To configure prerequisites on the NDES sever, you need to follow below steps:
- When NDES is added to the server, the wizard also installs IIS. Ensure IIS has the following configurations:
- Web Server > Security > Request Filtering
- Web Server > Application Development > ASP.NET 3.5. Installing ASP.NET 3.5 will install .NET Framework 3.5. When installing .NET Framework 3.5, install both the core .NET Framework 3.5 feature and HTTP Activation.
- Web Server > Application Development > ASP.NET 4.5. Installing ASP.NET 4.5 will install .NET Framework 4.5. When installing .NET Framework 4.5, install the core .NET Framework 4.5 feature, ASP.NET 4.5, and the WCF Services > HTTP Activation feature.
- Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility
- Management Tools > IIS 6 Management Compatibility > IIS 6 WMI Compatibility
- On the server, add the NDES service account as a member of the IIS_IUSR group.
- Run the following command to set the SPN of the NDES Service account: setspn -s http/<DNS name of NDES Server> <Domain name>\<NDES Service account name>
- On the server that will hosts NDES, you must log on as an Enterprise Administrator, and then use the Add Roles and Features Wizard to install NDES
- In the Wizard, select Active Directory Certificate Services to gain access to the AD CS Role Services.
- Select the Network Device Enrollment Service, uncheck Certification Authority, and then complete the wizard.
- On the Installation progress page of the wizard, do not click Close. Instead, click the link for Configure Active Directory Certificate Services on the destination server.
- NDES Configuration windows will open