Intune certificate connector

upgrading to certificate connector 6.2 that is required in Sept 2022, has broke our NDES for intune. I’m collecting all the documents and links I can find and leaving them here. The funny thing is if I uninstall the new connector, the old client will work just fine. I just don’t know when in Sept Microsoft is going to block it.

For a double whammy, the certs expired this past weekend and we had to renew all of them, that was the first step. Using the links below we got them upgraded, the exchange enrollment agent was the biggest pain because the template is for users but the cert has to go into the computer cert store.

Network Device Enrollment Service Guidance | Microsoft Docs

The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057). The parameter is incorrect. (microsoft.com)

NDES expired Exchange Enrollment Agent (Offline) (microsoft.com)

Renewal of Enrollment Agent certificate fails – Windows Server | Microsoft Docs

Renew Exchange Enrollment Agent (Offline) – Microsoft Q&A

Steps for renewing NDES Service Certificates – PKI Extensions (sysadmins.lv)

Renewal of Enrollment Agent certificate fails – Windows Server | Microsoft Docs

Verify NDES configuration to use SCEP certificates – Intune | Microsoft Docs

Intune SCEP Certificate Workflow Made Easy With Joy – Part 4 (anoopcnair.com)

How to renew NDES service certificates for usage with Microsoft Intune – MSEndpointMgr

NDES for Intune – Jeff Gilbert’s Cloud

You can’t assign SCEP certificates to devices in Intune – Intune | Microsoft Docs

Overview of Certificate Connector for Microsoft Intune – Azure | Microsoft Docs

Configure infrastructure to support SCEP certificate profiles with Microsoft Intune | Microsoft Docs

Install the Certificate Connector for Microsoft Intune – Azure | Microsoft Docs

Http error 500.0 – internal server error when generating NDES enrollment challenge password on an NDES server that is running Windows Server 2012 – Windows Server | Microsoft Docs

Renewal of Enrollment Agent certificate fails – Windows Server | Microsoft Docs

You can’t assign SCEP certificates to devices in Intune – Intune | Microsoft Docs

Certificate profile deployment failed with the error ‘22004: Unsupported certificate configuration’ – All about Microsoft Endpoint Manager (petervanderwoude.nl)

Troubleshoot HTTP 500 error on SCEP requests in Intune – Intune | Microsoft Docs

Troubleshoot managed device to Network Device Enrollment Service (NDES) communication in Microsoft Intune – Intune | Microsoft Docs

Intune Certificate Connector (please confirm) – Microsoft Tech Community

How to upgrade the Intune certificate connector – All about Microsoft Endpoint Manager (eskonr.com)

Yep, we dug through all these links trying to get the expired certs renewed and the connector upgraded.

UPDATE: Microsoft support was no help. They never showed up for scheduled sessions to troubleshoot. We decided to build a new server with the updated agent and added it to the existing app proxy. That is working and we are moving forward with decommissioning the old NDES server