Enterprise Mobility : In the land of NDES – Where one eye is King and you need to watch your CRL Delta files

I was doing a EMS POC and deployment of certificates on mobile devices was a requirement. So I needed to setup an NDES server with a separate Subordinate CA for MDM , NDES Server and SCCM Certificate Registration Point (CRP). Big deal I thought as I did it a already multiple times. At my customer we worked close with the server team and setup the infrastructure which was working fine at first sight. After a reboot of the NDES server I was struggling to get the Network Device Enrollment Service (NDES) up and running again as it would throw me an error 500. The event log of the NDES Server told me the following: The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057). The parameter is incorrect. The Network Device Enrollment Service cannot be started (0x80070057). The parameter is incorrect. When the service starts, it searches for two certificates that are used by the service : 1. The service searches in the...
Read More

When deploying Windows Server 2012R2 using an Configmgr OSD Task Sequence, additional disks will be offline when the Task Sequence completes

  When using a Configuration Manager OSD Task Sequence to deploy Windows Server 2012 or Windows Server 2012 R2 to a server (VM) that contains disks that are not local (such as SAN Disk), when the Task Sequence completes, the additional disks may not come online and may show as offline. Specifically in the Disk Management, the additional disks will show offline with the message: Disk is offline due to a policy set by an administrator If you look at my VM, you will see I have 2 separate disks that I will need in a later phase to install the backup software to the D:\ partition, residing on the other vmdk. To resolve the issue, for the WinPE phase, the steps from KB971436 need to be added to the Task Sequence. For deployments from Operating System Images, a registry key value will need to be updated with the correct SAN policy value as...
Read More