Problem Description:

Getting an internal server error 500 while trying to access NDES sites – MSCEP and MSCEP_Admin.

 

Cause:

Private keys were not available.

 

Resolution:

  • Problem started after renewing the certificates on NDES Server enrolled using “Exchange Enrollment Agent (Offline request)” and “CEP Encryption” templates.
  • Tried to verify permissions on private keys (Open Certlm.msc and navigate to Personal > Certificates > Right Click on the Certificates and click on Manage Private Keys) – Encountered Error: Private keys cannot be found.
  • Issued the certificates using “Exchange Enrollment Agent (Offline request)” and “CEP Encryption” templates again.
  • Assigned the service account permissions on private keys.
  • Removed the NDES role, rebooted the server and Reinstalled the role.
  • Error changed from 500 to HTTP Error 404.2 – Not Found
  • The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.
  • Opened IIS > Selected the server and in Features list > ISAPI and CGI Restriction > Added C:\Windows\System32\CertSrv\mscep\mscep.dll
  • Tried to access the site again and it worked.

 

Leave a Reply

Your email address will not be published. Required fields are marked *