Microsoft Intune connector certificate does not renew in Configuration Manager

Applies to: System Center Configuration Manager (current branch - version 1810)System Center Configuration Manager (current branch - version 1806)

Symptoms


After you update to Microsoft System Center Configuration Manager current branch, version 1806 or 1810, the Microsoft Intune connector certificate renewal process fails.

This problem affects customers who have a hybrid mobile device management environment through Microsoft Intune. The problem occurs when the Service Connection Point is installed on a computer that is running Windows Server 2012 or Windows Server 2012 R2.

Additionally, error messages that resemble the following are recorded in the the DMPUploader log:


The renewal process starts at the halfway point of the certificate lifespan. If the renewal fails after the certificate is expired, Configuration Manager cannot connect to Microsoft Intune.

The following log entry in DMPUploader.log indicates a successful renewal:


The following entry indicates a certificate that is already expired:


To prevent this problem, apply this update. Certificates that are already expired have to be renewed manually to reestablish the Microsoft Intune connection.

For an expired certificate, use either of the following options.

Hotfix information for System Center Configuration Manager, version 1806 and 1810


This hotfix is available for installation in the Updates and Servicing node of the Configuration Manager console on version 1806 and 1810 sites that use a hybrid mobile device management environment through Microsoft Intune.

Note Customers on version 1810 will see a reference to hotfix 4487997. This is expected. All required information is contained in hotfix 4487960.

If the service connection point is in offline mode, you must reimport the update so that it's listed in the Configuration Manager console.

See "Install in-console updates for Configuration Manager" for detailed information.

Restart information

You do not have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any previously released hotfix.

File information

More information


As of August 14, 2018, hybrid mobile device management is a deprecated feature. On September 1, 2019, any remaining hybrid MDM devices will no longer receive policy, applications, or security updates. For more information, see this Intune Support Team Blog article.