Troubleshooting

Using the certreq -new <.req file here> command returns an Invalid Provider Specified error.

This error occurs when the CSPs are not installed or not set up correctly.

Resolution

Ensure that the nCipher CNG CSP providers are correctly installed and set. Do this by running the CSP Install Wizard and CNG Configuration Wizard under nCipher in the Start menu.

If using remote admin, the AD CS Configuration Wizard does not detect the OCS.

cardpp --examine shows TokenSecureChannelError. TokenSecureChannelError can occasionally be seen when presenting the OCS.

Resolution

Remove and re-insert the cards until it is picked up by cardpp and the AD CS Configuration Wizard.

Failed to add Certificate Templates at the End of the NDES installation

You see an error similar to this:

failedtoaddcertificates

Resolution

To get around this issue you will need to add the CA certificate under trusted root certification authorities on the NDES server.

  1. Sign in to the CA server using the domain name, <domain_name>\Administrator.

  2. Bring up the certmgr.msc utility.

  3. Expand the Trusted Root Certification Authorities under Certificates - Current User in the Left Pane and select Certificates.

  4. Look for the CA Certificate that you are using and double-click it.

  5. Select the Certificates tab, and select Copy to File. This will bring up the Certificate Export Wizard. Select Next.

  6. Select DER encoded binary X.509(.CER) format for the format you want to use. Select Next.

  7. In the File to Export windows, select Browse and pick a location and specify the file name. Select Save.

  8. Select Next and then Finish to finish the export of the CA certificate.

  9. Now you need to import the certificate in the NDES server. Copy the file to the NDES server.

  10. Sign in to the NDES server using the domain name, <domain_name>\Administrator.

  11. Double-click the CA certificated file you just exported.

  12. Select Install Certificate.

  13. In the Certificate Import Wizard, select Local Machine then select Next.

  14. For the Certificate Store, select Place all certificates in the following store, then select Browse.

  15. Select Trust Root Certification Authorities then select OK.

  16. Select Next.

  17. Select Finish, then OK in the Import was successful dialog.

  18. Select OK to close the Certificate window.

  19. Now Uninstall NDES and install it again.