Configure IIS

To configure the Internet Information Services (IIS) on ADCS:

1. Type InetMgr.exe in the command prompt to open the Internet Information Services (IIS) Manager.

2. Click your server name on the left-hand side.

3. Expand the selection for your server and click Application Pools.
   
   

4. Right-click WSEnrollmentPolicyServer, and select Advanced Settings.

5. Edit Identity.

6. Select Custom account in the panel that appears, and click Set.

7. Enter the username and credentials for <yourcompany\waep-service>.

8. Click OK and expand Sites in the Connection menu on the left-hand side.

9. Click Default Web Site and then click Bindings on the right-hand side.

10. Edit the https site binding.

11. From SSL certificate, select the CS Server's SSL certificate winaepserver.yourcompany.com, click OK and then click Close.

12. Expand the Default Web Site option on the left-hand side.

13. Click ADPolicyProvider_CEP_Kerberos and open Application Settings.

14. Edit the entry name FriendlyName and set the value to AppViewX_Enrollment. This is a name that clients will see only when manually requesting certificates.

15. Click Add and create a new entry with the name RetryIntervalMs and value 300000.

16. Click on the URI and copy the URI so that it can be used for group policy update.

17. Restart IIS by clicking on the server name and then click Restart on the right-hand side.