Home
%3CLINGO-SUB%20id%3D%22lingo-sub-324523%22%20slang%3D%22en-US%22%3EHotfix%20Available%20-%20Microsoft%20Intune%20connector%20certificate%20does%20not%20renew%20in%20Configuration%20Manager%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-324523%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20you%20update%20to%20Microsoft%20System%20Center%20Configuration%20Manager%20current%20branch%2C%20version%201806%20or%201810%2C%20the%20Microsoft%20Intune%20connector%20certificate%20renewal%20process%20fails.%20This%20problem%20affects%20customers%20who%20have%20a%20hybrid%20mobile%20device%20management%20environment%20through%20Microsoft%20Intune.%20The%20problem%20occurs%20when%20the%20Service%20Connection%20Point%20is%20installed%20on%20a%20computer%20that%20is%20running%20Windows%20Server%202012%20or%20Windows%20Server%202012%20R2.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EA%20hotfix%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FIT172144_hotfix%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EKB%204487960%2F4487997%3C%2FA%3E)%20to%20prevent%20this%20problem%20is%20now%20available%20in%20the%20Updates%20and%20Servicing%20node%20in%20the%20Configuration%20Manager%20console%20only%20for%20sites%20that%20use%20a%20hybrid%20mobile%20device%20management%20environment%20through%20Microsoft%20Intune.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHow%20does%20this%20affect%20me%3F%3C%2FSTRONG%3E%3CBR%20%2F%3EIf%20you%20don't%20apply%20this%20hotfix%2C%20any%20changes%20or%20updates%20to%20user%20profiles%20will%20not%20be%20enforced%20on%20hybrid-managed%20devices.%20All%20existing%20policies%20are%20still%20enforced.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20action%20do%20I%20need%20to%20take%3F%3C%2FSTRONG%3E%3CBR%20%2F%3EApply%20the%20hotfix%20as%20described%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FIT172144_hotfix%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EKB%20article%3C%2FA%3E%20as%20soon%20as%20possible.%20If%20the%20certificate%20expires%20before%20the%20hotfix%20is%20installed%20it%20will%20not%20be%20automatically%20renewed.%20Further%20manual%20steps%20will%20be%20required%20to%20re-establish%20communication%20between%20hybrid%20Intune%20and%20Configuration%20Manager%20if%20this%20occurs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EAdditional%20Information%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FIT172144_hotfix%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FIT172144_hotfix%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-324523%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20you%20update%20to%20Microsoft%20System%20Center%20Configuration%20Manager%20current%20branch%2C%20version%201806%20or%201810%2C%20the%20Microsoft%20Intune%20connector%20certificate%20renewal%20process%20fails.%20This%20problem%20affects%20customers%20who%20have%20a%20hybrid%20mobile%20device%20management%20environment%20through%20Microsoft%20Intune.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EA%20hotfix%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FIT172144_hotfix%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EKB%204487960%2F4487997%3C%2FA%3E)%20to%20prevent%20this%20problem%20is%20now%20available%20in%20the%20Updates%20and%20Servicing%20node%20in%20the%20Configuration%20Manager%20console%20only%20for%20sites%20that%20use%20a%20hybrid%20mobile%20device%20management%20environment%20through%20Microsoft%20Intune.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-324523%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECM%20current%20branch%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehotfix%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

After you update to Microsoft System Center Configuration Manager current branch, version 1806 or 1810, the Microsoft Intune connector certificate renewal process fails. This problem affects customers who have a hybrid mobile device management environment through Microsoft Intune. The problem occurs when the Service Connection Point is installed on a computer that is running Windows Server 2012 or Windows Server 2012 R2.

 

A hotfix (KB 4487960/4487997) to prevent this problem is now available in the Updates and Servicing node in the Configuration Manager console only for sites that use a hybrid mobile device management environment through Microsoft Intune.

 

How does this affect me?
If you don't apply this hotfix, any changes or updates to user profiles will not be enforced on hybrid-managed devices. All existing policies are still enforced.

 

What action do I need to take?
Apply the hotfix as described in the KB article as soon as possible. If the certificate expires before the hotfix is installed it will not be automatically renewed. Further manual steps will be required to re-establish communication between hybrid Intune and Configuration Manager if this occurs.

 

Additional Information:

https://aka.ms/IT172144_hotfix