A key feature of the mobile device management capabilities provided by System Center 2012 R2 Configuration Manager with Windows Intune is the ability to provision client certificates to managed devices. Organizations that use an enterprise PKI for client authentication to resources like WiFi and VPN can use this feature to provision certificates to Windows, Windows Phone, iOS, and Android devices managed through Windows Intune. This article provides an in-depth look at how this feature works, and where you can go to find out all of the information you need to get up and running.
For those customers that are using NDES and did an upgrade from System center Configuration Manager 2012 R2 to System center Configuration Manager 2012 R2 SP1 they will notice that their NDES Server hosting the NDES Site Server role will fail to reinstall as shown below in the screenshot :
Investigating the issue a little further and going to look at the logging (CRPSetup.log) on the NDES server hosting the NDES Site Server role , we got the error message “Enabling WCF 40 returned code 50. Please enable WCF HTTP Activation. “
The question is why it would complain now as it worked before . After investigation it turns out that System Center Configuration Manager 2012 R2 Sp1 supports now the provisioning of personal information exchange (.pfx) files to user’s devices including Windows 10, iOS, and Android devices. Devices can use PFX files to support encrypted data exchange.
In the Supported Configurations for Configuration Manager ( https://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SiteSystemRolePrereqs ) , we found out that now “Http activation is required”
After enabling the feature , the role started to reinstall itself .
Looking at the log file it seems that is is installed :
Looks like the role installed itself and thus problem solved.
Hope it helps ,
Kenny Buntinx
MVP Enterprise Client Management