question

KevinArc-2238 avatar image
0 Votes"
KevinArc-2238 asked Crystal-MSFT commented

Microsoft Intune cannot deliver certificate to my windows 10 devices

Hi,

I tried to use Microsoft Intune to assign Simple Certificate Enrollment Protocol (SCEP) certificates to my windows 10 laptop from my internal PKI. After set up all the things, my devices still can't get certificated assigned. There is only one thing different is running "IntuneCertificateConnector", it doesn't ask me for a certificate to use and didn't ask me to enroll like the articles on the web. I noticed that what they are using is NDESConnector. But what I download from my Intune is not this one but IntuneCertificateConnector.
I'm not sure if there is any change for this. I can's find NDESPolicy under this registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\Modules. And I got error in my NDES as below. Please help.
127307-image.png


127384-image.png


127355-image.png


mem-intune-general
image.png (33.1 KiB)
image.png (18.2 KiB)
image.png (15.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NickHogarth-MVP avatar image
0 Votes"
NickHogarth-MVP answered NickHogarth-MVP edited

Microsoft updated the certificate connector so the documentation you viewed might be old. The update also "Removes the need to select a client certificate for SCEP integration with NDES." See https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#certificate-connector-for-microsoft-intune-combines-separate-certificate-connectors


Which guides did you follow? Did you use the application proxy to publish the NDES? Is the connector active in the Intune connectors section?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered Crystal-MSFT commented

@KevinArc-2238 , Agree with Nick, beginning on July 29, 2021, the Certificate Connector for Microsoft Intune replaces the old connector.

For the new certificate Connector for Microsoft Intune, only the Server authentication certificate is used. We can follow the steps in the articles below to configure SCEP to see if it can work well:
Configure infrastructure to support SCEP with Intune
https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure

Certificate Connector for Microsoft Intune
https://docs.microsoft.com/en-us/mem/intune/protect/certificate-connector-overview

Prerequisites for the Certificate Connector for Microsoft Intune
https://docs.microsoft.com/en-us/mem/intune/protect/certificate-connector-prerequisites

Install the Certificate Connector for Microsoft Intune
https://docs.microsoft.com/en-us/mem/intune/protect/certificate-connector-install

Hope it can help.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@KevinArc-2238 , How are things going? These days, I have tried to deploy the new certificate connector and it is working in my environment. I would like to know if we have try the steps in the above articles to configure the certificate connector and deploy SCEP certificate profile. Was the same error existing? if there's any update, feel free to let us know.

0 Votes 0 ·