Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article fixes an issue in which you can't install the Network Device Enrollment Service (NDES) connector for Intune because the NDES certificate is not installed.
Symptoms
When you try to install the Network Device Enrollment Service (NDES) connector for Intune, the NDES certificate is not installed. Additionally, the following error is logged in the SetupMSI.log file (C:\NDESConnectorSetup\SetupMSI.log):
SI (s) (64:4C) [time]: Invoking remote custom action. DLL: C:\Windows\Installer\MSID8CB.tmp, Entrypoint: AddNDESToCertPrivKey
AddNDESToCertPrivKey: Giving read access to the accountAccountNameon the private key of the cert with thumbprint:ThumbPrint
AddNDESToCertPrivKey: Error 0x80090014: CryptAcquireContext failed. Error hr = 80090014lx
CustomAction AddNDESToCertPrivKey returned actual error code 1603
Solution
To resolve this issue, the NDES certificate must be created as a v2 certificate.
Note
The webserver template is a good example of this situation, although it should have Client Authentication added as an Enhanced Key Usage value.