Hi people,
I am going crazy to avoid this issue;
Background : we are introducing "mobility" inside Enterprise and this is a mixed env.
we have Windows Phone as well as BB and Android and, last, iOS devices.
So, about the last one, we had to put in place a Win 2008 R2 Enterprise CA in order to
deploy SCEP to enroll iOS devices.
I know you don't provide support for Apple products :))
but I need only to understand how to solve problems over CA side.
Following this well done guide :
http://blogs.technet.com/b/askds/archive/2010/11/22/ipad-iphone-certificate-issuance.aspx
I was able to reach a good point but every time IIS receive a certificate request
"GET="
I get this error :
'The Network Device Enrollment Service cannot decrypt the client's PKCS7 message
(0x80090005). Bad Data.
Now, looking at "event viewer" we have :
4 positive messages :
The Network Device Enrollment Service loaded the Registration Authority (RA) key exchange certificate with serial number xxxxx from the "MY" store.
The Network Device Enrollment Service loaded the Registration Authority (RA) signature certificate with serial number yyyyy from the "MY" store.
The Network Device Enrollment Service is working in single password mode. The password can be used multiple times and will not expire.
The Network Device Enrollment Service started successfully.
followed by :
'The Network Device Enrollment Service cannot decrypt the client's PKCS7 message
(0x80090005). Bad Data.
So...
certutil -repairstore my "yyyyy"
is always good and successful but :
Enabling mscep.log at debug level (certutil
-setreg debug 0xffffffe3)
works but is not so useful..
and trying PKIVIEW ... I get error cause I cannot run this snap-in (maybe is it necessary a Domain or Enterprise Admin to do it ?)
Can you help me ?
I am blocked.
Thank you so much
Best Regards
Federico