Intune

IssuePfx – The submission failed error Intune to PKI connector

Leave a comment

As I couldn’t google an answer to this one and the error was misleading, if you are using the Intune Service Connector to distribute PCKS certificates from your onprem PKI to your Intune clients and see the following error in the Connector eventlogs:

{

“Metric”:{

“Dimensions”:{

“UserId”:”c659cd5a-86e5-4733-ae58-55a896f63d53″,

“DeviceId”:”4cec597c-cd90-4077-b6c0-612a213353ef”,

“CaName”:”PATH TO CA\\CAFriendlyName”,

“TemplateName”:”Intune”,

“ElapsedMilliseconds”:”786″,

“AgentId”:”1af3469a-ef31-cfd2-3bfc-cba69a6d215d”,

“DiagnosticCode”:”0x0FFFFFFF”,

“DiagnosticText”:”We are unable to complete your request because a server-side error occurred. Please try again. [Exception Message: \”DiagnosticException\”] [Exception Message: \”IssuePfx – The submission failed\”]”

},

“Name”:”PkcsCertIssue_Failure”,

“Value”:0

}

}

And this error on your CA:

EventId 22:

Active Directory Certificate Services could not process request 136204 due to an error: Error 0xc8000211 (ESE: -529).  The request was for COMPUTERNAME.  Additional information: Error Parsing Request

Ensure you restart the Active Directory Certificate Services service on your CA. This is not required as per the documentation, but was surely required in my environment.

Powershell

Getting ALL (nested) groups a user is a member of in Active Directory by samaccountname

5 Comments

Little snippet for those who want a really simple PS oneliner to get the display names of all groups the logged in user is directly or indirectly a member of:

([ADSISEARCHER]"(member:1.2.840.113556.1.4.1941:=$(([ADSISEARCHER]"samaccountname=$($env:USERNAME)").FindOne().Properties.distinguishedname))").FindAll().Properties.distinguishedname -replace '^CN=([^,]+).+$','$1'
You can of course replace $env:USERNAME with a parameter if you don’t want the currently logged in user.
Office 365, OneDrive for Business, OneDriveMapper

OnedriveMapper v3.17 released!

12 Comments

Version 3.17 of OneDriveMapper has been released:

  • Changed the $autoResetIE option to only remove cookies, nothing else to prevent issue with Teams overriding the WebDAV cookie
  • Additional detection method for Teams libraries
  • Support post-ADFS MFA challenge
  • Teams and Sharepoint Icons for shortcuts added
  • Smarted / better redirect handling
  • Support for new sign in method MFA
  • When mapping teams with the same name, don’t overwrite the link but append a digit

Get the new version here

OneDriveMapper

OnedriveMapper v3.16 released!

14 Comments

Version 3.16 of OneDriveMapper has been released:

  • Minor code improvements regarding the 3.15 new automapping feature
  • By default, OnedriveMapper will now always disconnect/delete ALL onedrive/spo mappings before running
  • Drives won’t be double-mapped when running the script twice in a row
  • Only set cookies when running in native mode

Get the new version here

EMS, Intune, Powershell

Mapping legacy server shares in your Windows 10 MDM Intune pilot

8 Comments

In a Windows 10 full MDM (AzureAD+Intune) scenario, you’ll move your email, app and file workloads to Office 365 (or alternatives).

In your pilot or hybrid phase, you may still need access to certain file shares on your servers, so here’s a simple PowerShell script you can deploy using Intune Device Configuration that maps your desired share. Deploy multiple times for multiple shares (or groups of users).

It will create a shortcut in a location you define, so the mapping is always user-driven, it will automatically suggest your user’s AzureAD login as username. You can of course customize the script to your liking if you did not change your local AD upn yet.

Gitlab homehttps://gitlab.com/Lieben/assortedFunctions/blob/master/intuneServerShareMapper.ps1

Requirements:

  • Windows 10 (MDM)
  • Intune
  • Direct SMB lan connection to share

Microsoft 365, Azure, Automation & Code