Increasing the password cache limit on the NDES server

Follow these steps to increase the password cache limit on the NDES server.

About this task

By default, the NDES server caches challenge passwords when requested by the Device Administrator. The NDES server does not give out new challenge passwords until the existing passwords are used for certificate requests. The default setting on the NDES server is five cached passwords. If you load the SCEP Admin URL five times to test, and then request a challenge password the sixth time, the NDES server displays the following error message:
NDES server password limit error message

Use the following procedure to configure NDES to cache more than five passwords.

Procedure

  1. Log on to the NDES server with administrative credentials.
  2. Open the registry editor by using Start > Run > Regedit.exe.
  3. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MSCEP.
  4. Create a new key named PasswordMax.
  5. Under the PasswordMax key, create a new DWORD key named PasswordMax and increase the value.
    PasswordMax registry entry
  6. Restart IIS.
    For more information, see Restarting IIS on the NDES server.

What to do next

Increasing the maximum query string on the NDES server