Server 2012 Error 505 on http://localhost/certsrv/mscep_admin

Ok apparently I cant get past this. Installed NDES etc on Server 2012. This server is not hosting the domain CA. I created the recommended domain user account for the service, added the user account to read on the domain ca for request certs, added to local IIS group, added spn,

I go to http://localhost/certsrv/mscep_admin and get the 505 error with the following two event log entries:
     The network device enrollment service cannot retrieve one of its required certs
     The network device enrollment service cannot be started 0x80070057

I have tried the following so far:
     Logging in with that service account so a user account is created.
     Changing the SCEP App Pool advanced setting Load User Profile from False to True
     http://support.microsoft.com/kb/2800975 (but the ExtensionlessUrlHandler-ISAPI-4.0_64bit that is mention to move
            below StaticFile does not exist. Am I supposed to manually add it somewhere in the comfig file like this example

<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />      
   Checked srv memory and there is enough.
Help... did I miss some step.
thx