Tuesday, 17 December 2013

The Network Device Enrollment Service received an http message without the "Operation" tag, or with an invalid "Operation" tag.

We were facing this issue on one of our Microsoft NDES server setup, when tried to enrol/request certificate. IIS logs(C:\inetpub\logs\LogFiles\W3SVC1) shows the http response code being returned is 404.15. 

HTTP Error 404.15 - Not Found
The request filtering module is configured to deny a request where the query string is too long.

So server denies our request because while enrol/requesting certificate, we need to send the CSR(certificate response)in query string, so length is big. Checking the CertSrv/mscep's Request Filtering/Max Query String(bytes) setting on that erroneous server was 2048. Increasing this size to 65536 solved the issue. Between by default when you install NDES, the limit would be 65536, but looks like not always the case to be. We can also directly edit the values in applicatioHost.config(C:\Windows\system32\inetsrv\config)
Posted by at No comments:
Labels: , , ,
Location: Bangalore, Karnataka, India

Wednesday, 11 December 2013

Log4Net File logging is not logging in an ASP.NET Web Application

I had this issue, checked for issues in web.config, but turned out to be a security issue as the AppPool identity account is 'NetworkService'. Changing it to LocalSystem made it work.
Posted by at No comments:
Labels:
Location: Bangalore, Karnataka, India

Monday, 2 December 2013

Microsoft NDES - Identity User account configuration

While configuring Microsoft NDES, you would need to choose an account for impersonation(under which SCEP ISAPI runs). Below steps should help you do that.



Standalone CA
1. Open Certification Authority, go to Action, Click Properties
 
2. Security Tab, in Groups or user names, click Add.

3. Once added, Check 'Manage CA'


Enterprise CA(by default Domain Admins have default permissions)
1


1.     Create a user in DC, need not to be part of any administrator group.
2.     Go to CA Server, type ‘certtmpl.msc’. This will open certificate template window.
3.      For all marked templates (IPSec (Offline request), CEP Encryption, Exchange Enrollment Agent (Offline request)), given ‘Enroll’ permission for the added user.
4.      Double click each template, Security tab, add User and check ‘Enroll’ 

Posted by at No comments:
Labels: , , ,
Location: Bangalore, Karnataka, India
Subscribe to: Comments (Atom)