I'm trying to get the Autopilot White Glove process working with hybrid join, but I've run into some major issues. Everything was fine before, but now the Intune Connector for Active Directory has disappeared from the Devices > Enrollment section. I'm suspecting some kind of backend issue, but I wanted to see if anyone else has encountered this before I dive into hours of support.
Right now, the White Glove process fails during the technician flow with error code 0x8007002. The device registers correctly, the profile is assigned, and "Allow pre-provisioned deployment" is enabled, but I really need a hybrid join for GPOs—can't just switch to cloud-only.
On the Intune Connector page, I've noticed a bunch of old connector entries that I can't delete. They're all stuck in Error status, and while one shows as Active, it's listed twice for some reason.
Looking at the event logs on the connector servers, they all report "Certificate could not be retrieved." I've checked the registry, and there's indeed a certificate thumbprint configured, but that certificate is nowhere to be found in the cert store. Also, blob creation on the profile settings page keeps failing with error -1879048193.
Things took a turn when I thought, why not start fresh on a clean server? I downloaded a new installer and set up a fresh member server, but during installation, even though it completed without errors, no certificates were created. The service immediately started throwing certificate errors.
So, now I've got a clean installation on a fresh server that can't get a certificate, plus I'm still stuck with old broken connector entries that I can't delete. I suspect these orphaned entries may be blocking Intune from issuing certificates to new connectors, and the backend registration feels completely messed up.
Has anyone else dealt with this? Especially the part where even a fresh install on a new server can't secure a certificate? I've reinstalled multiple connectors in the past but never had one fail to generate a cert altogether.
4 Answers
I've had some similar issues in the past with old connector entries lingering. They usually vanish after a while if there’s no syncing. Make sure to completely uninstall the connector and grab the latest version, especially since they introduced an automated gMSA creator recently that can affect older setups. It can be a pain, but it usually helps clear things up. Good luck!
I experienced this recently when the connection just vanished from Intune and it was tricky to regain access. It seems that inactive connectors might drop off after 30 or 90 days, so the duplicates might not be as much of a problem as it seems. After a few reboots and updates, I managed to get it back into Intune. Just keep at it!
It's been some time since I dealt with the Intune Connector, but you might want to consider cross-posting this issue in relevant forums for more visibility. Sometimes fresh eyes can catch something we miss! Good luck with your troubleshooting!
Interesting that you're also experiencing the connector disappearing! I ran into similar problems but luckily we transitioned away from hybrid setups. From what I've read, you might want to reset the entire Intune Connector setup. Check out some recent articles, some suggest uninstalling the old connector first then setting it up anew could resolve lingering issues. Stay persistent!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures