To use Microsoft Certificate Authority (MSCA) with Symantec Mobility, you must install the Symantec ADCS Communication Service on a server that belongs to the same domain as your MSCA server. Before installing, make sure your installation meets the follow requirements:
Table: Symantec ADCS Communication Services Server Requirements
Windows 2008 Server or later.
The machine must be in the same domain as the MSCA server, but does not need to reside on the MSCA server.
Must be a member of the same domain that the MSCA server is joined to.
.NET Framework 4
Rights and permissions
A domain user must be running the Service
This user must have Read and Enroll permissions for the MSCA certificate templates you want to use.
This user's permissions should be restricted to only those required. For instance, the user is not a domain admin, or have access to other templates.
The Symantec ADCS Communication Services installer prompts you for a folder location, a service user, the RabbitMQ server, and the MSCA server. The MSCA setup includes the Domain Name and the CA hostname. These values must match the same MSCA values in Mobility Manager. The hostname is optional.
The installer for the Symantec ADCS Communication Service has been updated with a new NDES Challenge URL field. This field is optional (in case NDES is not used), but is needed if you want to obtain SCEP challenges.