Certificate Enrollment Policy creation for Certificate Enrollment Policy Web Service (CEP) fails with error code "WS_E_INVALID_FORMAT".

Assume the following scenario:

  • A Certificate Enrollment Policy Web Service (CEP) is implemented in the network.
  • An enrollment policy is configured.
  • Testing the connection fails with the following error message:
Error: The input data was not in the expected format or did not have the expected value. 0x803d0000 (-2143485952 WS_E_INVALID_FORMAT)

The Certificate Enrollment Web Services (Certificate Enrollment Policy Web Service, CEP, and Certificate Enrollment Web Service, CES) enable the automatic request and renewal of certificates from a certification authority via a Web-based interface. This eliminates the need to contact the certification authority directly via Remote Procedure Call (RPC). For a more detailed description, see the article "Certificate request basics via Certificate Enrollment Web Services (CEP, CES)„.


Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

This error usually occurs when the CEP URL is written incorrectly. A service responds (in this case the IIS default web page, since the entered URL points to it), but it is not the CEP service.

Related links: