Skip to main content
This guide applies to Mac computers

About AD CS Connector Installation

AD CS Connector Installation in Iru Endpoint involves setting up a native Windows .NET client application on a Windows server to establish a persistent trusted connection with your Iru Endpoint tenant for certificate management.

How It Works

The Iru Endpoint AD CS Connector is a native Windows .NET client application installed on a Windows server (2016 or newer) residing on your local network. The AD CS Connector leverages the WebSocket protocol over TCP port 443 to automatically establish a persistent trusted connection with your Iru Endpoint tenant. This makes the initial installation and setup intuitive and, in most environments, removes the need to open specific ports. The AD CS Connector uses the Microsoft Remote Procedure Call framework to communicate with your local AD CS environment. Once installed, the AD CS Connector will be able to receive and facilitate certificate requests from and to Iru Endpoint on an ongoing basis.

Prerequisites

  • Network Requirements: Ensure all network requirements have been met
  • SSL Inspection: Ensure SSL inspection is disabled for the required network communications between Iru Endpoint and the AD CS Connector
  • Integration Setup: The initial setup of the AD CS integration must be complete in your Iru Endpoint Web app
  • Installer Availability: Make sure the AD CS Connector installer is available. If needed, it can be redownloaded from the Connector integration card in Iru Endpoint
  • Server Access: Access to the Windows server designated as the Iru Endpoint AD CS Connector
  • Administrator Account: Access to an administrator account that can be used to log in to the Connector Windows server
  • Iru Endpoint Admin Account: Access to an Iru Endpoint admin account. This is used to authenticate the Connector and create the connection back to Iru Endpoint

AD CS Connector Server Requirements

The Connector must be installed on a Windows server (physical or virtual), meeting the following criteria:
  • Operating System: Windows Server 2016 or newer
  • .NET Framework: .NET (Core) 8 or newer
  • WebView Runtime: Edge WebView2 version 112.0.1722.39 or newer (This ADCS Connector installer includes the required WebView runtime)
  • Domain Binding: The AD CS Connector Windows server must be bound to your Active Directory domain

Installation

1

Transfer Installer

Transfer the Connector installer file to the Windows server.
Screenshot needed: Connector installer file being transferred to the Windows server
2

Launch Installer

To begin the installation process, double-click the installer.
Screenshot needed: Installer being launched on the Windows server
3

Start Installation

On the Install Iru Endpoint AD CS Connector screen, click Start.
Screenshot needed: Install Iru Endpoint AD CS Connector screen with Start button
4

Configure Authentication

On the Authenticate with Certificate Authority screen, you may choose to either leverage a Local System Account or enter Service Account credentials. If you used the AD CS Computer Certificate Template guide, we configured the template to allow the computer account to request certificates. Once you have decided on an account type, click Install.
AD CS Connector installation screen showing authentication options
AD CS Connector installation progress screen
5

Approve UAC Prompt

When the UAC prompt appears, click Yes.
Screenshot needed: UAC prompt with Yes button selected
6

Complete Installation

Once the Connector installation is complete, click Close.
Screenshot needed: Installation completion screen with Close button
As of installer version v1.0.0.4, the Microsoft Edge Webview2 runtime is bundled with the AD CS Connector installer and will silently install in the background. If needed, the runtime can be downloaded from Microsoft and installed manually on the AD CS Connector Windows Server.

Initialization

1

Launch Connector Application

If the Connector does not launch automatically, go to the Windows Start menu and search for the Iru Endpoint AD CS Connector app.
Screenshot needed: Windows Start menu with Iru Endpoint AD CS Connector app highlighted
2

Verify Tray Icon

The Connector should be running in the Windows tray in the bottom-right corner of the desktop.
Screenshot needed: Windows tray with the Iru Endpoint AD CS Connector icon visible
3

Enter Tenant URL

In the Iru Endpoint AD CS Connector dialogue, enter your Iru Endpoint tenant URL in the Enter Iru Endpoint domain field.
AD CS Connector login screen showing domain field
4

Authenticate with Iru Endpoint

In the Log in to Iru Endpoint screen, enter your Iru Endpoint admin credentials. If configured in your Iru Endpoint tenant, you can also use one of the other sign-in options.
Screenshot needed: Log in to Iru Endpoint screen with credentials being entered
5

Verify Connection Status

The Connector should start the initialization process, and once initialization is complete, you should see that the Connector is Connected.
AD CS Connector connected status screen
6

Close Application Window

The Connector app window can now be closed. If you need to open it again, click the Iru Endpoint icon in the tray.
Screenshot needed: Connector app window being closed and the tray icon remaining
Head back to Iru Endpoint to assign your CA server to the AD CS Connector in the AD CS integration and start adding Library Items to deliver AD CS certificates to devices.

