Hi folks, I have built 2 NDES servers lately to serve SCEP. Server 1 enrolls to CA #1, and Server 2 enrolls to CA #2.
I used the same users and settings for both installations, aside from pointing each SCEP server to an alternate CA. However I have an authentication problem with 1 of the 2 SCEP servers now, unsure if this is an IIS problem or a problem with SCEP. I suspect it is not IIS since both IIS configurations appear to be identical and all of the same user accounts were used during the install.
I used a svc-scep account (iis admin) for the service, and a svc-scepinstall (enterprise admin) which I logged onto the server as for the installation... all per whitepaper recommendation. Everything seems to be working except for authentication from server #1.
When I browse to http://server1/websrv/mscep_admin/ I am prompted for credentials in IE, or Chrome just fails completely.
When I browse to http://server2/websrv/mscep_admin/ I get the correct SCEP administration page and it works perfectly.
Both IIS servers are set to the default configuration "Anonymous Authentication" enabled and using "IUSR" account. There was some other discussion on this forum regarding authentication problems with NDES/SCEP and I have attempted to change to Windows Authentication, and tried changing the provider order so that NTLM is provider order #1 but this made absolutely no difference.
Is it possible something broke during the installation, or there is a problem with CA #1, how would I go about diagnosing this discrepancy since NDES documentation is very thin at best... I am not sure where to begin having already compared the IIS configurations.
Here are some screenshots... I am connecting from the same computer as the same user in both examples, but get different results.
