Microsoft Intune - Notes from the Field

Microsoft Intune – Notes from the Field

By William Bracken

Published December 17, 2014

Estimated Reading Time: 3 minutes

I recently ran into an issue during a Microsoft Intune implementation where certain iOS devices were unable to enroll in the Intune service via the Company Portal app.

The Symptom:

After logging into the Microsoft Intune service from the Company Portal app on various iOS devices, when attempting to enroll the device we were presented with the following error:

Company Portal Temporarily Unavailable
The Company Portal app encountered a problem. If the problem persists, contact your system administrator.

There is a retry/cancel option. Pressing retry was futile. It always came back with the same error message.

Troubleshooting Steps

We were able to enroll other iOS devices, along with Android and Windows Phone 8.1 devices so we started with iOS version checking. We found that devices with the issue and devices without the issue shared the same iOS versions (anywhere from iOS 7.x to 8.x).

Next we started looking at the connectivity and realized that the iOS device that were enrolling successfully were connected the company’s public internet only Wi-Fi, and devices that were failing had Wi-Fi turned off and were using their T-Mobile data connection. We then started looking at the Android devices to see what the connectivity was during enrollment and found that some were on Wi-Fi and some were on the same T-Mobile data connection as the iOS devices, however all Androids we tested were enrolling successfully.

By now were starting to lean towards a compatibility issue somewhere with iOS and Intune when on a mobile network so we tracked down iOS devices that are on the AT&T data network. Low and behold, these devices enrolled without issue as well. So what gives? It must be an issue with a firewall rule or DNS issue on the T-Mobile data network right? Keep reading..

We decided to reach out to T-Mobile for a conversation with one of their network engineers who as I expected had not heard of this issue before. He went off to consult others at T-Mobile and we planned to follow up later that day.

In tandem, I opened a support case with the Microsoft Intune team describing the issue, and providing a failing iOS Company Portal app log (shake your device with the Company Portal app open to get the log!), fully expecting Microsoft to state it was something on the T-Mobile network preventing the enrollment.

Much to my surprise however, within 3 hours we had a suggestion back from Microsoft with the following fix*.

Resolution:
Add this public CNAME DNS entry for your domain.

CNAME Record:
enterpriseregistration.yourdomain.com

Pointing to:
enterpriseregistration.windows.net

Conclusion:
This DNS entry immediately allowed the iOS devices on the T-Mobile data network to enroll without issue.

We tested several device (including Android and Windows Phone) and all was right with the world.

I followed up with the MS Support Tech inquiring if this DNS record requirement would be added to the TechNet guides for deploying Microsoft Intune? I was told however that this is being addressed internally with the Microsoft Intune development team and a true fix will be implemented at the Intune service level, removing the requirement for the additional public DNS Record. So, this is really a workaround, while we wait for an official “fix”. 😉

If you are experiencing this issue with your own Intune implementation, try the above DNS Record. Might just get you over the hump!

If you are not familiar with Microsoft Intune, it’s a cloud-based mobile device management platform that can be purchased as a standalone solution or as part of the Enterprise Mobility Suite (EMS).

You can read all about EMS here:
http://www.microsoft.com/en-us/server-cloud/cloud-os/empower-enterprise-mobility.aspx

One of many compelling reasons to look at Intune is it’s ability to integrate with an on-premises System Center Configuration Manager 2012 (SCCM) infrastructure allowing you to manage all your devices, whether back office desktops, laptops, and servers, or personal/company-owned mobile devices and tablets all from the familiar SCCM Administration console. This is know as Unified Device Management (UDM).

More information on UDM can be found here:
http://technet.microsoft.com/en-us/library/jj884158.aspx

Post Tags: iOS | Microsoft Intune | T-Mobile

Article By William Bracken

Partner – Model Technology Solutions William is an experienced and results-driven IT geek who is passionate about the “automation of things,” with an extensive background in systems management, advanced OS deployment automation, and overall infrastructure automation. He has more than 19 years of experience in IT, and has designed and implemented management solutions that have dramatically reduced support costs and ultimately brought consistent and well managed operating environments to organizations across the US.

Related Posts

The Essential Role of Intune Management and Patching Strategies in Healthcare IT

Protect Business Data On Personal Devices With M65 Endpoint Security

Advanced Reporting with Microsoft Graph API and Power BI | Microsoft Intune Reporting Series, Part Four

MODEL TECHNOLOGY SOLUTIONS

SERVICES

RESOURCES

SOCIAL