Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SCEP server issue causes mobile enrollment error

Created: 08 Apr 2012 | 3 comments

In the application log (windows 2008 R2 server)

I get a application error whenever trying to enroll a profile.:

eventid : 11

source : networkdeviceenrollmentService

" The netwok Device Enrollment Service received an http message without the "Operation " tag, or wit an invalid "Operation" tag.

Could someone advise?

Comments 3 CommentsJump to latest comment

MacBrinky's picture

iOS - Device was sending a string over 2700 characters,
but the default size allowed by the request filtering is 1024.
This is so in order to mitigate against buffer overrun attacks.
To change the value you will use the following IIS appcmd.exe command:

%systemroot%\system32\inetsrv\appcmd.exe set config /section:system.webServer/security/requestFiltering /requestLimits.maxQueryString:"3072" /commit:apphost

Servicedesk kuiken's picture

ItThat was not the sollution. But somehow I think that within the NDES scep process something is not going as according.

the error im getting with http 405:

"" The netwok Device Enrollment Service received an http message without the "Operation " tag, or wit an invalid "Operation" tag.

" errors

the ipad log stated:

<Notice>: (Error) MDM: Cannot Authenticate. Error: NSError:
Desc   : A transaction with the server at https://<mms server dns>/mobileenrollment/symciosenroll.aspx has failed with the status 405.

MacBrinky's picture

Could you reach SCEP at all? If you open a browser on a PC or even iOS device which is connected externally to the network and you enter the URL for the SCEP Server admin page, do you get any valid response?
        http://localhost/certsrv/mscep_admin/
        http://scepserver.domain/CertSrv/mscep/mscep.dll