27.5 C
Ahmedabad
Friday, July 4, 2025
type here...
MDMIntune

Intune Android device Enrollment fails SSL related issue

By Haresh Hirani
1
817

Issue Reported:

Intune Android device Enrollment fails SSL related issue.

Requester has configure ConfigMgr integrated InTune for Office 365 on prem ADFS (Active Directory Federation Services) Authentication for single sing on which configure on windows servers for getting sing sin on authentications.

Actions perform and tested with iOS and Other device (Non Android) user the company portal app login and they are able to completed enrollment. While trying to enroll android device getting error.  

Company Portal:

Could not sign in. You will need to sign in again. If you see this message again, please contact your IT Admin.

Finding while Android device connect internal wifi connection which bypass the ADFS proxy.Device is able to enroll.

Requester has tested with multiple browser and while access portal: https://adfs.company.com/adfs/ls/IdpInitiatedSignon.aspx.  Able to authenticate without issue.

Logs: 

 

Intune App error Logs located:

Send logs to your company support using a USB cable or Email which option are available on company portal for 

For sending on usb below is part where logs avialble

Find Android Device\Phone\Android\data\com.microsoft.windowsintune.companyportal\files\

For reference Click Here

Solutions:

Step 1: Import the certs up the chain into the intermediate store on the ADFS Proxies themselves.

Step 2: Launch the MMC and add the Certificates for the Local Computer on your ADFS Server.  Find the cert your ADFS Service is using (likely issued to adfs.yourcompnay.com), and view its parent certificate.

Step 3: Move a copy of the parent cert, (in my case, Symantec) into the Computer\Intermediate Certification Authorities\Certificates store. This part is CRUCIAL!

Next, move copies of your ADFS, ADFS Decrypting, and ADFS Signing Certs into the Personal Store for the ADFS Service. Finally, restart the ADFS servers, because restarting the service alone is not enough.

With all of this finished, I am finally able to enroll Android devices into InTune.

Happy Learning!!!

Thanks&regards,
Haresh Hirani
Email: [email protected], [email protected]
Facebook https://www.facebook.com/Hiraniconfigmgr-120189361980772/
Follow us: https://www.linkedin.com/in/hiraniconfigmgr 
Twitter: https://twitter.com/hiraniconfigmgr

Author

  • Hi, I Haresh Hirani, I am the person behind this webpage. Welcome to my page, Thank you for visiting the website and my page! My website is all about Microsoft technologies. More about ConfigMgr and all other technologies which are interesting for me. However, larger percentage of my posts are related to SCCM. Normally, like to post the interesting issues which I came across in my day to day tech life. you will find only solutions which comes on my day to day life.

Previous article
Fail to retried the package list on distribution point
Next article
Intune enrollment error code
- Advertisement -spot_img

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Search

Latest posts

I’m the person behind this webpage. Thank you for visiting the website and about me page! My website is all about Microsoft technologies. More about ConfigMgr and all other technologies which are interesting for me. However, larger percentage of my posts are related to SCCM. Normally, like to post the interesting issues which I came across in my day to day tech life. you will find only solutions which comes on my day to day life.

Hot Category

Popular Post

© COPYRIGHT Hiraniconfigmgr.com

Developed By : Deepcoder