Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ISE BYOD Microsoft SCEP NDES 802.1x The SCEP server returned an invalid response


Using ISE 1.2 with WLC and on-boarding with single SSID.  On occasion the error 'The SCEP server returned an invalid response' is received on the IPHONE being on-boarded - this is intermittent.   The issue resolves itself in time.  Any ideas on troubleshooting?  tnks



Everyone's tags (1)
Cisco Employee

Interestingly enough I am

Interestingly enough I am just setting this up and having the same issue. However, my issue is not going away :( I am using:

ISE:         1.2 Patch 7

WLC:       7.4

PKI:          Two tier (Root CA and Issuing) with a dedicated NDES server. All of them Server 2012 R2

Thank you for rating helpful posts!

Please enable "auto

Please enable "auto-enrollment" in your scep

New Member

With 'auto-enrollment' off

With 'auto-enrollment' off this would never work at all - like I said it is intermittent.   We have installed the hotfix from MS and also increased the http size in the url field as per others experience.  I even setup a router with a CSR to get a cert during an outage period and was successful.    I need to be able to troubleshoot the issue during a failure.  We setup the NDES login account as per the guidance - I need to look this up and will post.

The console logs in the IPHONE are very verbose but I am not sure what to look for during a failure - a success also has many error messages.


New Member

On the NDES server regedit

On the NDES server regedit EnforcePassword = 0 and still having issues.  

This has been done as well;

It is possible for ISE to generate URLs that are too long for the IIS web server. In order to avoid this problem, the default IIS configuration can be modified to allow for longer URLs. Enter this command from the NDES server CLI:

%systemroot%\system32\inetsrv\appcmd.exe set config /section:system.webServer/
 security/requestFiltering /requestLimits.maxQueryString:"8192" /commit:apphost
CreatePlease to create content