Nov 07 2021 11:29 PM - edited Nov 07 2021 11:52 PM
Hi all
we have setup SCEP with our On-Prem Environment and Intune, which is working fine so far. We discovered that the the Process"Microsoft.Intune.Connectors.PkiRevoke" is eating up all CPU. We are just using SCEP and the Revoke Part from the Connector, not PKCS.
Does anybody know, what could cause this issue?
Many thanks for your help
Best regards,
Marc
Nov 09 2021 03:55 AM
@marckuhn Interesting, we have exactly the same behavior. Last week we setup a new NDES server with the Intune Certificate connector for SCEP certificates combined with the Azure App Proxy. Certificate issuance does work as expected.
However, the proces microsoft.intune.connectors.pkirevoke.exe is causing 99% CPU usage. The connector is running under a service account with the appropriate privileges as described here:
https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure#grant-permissions-fo...
Nov 17 2021 01:04 AM
We have exactly the same problem. Degraded the VM to two vCPUs, which are always full in use. Service is not usable.
OS is Server 2022 with all updates.
Seems like a bug, any news on this?
Nov 17 2021 02:41 AM
Nov 17 2021 05:24 AM
Nov 17 2021 05:28 AM
Nov 17 2021 01:19 PM
I can't really tell why but I took the road and removed the Certificate Connector on that server and reinstalled it there. What I didn't activated now are the PKCS points, just SCEP and Cert Revocation. I still use the SYSTEM User for this.
My CPU on this server is back to normal, even though I have also that 3003 errors in the log. I wasn't able to test the revocation successfully. I think this isn't working at least in my environment.
I have a Server 2019 with all AAD related tools on it like AADC, App-Proxy, Cert Connector, NDES.
What I didn't configure was the "Logon as a service" permission for my NDES Service Account. Do you have this in place on your side?
Best regards,
Marc
Nov 18 2021 01:42 AM
Nov 24 2021 07:01 AM
Nov 29 2021 06:11 AM
Exact same issue and setup here. No idea how to fix this as of yet. Please let me know if you manage to resolve this!
Nov 29 2021 10:06 AM
Dec 03 2021 01:18 PM
Dec 06 2021 01:30 AM
We have reinstalled the connector without PFX component - we only need the SCEP service. Its working now.
Dec 10 2021 03:27 AM - edited Dec 10 2021 03:36 AM
I am also seeing this issue on Server 2019. Anyone had any feedback from MS on this?
Dec 10 2021 04:28 AM
Dec 10 2021 06:39 AM
Dec 10 2021 06:47 AM - edited Dec 10 2021 06:47 AM
Thanks for giving that update Sparkeh. Hopefully they'll come back with a fix. Would be grateful if you could post any further progress.
Dec 10 2021 08:16 AM
Dec 10 2021 08:26 AM - edited Dec 10 2021 08:31 AM
Hi Marc,
Its just SCEP. I thought at the install you select either SCEP or PKCS at the install stage. I only selected SCEP I believe. How did you check\remove PFX topics?
Thanks
Dec 14 2021 03:27 AM