ValidateNDESConfiguration.PS1 does not support the latest Intune Certificate Connector

[jonathan-gaudreau]

Hi, I'm not sure if it's the right place to mention it but today I had to install the latest certificate Connector (https://go.microsoft.com/fwlink/?linkid=2168535) after having issues with an older version and I realize that when running the validateNDESConfiguration.ps1, it gaves me a bunch of errors even though it's working fine

These are the errors that I get:

1- Checking Client certificate (NDES Policy module) is valid for use... Get-ItemProperty : Impossible de trouver le chemin d'accès « HKLM:\SOFTWARE\Microsoft\Cryptography\MSCEP\Modules\NDESPolicy», car il n'existe pas. This path exists in the registry

2- Checking Intune Connector is installed... Error: Intune Connector not installed

Is it possible to update the script so It can verify the latest plugin ?

[gerrynicol]

I also see these errors after the update of the Intune connector

[mcnaugha]

Me too. Trying to troubleshoot this new connector since it's completely broken our previously functional Intune certificate service.

[maykonrds]

I had the same issue, please update the script.

[Paul-Spagnola-Work]

same issue.

solution: find line 1360, change the product name near the end to: "Certificate Connector for Microsoft Intune"

results: Checking Intune Connector is installed...

Success: Certificate Connector for Microsoft Intune was installed on 20220314 and is version 6.2202.38.0

[microbroke]

1395-1397 $KeyRecoveryAgentCertificate = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftIntune\PFXCertificateConnector\KeyRecoveryAgentCertificate" $PfxSigningCertificate = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftIntune\PFXCertificateConnector\PfxSigningCertificate" $SigningCertificate = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftIntune\PFXCertificateConnector\SigningCertificate" 1409, 1441, 1472 There's more lines need fixing.

[celeroncool]

Please update the script to fix this and also GMSA account usage