Hi Matt,

From the document below, we can find:

"Event ID: 12

The Network Device Enrollment Service received an http message without the
"Message" tag.

Internal Name: EVENT_MSCEP_NO_MESSAGE

Event Source: Microsoft-Windows-NetworkDeviceEnrollmentService

Description: The service has received an invalid request from a client
device. The “Message” tag in the http request from the client was either
invalid or not present.

Diagnose: Check IIS log to find out what query string was submitted. Note
the query string’s <message>.

Use certutil to check whether the PKCS7 package from the client is valid
(certutil -v p7request.txt, where p7request.txt is a file in which the query
string is captured).

Otherwise, enable CAPI2 diagnostics and reproduce the error.

Resolve: If necessary, contact the vendor of the SCEP client and ensure that
all the required fields are present.
"
Active Directory Certificate Services: Network Device Enrollment Servic
http://download.microsoft.com/download/a/d/f/adf2dba9-92db-4765-bf2d-34b1c8df9ca3/Microsoft%20SCEP%20implementation%20whitepaper.doc

Please try the above suggestions first.

If the issue still occur, help to collect the following information for
research.

1. When did the issue start to occur?
2. Is there any change made on your system?
3. Collect the IIS log mentioned above.
4. Refer to the article below to enable verbose mode CAPI2 diagnostics log:

Troubleshooting PKI problems on Window
http://social.technet.microsoft.com/wiki/contents/articles/troubleshooting-pki-problems-on-windows.aspx

You can upload the file to Windows Live SkyDrive
(http://www.skydrive.live.com/). If you would like other community member to
analyze the report, you can paste the link here, if not, you can send the
link to ***@microsoft.com.

Thanks.