Configure Active Directory Services - NDES
Perform the following steps to configure the new installation of AD CS with Network Device Enrollment Service:
Select Start > Administrative Tools > Server Manager. Select the flag icon to the left of Manage.
Select [ Configure Active Directory Certificate Services ] on the destination.
On the Credentials page, ensure your login meets the displayed requirements. Select [ Next ].
On the Select Role Services page, select [ Network Device Enrollment Service ]. Select [ Next ].
On the Service Account for NDES page, select [ Select ] and log in using the Domain Administrator you have designated as your Service Account. Select [ OK ].
On the CA for NDES page, select [ CA Name ] and then [ Select ]. Select your ADCS Enterprise CA and select [ OK ].
On the RA Information page, you can either keep the suggested RA Name or change it. Enter the Optional Information required by your organization. Select [ Next ].
On the Cryptography for NDES page, select [ Microsoft Strong Cryptographic Provider ] for both the Signature Key Provider and the Encryption Key Provider. Select [ Next ].
On the Confirmation page, select [ Configure ].
After configuring AD CS NDES, perform the following steps to set the SPN of the Service Account:
On the server that hosts the NDES service, run the following command in an elevated command prompt. This sets the SPN of the NDES service account:
Example:
Restart the NDES server.
After restarting, attempt navigating to the following URL: http://<Server_FQDN>/certsrv/mscep/mscep.dll.
You should see a Network Device Enrollment Services page in your web browser.
For more information on installing and configuring Active Directory Certificate Services - NDES, refer to the Microsoft documentation.