Updating CEP URL in AD

  1. Login to an AD machine using the service account created.
  2. Get the CEP URL from the CEP/CES machine by going to IIS > ADPolicyProvider_CEP_Kerberos > Application settings > URL.
  3. To update the Group Policy for Certificate Enrollment:
    1. Type gpmc.msc in the Run command to access Group Policy Management on the AD Domain Services server.
    2. Expand your domain forest > Domains > your domain name, and then select Default Domain Policy.
    3. Right-click Default Domain Policy and select Edit.
    4. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
    5. Edit Certificate Services Client – Certificate Enrollment Policy.
    6. Change Configuration Model to Enabled.
    7. Remove the Active Directory Enrollment Policy from the Certificate Enrollment policy list, and click Add.
    8. Enter the policy server URI copied from the previous step, click Validate Server, and click Add.
    9. Select Default, and click Add.
    10. Expand User Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
    11. Edit Certificate Services Client – Certificate Enrollment Policy.
    12. Change Configuration Model to Enabled.
    13. Remove the Active Directory Enrollment Policy from the Certificate Enrollment policy list, and click Add.
    14. Enter the policy server URI copied from the previous step, click Validate Server, and click Add.
    15. Select Default, and click OK.
  4. Open the command prompt as administrator and run the gpupdate /force command to update the group policy.