I've recently installed AD Certification Authority on one of our DCs. It acts as a subordinate enterprise CA, the Root CA is a standalone offline root CA and there is no connection between those two CAs. I've requested a Certificate for the Subordinate Enterprise CA and successfully installed it. The CA on the DC seems to work (i can request certificates etc.).
No I wanted to install Network Device Enrollment Service, I went through the configuration Wizard, created a User, Added it to IIS_IUSERS etc but in the end I got an Error saying that the configuration was not successful. No details, no error code. I wanted to re-do the configuration but now NDES is greyed out, as shown here:
I realized, that IIS had a problem and the Certsrv Application did not start. After I assigned CertSrv to a different Application Pool the application started and runs now but even after a restart the configuration of NDES is greyed out.
Can someone please tell me what went wrong or how to fix it? (Windows Server 2012 Standard, Forest and Domain level 2008 R2)