Device certificate profile with SAN DNS= {{FullyQualifiedDomainName}} doesn't work
I've created a certificate profile to push device certificates to Windows 10 computers. After struggling with the certificate requests failing for a while, I finally got it to issue certificates, but one of the SANs is missing. Initially the profile was set to use a Subject name of {{AADdeviceID}}, with a SAN of DNS={FullyQualifiedDomainName}}. What seems to have got it working is to add a second SAN of DNS={{DeviceName}}, but looking at the certificate that was issued, it has only the second SAN. The FQDN is not listed anywhere on the certificate. Has anyone set up a PKCS certificate profile that successfully issues device certificates with the FQDN as a subject name or SAN? What would cause the certificate to be issued without the additional SAN?
Connect a second NDES server to enterprise CA
In preparation of the migration of our ~4500 MDM-devices from SCCM-Intune-Hybrid to Intune SA, I am trying to install a second NDES-server to be able to test and provide feature-parity before moving the first users. Anyone has an idea how to do so? Always get an error (during NDES setup wizard) stating, that the "endpoint is a duplicate". The same error can be found on the CA in the eventlog, but in my opinion, it should be able to connect to a CA from two servers, even as I use different system-users and also created a new cert-template for this purpos. Any thoughts on this are appreciated Thanks in advance Julius
