Details of the event with ID 10 of the source Microsoft-Windows-NetworkDeviceEnrollmentService

Event Source:Microsoft-Windows-NetworkDeviceEnrollmentService
Event ID:10 (0xA)
Event log:Application
Event type:Error
Symbolic Name:EVENT_MSCEP_FAILED_RA_CERT
Event text (English):The Network Device Enrollment Service cannot retrieve one of its required certificates (%1). %2
Event text (German):One of the required certificates (%1) cannot be retrieved by the network device registration service. %2

Parameter

The parameters contained in the event text are filled with the following fields:

  • %1: ErrorCode (win:UnicodeString)
  • %2: ErrorMessage (win:UnicodeString)

The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.

Example events

The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057). The parameter is incorrect.
The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070002).  The system cannot find the file specified.

Description

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

The parameter is incorrect.

See article "The Network Device Enrollment Service (NDES) logs the error message "The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057). The parameter is incorrect."„.

The system cannot find the file specified.

Even if the error message refers to the Registration Authority certificates, this event can be logged in conjunction with the error "The system cannot find the file specified" if the registry of the NDES server is not consistent , e.g. if the "EnforcePassword" registry value does not exist.

See also article "The Network Device Enrollment Service (NDES) logs the error message "The Network Device Enrollment Service cannot be started (0x80070002). The system cannot find the file specified."„.

Microsoft assessment

Microsoft writes in the TechNet Wiki to this event:

Event Description: The Network Device Enrollment Service has two certificates: a key exchange certificate used for encryption and a Network Device Enrollment Service certificate used for signing. At least one of the certificates is not available or not valid.

Diagnosis: Note the error code and error message included in the event description. The Network Device Enrollment Service certificates are stored in either the default machine certificate store (if the value of the registry entry "CertsInMyStore" is 1) or in the "CEP" store (if the registry entry does not exist or if its value is 0). Use the Certificates MMC on the enrollment service machine to check the validity of any enrollment service certificates. Verify that all of the requirements documented in Service Startup section have been met. To validate certificate chain, certutil.exe -verify command can be used.

Resolve: Resolve any errors identified in the event description. If necessary, re-enroll for a signing certificate from the Certificates MMC. See Renewing Service Certificates.

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

No description has been written for this yet.

Related links:

External sources

en_USEnglish