Intune Certificate Connector Configuration Failed

Troubleshooting Always On VPN Error 691 and 812 – Part 2

The Microsoft Intune Certificate Connector must be deployed on-premises to provision and manage enterprise PKI certificates using Intune. The Intune Certificate Connector supports the deployment of SCEP, PKCS, PKCS imported certificates, or any combination of these. The connector can be configured to run under the SYSTEM account or optionally (and recommended) a domain service account. When using a service account, the service account must have permission to log on as a service on the server where the Intune Certificate Connector server.

Access is Denied

Even when all prerequisites are met, administrators may still find the installation of the Intune Certificate Connector fails with the following error message.

“Configuring Microsoft Intune Certificate Connector failed. No changes were made to Feature or Proxy settings. Please try again.”

“Unexpected Failure. Error: System.lnvalidOperationException: Cannot open PFXCertificateConnectorSvc service on computer ‘.’ System.ComponentModel.Win32Exception: Access is denied”

Workaround

After the connector installation fails, open the file explore and navigate to C:\Program Files\Microsoft Intune\PFXCertificateConnector\ConnectorUI. Right-click PFXCertificateConnectorUI.exe and choose ‘Run as administrator’.

Run through the connector installation wizard again, and it should install without issue.

To avoid this problem for future Intune Certificate Connector deployments, administrators can right-click the Intune Certificate Connector installer (IntuneCertificateConnector.exe) and choose ‘Run as administrator’.

Additional Information

Microsoft Intune Certificate Connector Configuration Failure (Part 1)

Microsoft Intune Certificate Connector Service Account and PKCS

Microsoft Intune Learning Resources for Always On VPN Admins

Microsoft Intune Certificate Connector Overview

Always On VPN at MMSMOA 2023

I’m excited to share that I’ve been invited to present at the popular Midwest Management Summit at Mall of America (MMSMOA) this year! The event takes place Monday, May 2, through Thursday, May 4, 2023.

Sessions

I will be delivering two talks at the event this year. One on Microsoft Always On VPN and Intune, the other on deploying certificate using Intune.

Always On VPN and Intune: Notes from the FieldTuesday, May 2 at 10:00 AM CDT

This session will cover all aspects of deploying and managing Always On VPN client configuration settings using Microsoft Intune.

Intune Certificate ManagementWednesday, May 3 at 10:00 AM CDT

This session will provide detailed configuration guidance and best practice recommendations for issuing on-premises enterprise PKI certificate using Microsoft Intune.

Attending MMS?

Will you be attending MMSMOA? Let’s connect! Drop in on my sessions, of course, but let’s plan to hang out! I will have copies of my book to give away too, so don’t miss out. Send me a note here or on Twitter, or just find me at the conference. Looking forward to seeing all of you soon!

%d bloggers like this: