Forum Discussion
didn't find cert in both store - in IntuneManagementExtension
Hello I am trying to troubleshoot why a win32 App will not install on a computer with Intune. In IntuneManagementExtension - I get the error Didn't find cert in both store, retry 30 Int...
Mmm no intune cert , no intune sync… 🙂 i guess you need to try that fix i mentioned … did you also read that other blog?
Hello - I followed all the tips in https://call4cloud.nl/2022/07/the-incredibly-strange-device-who-stopped-syncing-and-became-certificate-zombies/
I ran the powershell command.
All ran with no errors
From Enrollments.txt
"DMPCertThumbPrint"="3BE76D943D9C32F3F62CE52101BXXXXXXXXXXXXX"
"RootCertThumbPrint"="9EA77BA6D30BB2AB2DECE2DFDC24XXXXXXXXXXXXX"
"IntermediateCertThumbPrint"="A4BF3999AB9C5B07BFE9F85353CXXXXXXXXXXXXX"
"CurKeyContainer"="ConfigMgrEnrollment0"
"ProviderID"="MS DM Server"
"RenewTimestamp"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"RenewStatus"=dword:00000000
"RenewErrorCode"=dword:00000000
I tried to compare this with the DMPCertThumbPrint in the Set MdmDeviceCertificate part in the IME LOG.
I have 3 logs in the \Programdata\Microsoft\IntuneManagementExtension\Logs directory
- AgentExecutor.log
- IntuneManagementExtension.log
- Sensor.log
I have searched through all of these, but there is no entry for MdmDeviceCertificate .
I looked thru the IntuneManagementExtension.log
The following message is repeated
Find 0 MDM certificates.]LOG
Didn't find cert in both store
So I assume there is no MDM certificate
I looked in the Log_1.log file
Tried to find the section from your post "Getting certificate" However, It was not in my file
Looked in the Windows-Crypto-NCrypt%4Operational.evtx file
There were many errors
I assume because there is no MDM certificate
Looked in the _Microsoft_SystemCertificates.txt file, but there are no MDM certificated here.
So, I am at a loss. I do not know why there is no MDM certificate. Maybe I missed something in my set up ?
I ran the powershell command.
All ran with no errors
From Enrollments.txt
"DMPCertThumbPrint"="3BE76D943D9C32F3F62CE52101BXXXXXXXXXXXXX"
"RootCertThumbPrint"="9EA77BA6D30BB2AB2DECE2DFDC24XXXXXXXXXXXXX"
"IntermediateCertThumbPrint"="A4BF3999AB9C5B07BFE9F85353CXXXXXXXXXXXXX"
"CurKeyContainer"="ConfigMgrEnrollment0"
"ProviderID"="MS DM Server"
"RenewTimestamp"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"RenewStatus"=dword:00000000
"RenewErrorCode"=dword:00000000
I tried to compare this with the DMPCertThumbPrint in the Set MdmDeviceCertificate part in the IME LOG.
I have 3 logs in the \Programdata\Microsoft\IntuneManagementExtension\Logs directory
- AgentExecutor.log
- IntuneManagementExtension.log
- Sensor.log
I have searched through all of these, but there is no entry for MdmDeviceCertificate .
I looked thru the IntuneManagementExtension.log
The following message is repeated
Find 0 MDM certificates.]LOG
Didn't find cert in both store
So I assume there is no MDM certificate
I looked in the Log_1.log file
Tried to find the section from your post "Getting certificate" However, It was not in my file
Looked in the Windows-Crypto-NCrypt%4Operational.evtx file
There were many errors
I assume because there is no MDM certificate
Looked in the _Microsoft_SystemCertificates.txt file, but there are no MDM certificated here.
So, I am at a loss. I do not know why there is no MDM certificate. Maybe I missed something in my set up ?
How did you enroll the devicr? What happens with a cleaned installed device that is aad joined from the oobe?
It should aad join and enroll into intune (if mdm scope/cnames/licensing etc is configured properly)I am guessing you enrolled an existing aadj device to intune by using the settings / accounts/ enroll into mdm only?
