Set the ‘Enroll’ permission on the CA for the NDES/SCEP/MSCEP Admin Account.

  1. Launch the Certification Authority Console from the Administrative Tools in Windows.
  2. Right-click the server name and select Properties.

  3. Select the Security tab.

  4. Click Add. The Select Users, Computers, Service Accounts, or Groups dialog box displays.

  5. Click within the Enter the object names to select field and type the name of the SCEP Admin Account.

  6. Click OK. The CA Properties dialog box displays.

  7. Select the SCEP Admin Account from the Group or user names list.

  8. Select the Manage CA permission Allow checkbox.

  9. Select the Request Certificates permission Allow checkbox.

  10. Click OK.