Configuring CEP

The Install-AdcsEnrollmentPolicyWebService cmdlet configures CEP. It is also used to create other instances of the service within an existing installation.

  1. Log in to the CEP server using CEPAdmin user name, and then launch PowerShell in administrative mode.
  2. Run the command Import-Module ServerManager.
  3. Run the command Add-WindowsFeature Adcs-Enroll-Web-Pol.
  4. Run the command Install-AdcsEnrollmentPolicyWebService -AuthenticationType Certificate -SSLCertThumbprint “sslCertThumbPrint”.
    Note: Replace <sslCertThumbPrint> with the thumbprint of the SSL certificate created for the CEP server, after deleting the spaces between the thumbprint values.
  5. Complete the installation by selecting either Y or A.
  6. Launch the IIS Manager Console.
  7. In the Connections pane, expand the web server that is hosting CEP.
  8. Expand Sites, expand Default Web Site, and then click the appropriate installation virtual application name ADPolicyProvider_CEP_Certificate.
  9. In the virtual application called Home , double-click the application settings, and then double‑click FriendlyName.
  10. Type a name under Value and close the dialog.
  11. Double‑click URI, and then copy Value.
    Notes:
    • If you want to configure another authentication method on the same CEP server, then you must change the ID.
    • This URL is used in MVE or any client application.
  12. From the left pane, click Application Pools.
  13. Select WSEnrollmentPolicyServer, and then from the right pane, click Actions > Advanced Settings.
  14. Select the identity field under Process Model.
  15. In the Application Pool Identity dialog box, select the custom account, and then type CEPSvc as the domain user name.
  16. Close all dialog boxes, and then recycle IIS from the right pane of the IIS Manager Console.
  17. From PowerShell, type iisreset to restart IIS.