Hi Everyone: I'm new to windows server 2k8.And I'm asked to deploy the scep to do the wifi authentication. After my implementation,when I accessd the network, the client give me the ''scep no response" information. And I checked the event view of the 2k8. It give this information. The Network Device Enrollment Service cannot provide its password because the user does not have Enroll permissions on the configured certificate template, or the certification authority is not enabled to issue certificates based on the configured certificate template. But I think during my scep deployment,I have some account have the permissions to the template. Now,I don't know how to fix it. Any help or suggestion will be appreciated.

Ps. There is also another error message The password in the certificate request cannot be verified. It may have been used already. Obtain a new password to submit with this request.

Hi, Could you clarify what you are trying to achieve? SCEP is usually used to enrol a certificate for a device. If you are wanting to perform certificate-based authentication for wi-fi access, this can be accomplished using 802.1x. Here are some resources that should help: http://technet.microsoft.com/en-us/library/hh994700.aspx http://www.microsoft.com/en-us/download/details.aspx?id=733 Steve G

Hi, Could you clarify what you are trying to achieve? SCEP is usually used to enrol a certificate for a device. If you are wanting to perform certificate-based authentication for wi-fi access, this can be accomplished using 802.1x. Here are some resources that should help: http://technet.microsoft.com/en-us/library/hh994700.aspx http://www.microsoft.com/en-us/download/details.aspx?id=733 Steve G

Thanks for your reply. Traditional 802.1x is just used to auth the eap method,which is usually the peap. However,if the guest knows the employee's account,they can use their device access the network easily. The scep with cisco's ise server can do the eap-tls auth,when the user access the network,it needs the user enter the username and password,cisco's ise will record the user's device mac address as one part of the scep apply information,cisco's ise can limit the account's times of scep apply. so if the guest knows the employee's account,they still can't enter the network.If they have the employee's device,ca server revoke the issued certificate,they still can't enter the network. That's all for my use. As a part of my deployments,the scep server is very important to my enviroment.I just want to have a scep server which works normal. And I even don't know how to check the scep server's function is bad or not. If you need any event information ,just tell me.

Perhaps this might help: http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs.aspx Steve G

Perhaps this might help: http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs.aspx Steve G