The system cannot find the file specified. 0x80070002 (WIN32: 2)

The REA signing certificate might not be present on the console/DS server’s certificate store. You might have added it using your SSO AD user. These AD user-uploaded MMC certificates remain specific to that instance since they are not Network Admin users. Therefore, airwatchdev\svcscep (the network admin) cannot access the private key of REA certificate uploaded using awsso\shwethan.

When adding an REA signing certificate to MMC, make sure you log in as the network admin (airwatchdev\svcscep). Then add the signing certificate to the certificate store and give proper network service access to it so that other network admin users can also access it.

When you provide Service Account credentials on the CA configuration page in the Workspace ONE UEM console, the console/DS server performs a remote call to the server hostname using these service account credentials.

Object reference not set to an instance of an object

The CA server received the certificate request, but the policy module denied the request. The denial happens either because the LDAP forest referrals are not set (Step 1 of CA server), or because the user domain used is not correct or not associated with the CA server.

For Issued certificates on the CA server, only requests from the Airwatchdev domain are processed. AWSSO domain requests are rejected (atl01devcs21 CA is synced only with Airwatchdev AD, not with AWSSO). Therefore, we changed the directory mapping on the LGs to Airwatchdev and users from this domain for enrolling devices. The profile lands on the device with the correct client certificate for REA.