Windows 11 VMs with vTPM enabled get the error - SCEP Certificate Enrollment Initialization Failed, Event id 86
Article ID: 414601
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Virtual machines running Windows 11 with vTPM enabled encounter Event 86 error messages within the guest operating system’s event logs.
Example -
Event 86, CertificateServicesClient-CertEnroll
-
EventData
-
-
Context ...Url https://VM-KeyId-xxxx/microsoftaik.azure.net/templates/Aik/scepMessageTxt GetCACaps Not Found {"Message":"The authority\"vmw-keyid-#####.microsoftaik.azure.net/templates\" does not exist."}CertificateServices Client-CertEnroll; Error initializing SCEP certificate enrollment for RESOURCES https://vmw-keyid-#####.microsoftaik.azure.net/templates/Aik/scep:
-
Environment
VMware vSphere ESXi 8.x
Cause
This error happens because Windows 11 virtual desktops with vTPM are trying to auto-enroll an AIK (Attestation Identity Key) certificate via SCEP against a Microsoft AIK endpoint that does not exist.
Resolution
Please engage with your guest OS vendor.
Additional Information
Microsoft Q&A, How to fix scep certificate enrollment initialization - https://learn.microsoft.com/en-us/answers/questions/5496350/how-to-fix-scep-certificate-enrollment-initalizati
Note: Please consult the guest OS on the impacts before making any changes.
Feedback
Yes
No
Powered by
