Forum Discussion

marckuhn's avatar
marckuhn
Copper Contributor
Nov 08, 2021

Microsoft Intune Certificate Connector causes high CPU Usage

Hi all

 

we have setup SCEP with our On-Prem Environment and Intune, which is working fine so far. We discovered that the the Process"Microsoft.Intune.Connectors.PkiRevoke" is eating up all CPU. We are just using SCEP and the Revoke Part from the Connector, not PKCS.

 

Does anybody know, what could cause this issue?

 

Many thanks for your help

 

Best regards,
Marc

SCEP

19 Replies

Sort By
  • HandA's avatar
    HandA
    Copper Contributor
    Dec 10, 2021

    I am also seeing this issue on Server 2019. Anyone had any feedback from MS on this?

  • Sparkeh's avatar
    Sparkeh
    Copper Contributor
    Nov 24, 2021
    Having the same issue here too. Using PFX and Revoke options. Getting constant ‘2’ and ‘3003’ errors in the Intune logs and 100% CPU usage.

    Everything works well for a while then CPU spikes and certs requests stop being fulfilled. Only a restart of the services start the requests going through again. Works great for a while then hit the issue again.

    I have a case open with MS so will report back if they come up with anything.
  • ANDRES365's avatar
    ANDRES365
    Copper Contributor
    Nov 17, 2021

    marckuhn 

    We have exactly the same problem. Degraded the VM to two vCPUs, which are always full in use. Service is not usable. 

    OS is Server 2022 with all updates.

    Seems like a bug, any news on this?

    • ANDRES365's avatar
      ANDRES365
      Copper Contributor
      Dec 06, 2021

      ANDRES365 

       

      We have reinstalled the connector without PFX component - we only need the SCEP service. Its working now.

    • marckuhn's avatar
      marckuhn
      Copper Contributor
      Nov 17, 2021
      Hi all
      currently i don't have this issue anymore on one of our environments. Do you have any errors in the event Log regarding revocation of cert's?

      Best regards,
      Marc
      • Raymond Huis in 't Veld's avatar
        Raymond Huis in 't Veld
        Copper Contributor
        Nov 17, 2021
        Hi marckuhn - thanks for getting back on this.
        From our perspective, the Event IDs 3003 stopped from being logged by november 9th. However, Event IDs 2 er still there, as well as the high CPU load from the microsoft.intune.connectors.pkirevoke.exe process unfortunately.

        Any idea as to what is different from that one environment you are talking about?
  • Raymond Huis in 't Veld's avatar
    Raymond Huis in 't Veld
    Copper Contributor
    Nov 09, 2021

    marckuhn Interesting, we have exactly the same behavior. Last week we setup a new NDES server with the Intune Certificate connector for SCEP certificates combined with the Azure App Proxy.  Certificate issuance does work as expected.

    However, the proces microsoft.intune.connectors.pkirevoke.exe is causing 99%  CPU usage. The connector is running under a service account with the appropriate privileges as described here:
    https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure#grant-permissions-for-certificate-revocation 

Resources