Assume the following scenario:
- A user requests a certificate.
- An enrollment policy is configured for this, which points to a Certificate Enrollment Policy Web Service (CEP).
- The connection to the CEP fails and the user receives the following error message:
Error: Access was denied by the remote endpoint. 0x803d0005 -2143485947 WS_E_ENDPOINT_ACCESS_DENIED
The Certificate Enrollment Web Services (Certificate Enrollment Policy Web Service, CEP, and Certificate Enrollment Web Service, CES) enable the automatic request and renewal of certificates from a certification authority via a Web-based interface. This eliminates the need to contact the certification authority directly via Remote Procedure Call (RPC). For a more detailed description, see the article "Certificate request basics via Certificate Enrollment Web Services (CEP, CES)„.
This error may have the following causes:
- The Service Principal Name (SPN) is not or not correctly set on the CEP service account (here also check syntax error due to wrong command line input).
- The IIS application pool on the CEP server is running under the wrong service account.
- IIS Kernel Mode authentication is enabled for the CEP when not using the IIS application pool identity.
- The user is not authorized to log in to the CEP (for example, because one has logged in with a local account).
- Invalid credentials were entered when authenticating with username and password.
3 thoughts on “Die Beantragung eines Zertifikats über den Certificate Enrollment Policy Web Service (CEP) schlägt fehl mit Fehlermeldung „Error: Access was denied by the remote endpoint. 0x803d0005 -2143485947 WS_E_ENDPOINT_ACCESS_DENIED“”
Comments are closed.