Issue Reported:
Intune Android device Enrollment fails SSL related issue.
Requester has configure ConfigMgr integrated InTune for Office 365 on prem ADFS (Active Directory Federation Services) Authentication for single sing on which configure on windows servers for getting sing sin on authentications.
Actions perform and tested with iOS and Other device (Non Android) user the company portal app login and they are able to completed enrollment. While trying to enroll android device getting error.
Company Portal:
Could not sign in. You will need to sign in again. If you see this message again, please contact your IT Admin.
Finding while Android device connect internal wifi connection which bypass the ADFS proxy.Device is able to enroll.
Requester has tested with multiple browser and while access portal: https://adfs.company.com/adfs/ls/IdpInitiatedSignon.aspx. Able to authenticate without issue.
Logs:
Intune App error Logs located:
Send logs to your company support using a USB cable or Email which option are available on company portal for
For sending on usb below is part where logs avialble
Find Android Device\Phone\Android\data\com.microsoft.windowsintune.companyportal\files\
For reference Click Here
Solutions:
Step 1: Import the certs up the chain into the intermediate store on the ADFS Proxies themselves.
Step 2: Launch the MMC and add the Certificates for the Local Computer on your ADFS Server. Find the cert your ADFS Service is using (likely issued to adfs.yourcompnay.com), and view its parent certificate.
Step 3: Move a copy of the parent cert, (in my case, Symantec) into the Computer\Intermediate Certification Authorities\Certificates store. This part is CRUCIAL!
Next, move copies of your ADFS, ADFS Decrypting, and ADFS Signing Certs into the Personal Store for the ADFS Service. Finally, restart the ADFS servers, because restarting the service alone is not enough.
With all of this finished, I am finally able to enroll Android devices into InTune.
Happy Learning!!!
Thanks®ards,
Haresh Hirani
Email: [email protected], [email protected]
Facebook https://www.facebook.com/Hiraniconfigmgr-120189361980772/
Follow us: https://www.linkedin.com/in/hiraniconfigmgr
Twitter: https://twitter.com/hiraniconfigmgr
X
1 Comments
Hari
24-11-2017 06:20 pmThanks for sharing it will help.
Haresh Hirani
My Pleasure Happy Learning