To support certificate deployment for non-domain Windows 10 Always On VPN clients, a Windows Server with the Network Device Enrollment Service (NDES) role can be provisioned on-premises. In addition, the Microsoft Intune Connector must be installed and configured on the NDES server to allow Intune-managed clients to request and receive certificates from the on-premises Certification Authority (CA) server.
Connection Status Error
After installing the Microsoft Intune Connector, the administrator may encounter the following error message.
“An error occurred while connecting to the Intune Service. Error code is 0x80004003. The NDES Connector will retry the connection as soon as possible.”
IE Enhanced Security Configuration
This error can occur if Internet Explorer Enhanced Security Configuration (ESC) is enabled. To resolve this issue, disable ESC for administrators and users by opening the Server Manager on the NDES server and performing the following steps.
1. In the navigation pane click Local Server.
2. Click the On link next to IE Enhanced Security Configuration.
3. Click Off in the Administrators section.
4. Click Off in the Users section
5. Click Ok.
Once complete, restart the NDES Connector service using the following PowerShell command.
Restart-Service NDESConnectorSvc -PassThru
Additional Configuration
Microsoft Intune NDES Connector Setup Wizard Ended Prematurely
A Windows Server with the Network Device Enrollment Service (NDES) role can be provisioned on-premises to support certificate deployment for non-domain Windows 10 Always On VPN clients. In addition, the Microsoft Intune Connector must be installed and configured on the NDES server to allow Intune-managed clients to request and receive certificates from the on-premises Certification Authority (CA) server.
