Issue with installation of ‘Microsoft Intune Connector’ (for both SCEP or PKCS)- .NET runtime errors
My name is Saurabh Sarkar and I am an Intune engineer in Microsoft. I have a YouTube channel ‘EverythingAboutIntune’ and you can subscribe to the same to learn more about Microsoft Intune.
In this article I wanted to take a moment and explain the below issue which we might run into while installing the ‘Microsoft Intune Connector’ aka Certificate connector for SCEP/PKCS
Issue:
- Very often we have seen instances wherein we are not able to install the ‘Microsoft Intune Connector’ which we utilize for deploying SCEP/PKCS certificates via Intune
- The eventlogs usually .NET runtime error and reinstalling .NET /cleanboot/changing the server’s OUs(to get rid of the GPOs) etc does not help
Symptoms:
- We see .NET related errors in the eventlogs while doing the installation of the Intune Connector.
- Analyzing the .exe dump shows the below-
Cause:
- We identified that there is a limitation with the Windows OS/.NET library itself which causes this issue.
- When we install the Intune connector on a machine it creates a node “Microsoft Intune Connector” in the eventviewer as seen below..
- The below Windows doc explains that the first 8 characters of the new node being created should be unique.
In the impacted machines, there was already a node with the name “Microsoft-Windows-DSC/Operational”/”Microsoft-ServerManagementExperience” in the eventviewer and hence the new node with the name “Microsoft Intune Connector” could not get created and the Intune connector installation was failing.
More Insight:
- This happens as per design because of the check being made by the OS during a new node creation in the eventlog and this is not dependent on Intune connector.
- I tried to do the same thing manually as below and had the exact same results.
#First I created a normal event channel with the name “Test1234” and the same was successful as below.
#Now I created a new event channel with the name “Test1234New” and it failed with the below error stating that the name is not unique.. (as the first 8 characters were the same)
Workaround:
- As stated, there was a conflict of the new Eventchannel we were trying to create (i.e. Microsoft Intune Connector) with the old/existing eventchannel (i.e.“Microsoft-Windows-DSC/Operational”) as the first 8 characters i.e. ‘Microsoft’ was matching and was not unique
- Navigate to Event viewer > Application and services log and identified a log file that started with “Microsoft” which was causing the conflict i.e in this case Microsoft-Windows-DSC/Operational
- Delete the same using admin powershell command – Remove-EventLog -LogName “Microsoft-Windows-DSC/Operational”
- Restart the server and attempted an installation again
- The deletion of the conflicting Eventchannel is a workaround.
Permanent Fix:
- We are expecting a fix (i.e. a new version of Microsoft Intune Connector) which would be deployed by end of Calendar Year 2020. (ETAs are subject to change)
- This newer version will remediate the above issue by accounting for the below-
#Stop using the ‘Microsoft’ prefix while creating the EventChannel for Intune Connector
OR
#Create the event channel in a different location (perhaps create our “own folder” like other services do).
- The folders in the EventChannel are not subjected to the restriction. (of having the first 8 characters unique)
- This is the reason by default, all Windows logs have their own respective folders and there are no conflicts while creation of new EventChannels
