Internal server error 500 while trying to access NDES Web sites: MSCEP and MSCEP_Admin
Problem Description:
Getting an internal server error 500 while trying to access NDES sites – MSCEP and MSCEP_Admin.
Cause:
Private keys were not available.
Resolution:
- Problem started after renewing the certificates on NDES Server enrolled using “Exchange Enrollment Agent (Offline request)” and “CEP Encryption” templates.
- Tried to verify permissions on private keys (Open Certlm.msc and navigate to Personal > Certificates > Right Click on the Certificates and click on Manage Private Keys) – Encountered Error: Private keys cannot be found.
- Issued the certificates using “Exchange Enrollment Agent (Offline request)” and “CEP Encryption” templates again.
- Assigned the service account permissions on private keys.
- Removed the NDES role, rebooted the server and Reinstalled the role.
- Error changed from 500 to HTTP Error 404.2 – Not Found
- The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.
- Opened IIS > Selected the server and in Features list > ISAPI and CGI Restriction > Added C:\Windows\System32\CertSrv\mscep\mscep.dll
- Tried to access the site again and it worked.