Share via

Intune AD Connector Authentication Issues

Jesse Haswell 0 Reputation points
2025-01-28T17:21:29.6833333+00:00

Hello,

I have seen this question asked a lot but the requestors never indicated what the solution was for this issue. I am trying to set up Autopilot for Hybrid Azure AD Join to our local AD. However, when I run the connector I get stuck on the enrollment screen. The logs from my sign in attempt are shown below as are the Event Viewer errors. It's important to note that the Intune Connector is also not showing in the Intune Portal

I have followed the set up steps correctly as shown from this document: https://learn.microsoft.com/en-us/autopilot/windows-autopilot-hybrid

-IEESC is off
-MDM enrollment is configured
-The account limit in the designated OU is configured correctly
-The connector is installed on a member server not the DC
-Outbound firewall rules are configured correctly
-I am a Global and Intune Admin in the only tenant we have
-I am an enterprise admin in our local domain.

The log is showing:

ODJ Connector UI Information: 0 : Browser loaded page https://portal.manage.microsoft.com/Home/ClientLogonSuccess

DateTime=2025-01-28T15:57:13.3003484Z

ODJ Connector UI Error: 2 : ERROR: Enrollment failed. Detailed message is: System.NullReferenceException: Object reference not set to an instance of an object.

at ODJConnectorUI.EnrollmentTab.webBrowser_LoadCompleted(Object sender, NavigationEventArgs e)

DateTime=2025-01-28T15:57:13.3003484Z

Event viewer is showing a number of errors:

ODJConnectorService (Operational) events
1.) ------
ODJRequestHandlingPipelineDownload_Failure: Failed to download ODJ requests.

InstanceId:We are unable to complete your request because a server-side error occurred. Please try again. [Exception Message: "DiagnosticException: 0x0FFFFFFF. We are unable to complete your request because a server-side error occurred. Please try again."],

DiagnosticCode:D5BB6D73-0506-46CA-AEB3-F34B9CE832A3,

DiagnosticText:Unknown_Error

CertificateConnectors (Operational) events
2.) ------

CertificateConnector:

Failed to retrieve URL

System.ArgumentNullException: Value cannot be null.

Parameter name: value

at System.Collections.CollectionBase.OnValidate(Object value)

at System.Collections.CollectionBase.System.Collections.IList.Add(Object value)

at Microsoft.Management.Services.ConnectorCommon.ServiceLocator.RetrieveServiceLocations(Uri LocationServiceUri)

at Microsoft.Management.Services.ConnectorCommon.ServiceLocator..ctor(String serviceBaseUrl, X509Certificate2 channelEncryptionCert, IWebProxy proxy)

at Microsoft.Management.Services.ConnectorCommon.UrlManager.GetUrlCallback()

3.) ------
CertificateConnector:

Certificate could not be retrieved. Could not find a certificate that matched your input. Enroll the certificate connector and try again.

Microsoft.Management.Services.ConnectorCommon.DiagnosticException: DiagnosticException: 0x00000403. Could not find a certificate that matched your input. Enroll the certificate connector and try again. ---> System.ArgumentException: Could not find the specified registry value

at Microsoft.Management.Services.ConnectorCommon.CertificateManager.GetThumbprint()

--- End of inner exception stack trace ---

at Microsoft.Management.Services.ConnectorCommon.CertificateManager.GetThumbprint()

at Microsoft.Management.Services.ConnectorCommon.CertificateManager.RetrieveCertificate()

From what I see, the certificate connector is not required for hybrid join in most cases but I thought I would put the errors here just in case I am missing something.

Any suggestions for what I could try next would be greatly appreciated. I am at a loss here...

Thanks!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,830 questions
Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
493 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,485 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,049 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 51,466 Reputation points Microsoft Vendor
    2025-01-29T02:47:19.44+00:00

    @Jesse Haswell, Thanks for posting in Q&A. For the device, was it installed with certificate connector? We recommend installing the Connector on a server that's not running any other Intune connectors.

    Meanwhile, please ensure the Intune Ad connector is the latest one we downloaded from Intune portal. Also check the certificate on the server side to see if there's any abnormal certificate like below

    User's image

    In addition, please confirm with your network team to ensure all the network requirement are met.

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints?tabs=north-america

    Please try the above suggestion and if there's any update, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.