Updating the AD CS Connector

Use the steps below when updating to the next version of the AD CS Connector.
1

Transfer Installer

Transfer the Connector installer file to the Windows server.
2

Launch Installer

To begin the update process, double-click the installer.
3

Start Installation

On the Install Kandji AD CS Connector window, click Start.
4

Configure Authentication

Choose the type of account to use when connecting to your AD CS infrastructure. Then, click Install.
5

Approve UAC Prompt

When the UAC prompt appears, click Yes.
6

Uninstall Previous Version

When the Uninstall Kandji AD CS Connector window appears (the previous version needs to be uninstalled), click Uninstall. This will uninstall the previous version of the AD CS Connector.
7

Complete Uninstallation

On the Success Uninstall window, click Close.
8

Complete Installation

On the Success! The Kandji AD CS Connector has been installed window, click Close.If you would like to verify that the latest version has been installed, you can check this by going to Start menu > Control Panel > Programs & Features. You should see the latest Connector version listed.
9

Re-authenticate if Needed

If needed, you may have to enter your Kandji tenant domain in the agent menu app and go through the authentication steps.
10

Verify Connection

The Connector should now show Connected.

Uninstalling the AD CS Connector

The Connector and Edge runtime can be removed by going to Programs & Features on the Windows server.
1

Access Programs & Features

Go to the Windows Start menu, type Programs & Features, and press Return on the keyboard.
2

Uninstall AD CS Connector

Find the Iru Endpoint AD CS Connector and click Uninstall.
Windows Programs & Features showing Iru Endpoint AD CS Connector
3

Confirm Uninstallation

When the Uninstall Iru Endpoint AD CS Connector window appears, click Uninstall.
Uninstall confirmation dialog for Iru Endpoint AD CS Connector
4

Complete Connector Uninstallation

When the uninstallation is complete, click Close.
5

Uninstall WebView Runtime

Find Microsoft Edge WebView2 Runtime and click Uninstall.
6

Remove Data Folder

Once the components are uninstalled, open the File Explorer and enter the following path, C:\ProgamData, then press Enter. Once there, delete the iru folder.

Troubleshooting

  • Installation Location: The AD CS Connector app is installed at C:\Program Files\Iru\ADCS Connector
  • Data Directory: Logs, settings, and service files can be found at C:\ProgramData\iru. This is a hidden directory on the Windows server
  • Event Logs: The Windows Event Viewer app can be used to see additional logs about the AD CS Connector
    • Event Viewer > Applications and Services Logs > Iru
  • Installer Logs: Windows installer logs can be enabled using the Microsoft guide
  • Service Management: The Connector service is called Iru Endpoint AD CS Connector Servicestart. The service should start automatically but can also be started in the Windows Services application if needed
  • Process Management: In Task Manager, the Connector process is called adcs-connector-app. If, for some reason, the webview login does not display in the Connector after entering the Iru Endpoint tenant domain, ending the Connector process and then launching the app again from the Windows start menu can help to clear this up
For additional questions, please contact support.

Considerations

  • Network Connectivity: Ensure proper network connectivity between the AD CS Connector and your Iru Endpoint tenant
  • Domain Requirements: The Windows server must be bound to your Active Directory domain for proper certificate operations
  • Service Account: Consider using a dedicated service account for the AD CS Connector for better security and management
  • Firewall Configuration: Ensure that TCP port 443 is accessible for WebSocket communication
  • SSL Inspection: Disable SSL inspection for the required network communications to prevent connection issues
  • Version Compatibility: Keep the AD CS Connector updated to the latest version for optimal performance and security
  • Backup Procedures: Consider backing up the C:\ProgramData\iru directory before major updates or changes