Assistance required with setting up SCEP
 

I am looking to setup SCEP so users dont have to keep entering their device passwords once their AD passwords are changed.

I thought it was a simple thing .... I was wrong, anyway...

I setup a NDES server and looking to configured SCEP as per Technet article Configure certificate-based authentication for Exchange ActiveSync for exchange 2010.

Once this is done, I believe I have to assign the scep policy to the email policy in BES. What I am not sure is how will current devices (already provisioned) will behave while or once I have set this up ?

Also, how do I get the certs to the device ?, i read i can copy the CA, Int CA and the personal cert in the Certificate folder under shared apps. anything else ?

information seems to be limited on setting this up, any assistance would be greatly appreciated.

Re: Assistance required with setting up SCEP
 

can look through this thread
Configuring SCEP server with BB10 - BlackBerry Support Community Forums

Re: Assistance required with setting up SCEP
 

Few things, RIM support told me the template I was using was wrong and I changed the regkey HKLM\Software\Microsoft\Crytography\MSCEP and changed the values to the correct template.

Also, my UPN is different from Email address, but they said this has been resolved in 10.2 and we are running 10.2

Anyway, now i cant even get to http://<MyServer>/CertSrv/mscep_admin/ as I am getting the error:
Network Device Enrollment Service allows you to obtain certificates for routers or other network devices using the Simple Certificate Enrollment Protocol (SCEP).

You do not have sufficient permission to enroll with SCEP. Please contact your system administrator.

For more information see Using Network Device Enrollment Service .

I have also added Enroll permissions to the service account I use for Enrollment on the CA.

help ??? - how do I resolve this.

I noticed in the Application log on the CA, i have the following error
Event ID :6
Description: The Network Device Enrollment Service cannot provide its password because the user does not have Enroll permissions on the configured certificate template, or the certification authority is not enabled to issue certificates based on the configured certificate template.

Re: Assistance required with setting up SCEP
 

this help at all?
KB35003-"Enroll profile sending error. Please, contact your administrator." is displayed when attempting to enroll an iOS device

Re: Assistance required with setting up SCEP
 

not the error i am getting and checked anyway - none of the causes appear in the log files - opening call with RIM and MS now :-(

Re: Assistance required with setting up SCEP
 

I think i got it to work, in my case, i had duplicated a user cert rather then a computer type and changed some permissions. Once corrected seems to be working fine. Testing it now.