Let’s discuss Troubleshoot Intune Enrolment Failures Post-Connector Server Switch. Microsoft Intune admins faced issue while migrating Intune connector to new server. Due to this issue admins faces enrollment failure which is shown on Intune Portal.
Here, admin moved their Intune Connector to a new server. The new server name has already been showing in the Microsoft Intune Admin Centre as “active” and it’s healthy, latest version and syncing since it was installed on the new Intune Connector server.
In this scenario enrollment failure issue occurred due to old Intune Connector server shut downing for decommissioning. After the old Intune Connector server back up then enrolments went ahead again successfully.
When admin check the Windows Application logs I see the logs for the successful enrolments on the correct server, the new one. In this blog post I would like to share troubleshooting steps of Intune Enrolment Failures Post-Connector Server Switch. I will also share reasons and after effects of this issue.
Table of Contents
Troubleshoot Intune Enrolment Failures Post-Connector Server Switch
When the Admin check the certs now on old and new Intune server. They look the same, except for the “valid from” dates, but that’s expected. When Admin moved over to the new Intune server the old Intune connector was uninstalled from the old server to clean it up. The following are the image of old connector server.
But yesterday when we finally shutdown the old Intune Connector server the enrolments stopped working. The below screenshot shows the image of New Connector server.
- How to Use Microsoft Intune Connector with Multiple Domains Security Update Insights
- Intune Connector for Active Directory Setup Fatal Error 0x80070643
- How to Fix Intune iOS App Installation Error 0x87D1313D
Reasons of Issue
There are many reasons behind Enrolment Failures Post-Connector Server Switch. The mai reason is that, old connector was removed from the Intune Admin Center, its DNS record and possibly Active Directory Service Connection Point (SCP) entries still exist. The following table shows the other reasons.
| Reasons | Details |
|---|---|
| Connector Installation Cache or Registry Remnants | While the Intune Admin Centre shows the new server as active and the old one removed, there may still be cached entries at the device level or within the Connector installation itself that need manual cleanup. |
| OU Placement in Active Directory | The old server was in the SERVERS OU, while the new one was placed in the COMPUTERS OU. |
| Certificate or Token Dependencies | Devices that started enrolment before the switch might still be holding enrolment information pointing to the old connector until the process completes. |
After Effects of this Issue
When this issue occured, users face some after effects. Devices fail to enroll unless the old server is powered on, halting Autopilot provisioning and delaying onboarding. End users may receive devices that aren’t fully configured or domain-joined, impacting productivity.
Fixes for Intune Enrolment Failures
Some admins suggest resolution steps. Mr. Dionysis_K suggests some troubleshooting steps for this issue. These steps are Recommended Actions which help to resolve the issue. Look at the below steps.
- Check AD Service Connection Points (SCP) for any lingering references to the old server.
- Verify DNS records / CNAMEs that may still point to the old machine.
- Review event logs on both servers during enrolment to confirm which connector is being called.
- Reinstall or repair the Intune Connector on the new server to force refresh of all references.
- After confirming cleanup, decommission the old server again and test with a new device enrolment.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.