Details of the event with ID 6 of the source Microsoft-Windows-NetworkDeviceEnrollmentService

Event Source:	Microsoft-Windows-NetworkDeviceEnrollmentService
Event ID:	6 (0x6)
Event log:	Application
Event type:	Error
Symbolic Name:	EVENT_MSCEP_NO_PASSWORD_TEMPLATE
Event text (English):	The Network Device Enrollment Service cannot provide its password because the user does not have enroll permissions on the configured certificate template, or the certification authority is not enabled to issue certificates based on the configured certificate template.
Event text (German):	The registration service password for the network device cannot be specified because the user does not have the required registration permissions for the configured certificate template or the certification authority is not authorized to issue certificates based on the configured certificate template.

The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.

Example events

The Network Device Enrollment Service cannot provide its password because the user does not have enroll permissions on the configured certificate template, or the certification authority is not enabled to issue certificates based on the configured certificate template.

Description

Occurs when a user logs in to the NDES administration web page who does not have permission to request certificates on the Device Certificate Template has. Without this authorization, the user is also not authorized to request a one-time password from the NDES server.

Likewise, this occurs if the certificate template configured on the NDES server has not been published on the connected certificate authority.

See also article "The Network Device Enrollment Service (NDES) administration web page (certsrv/mscep_admin) reports "You do not have sufficient permission to enroll with SCEP. Please contact your system administrator."„.

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

If this event occurs repeatedly, it may be an attempted attack and an alert should be issued. It is also possible that availability is restricted due to a misconfiguration.

Related links:

• Overview of Windows events generated by the Network Device Enrollment Service (NDES).

External sources

• Active Directory Certificate Services (AD CS): Network Device Enrollment Service (NDES) (Microsoft)