Share via

Script errors when installing the Intune Certificate Connector

Sven Gertsen 5 Reputation points
2026-04-23T06:14:05.73+00:00

I'm trying to install the Intune Certificate Connector and am running into script errors on a Windows Server 2022 machine.

Things I have tried:

  • Adding *.microsoft.com and *.microsoftonline.com to the trusted sites
  • Adjusted browser security settings to low to allow active scripting and javascript
  • Ensured TLS 1.2 is enabled in the system through registry
  • Disabled Compatibility view through local GPO and in Edge settings
  • Cleared browser cache

I've also checked the pre-requisites for the connector and they all seem to be set up correctly.

Would like some assistance with this one please.

User's imageUser's image

Microsoft Security | Intune | Configuration

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sven Gertsen 5 Reputation points
    2026-04-28T23:31:19.3933333+00:00

    I was able to work out the issue with some help and resolve it by adding some registry keys to allow the configuration app to function using Internet Explorer even though it should be using the Webview2 modules.

    In location:
    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION

    Add DWORD (32-bit) value:

    PFXCertificateConnector.exe with decimal value 11000

    Update prevhost.exe decimal value to 11000

    In location:

    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE

    Add DWORD (32-bit)

    PFXCertificateConnector.exe with decimal value 10000 (11000 should work as well but we didn't test this)

    Hope this can help someone else experiencing the same issue.

    Browser Emulation

    Document Compatible Mode

    Was this answer helpful?

    1 person found this answer helpful.

  2. AI answer

    2026-04-23T06:14:32.6633333+00:00

    On Windows Server 2022, the Intune Certificate Connector relies on the local system’s modern browser components (Edge/Chromium) rather than legacy Internet Explorer script engines. Script errors like the ones shown typically occur when the connector UI is rendered using an outdated or restricted browser engine.

    Based on the documented guidance, the key points to verify and steps to follow are:

    1. Confirm the server meets all connector prerequisites
      • OS: Windows Server 2012 R2 or later is required; Windows Server 2022 is supported.
      • .NET Framework 4.7.2 must be installed.
      • TLS 1.2 must be enabled (already done in this environment).
      • Enhanced Security Configuration must be disabled on the server.
      • The server must meet Intune network endpoint requirements and have outbound access to the Azure update service on port 443 to autoupdate.msappproxy.net.
      These are listed under the general prerequisites for the Certificate Connector for Microsoft Intune.
    2. Ensure Microsoft Edge is installed and used by the connector UI
      • For Windows Server 2019 or earlier, Microsoft Edge must be manually installed before starting the Certificate Connector wizard. While this note is explicit for 2019 and earlier, the connector UI on newer servers still depends on modern browser components.
      • If Edge/Chromium is missing or restricted, the connector may fall back to legacy components that do not fully support the portal scripts, resulting in errors such as missing addEventListener or “Expected identifier”.
    3. Run the configuration wizard from an elevated command prompt
      • After installing IntuneCertificateConnector.exe, run the configuration UI directly as administrator: 
             C:\Program Files\Microsoft Intune\PFXCertificateConnector\ConnectorUI\PFXCertificateConnectorUI.exe
      • This should open the Certificate Connector for Microsoft Intune wizard with the Welcome page. If the browser engine is correct and prerequisites are met, the Microsoft Entra sign-in and subsequent pages should render without script errors.
    4. If the connector was partially configured, rerun the wizard
      • The same UI can be used to modify an existing connector configuration. If the connector has already authenticated to Microsoft Entra ID, the Microsoft Entra sign-in page will not appear again; the wizard should go directly to the feature selection page.
    5. Verify no IIS/NDES–specific issues are blocking setup
      • If using SCEP with a Microsoft CA, ensure the NDES role is installed before running the connector installer.
      • If the setup wizard ends prematurely (different from script errors, but sometimes seen during connector installs), confirm that the IIS Default Web Site is named exactly “Default Web Site” and has site ID 1, then rerun NDESConnectorSetup.exe.

    If, after confirming the prerequisites, installing Edge, and launching the configuration UI as described, the script errors persist, the next step is to collect connector logs and Event Viewer entries under Applications and Services Logs > Microsoft Intune Connector and proceed with targeted troubleshooting based on those events.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.