: That’s it for the account, so now we can start with the configuration of the NDES computer. This will set the SPN for your NDES service account. Logon to your NDES server, open command prompt, then run the command below: Now we need to set the SPN for the NDES service account. Logon to your Enterprise CA and add the NDES service account on the Security tab with ‘Request Certificates’ permissions: Next, we need to add the proper permissions for this account on your Enterprise CA. Add the newly created account into the local group IIS_IUSRS: Once the account is created, go to the computer you want to use for the NDES role and run compmgmt.msc (Note that the NDES computer should be running Windows Server 2012 R2 or later). This is the account that will be used to request the SCEP certificate from your Enterprise Certification Authority (CA).
#How to enter win500 client registration key install#
īefore we install the NDES server, we first need to create a new service account in your Active Directory domain using Active Directory Users and Computers.
We’ll walk through each of these in order, however before you start please go through the pre-requisites for setting up SCEP which are described here.
In this post, Mingzhe goes through setting up and configuring NDES for SCEP certificate deployments in Intune. Hi everyone, today we have another post from Intune Support Escalation Engineer Mingzhe Li.