Forum Discussion
Intune compliance issues Windows 11 22H2
It contains some errors :)... (just started it looking at it) but the activityerrors are going to show me where to search
{2147942402; onecore\base\ngscb\tpmhli\lib\registry.cpp; 506; TpmCoreProvisioning.DLL; 1; ; 7072; \TpmCoreProvFunction\activityVerifyDeviceHealth\TpmCoreProvFunction\activityTpmRetrieveHealthCertificate; 2; TpmCoreProvFunction; TpmCore::VerifyDeviceHealth; 6; activityTpmRetrieveHealthCertificate; }, , , , ,
EDIT: Yep....ErrorMessage="The X509 certificate cannot be validated. Intermediate CA cannot be trusted as its not present in the TrustedTpm_IntermediateCA store
So it looks like the healthcertificate its intermediate cert isnt trusted (not found/file not found) in that store.... without that trust I guess its hard to successfully transfer data to the service
Let me wake up and try to determine what it should look like so we can have a look at your certificate... (export it from the blob in the registry)
Could you try to run these commands.
*Install the required module
Install-Module LocalMDM
*Open a new powershell session with the mta switch
powershell -mta
*Define the csp we want to fetch
$test1 = @"
<SyncBody>
<Get>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/HealthAttestation/Certificate</LocURI>
</Target>
</Item>
</Get>
</SyncBody>
"@
*send the request to the csp
send-localmdmrequest -SyncML $test1Also wondering how the settings are defined here:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI\TaskStates
- ehhh i am missing the SignedHealthCert blob in it... there should be something in it... if that's missing...
Is this the export you are requesting? Rudy_Ooms_MVP