Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Troubleshooting Windows Intune Direct Management of Mobile Devices

Updated: November 1, 2013

Applies To: Windows Intune

This topic supports troubleshooting of several known issues for Windows Intune direct management of mobile devices.

The following table lists errors that users might encounter while enrolling iOS devices with Windows Intune. Possible cause and solution details are provided for each error.

 

Error message Possible cause Resolution

Service not supported

This error is the result of one of the following causes:

  1. The account has not enabled direct mobile device management for iOS devices and does not have an APNs certificate.

  2. The account has enabled mobile device management for iOS devices, but the APNs certificate has expired.

  3. The account did not set Windows Intune as its mobile device management authority.

  4. The mobile device management authority and user’s license type don’t match. For example, the user was provisioned for Windows Intune, but the selected mobile device management authority is Configuration Manager.

Follow the resolution step that corresponds to the suspected cause:

  1. In the Windows Intune administrator console go to Administration. Go to Mobile Device Management, and then, in iOS, enable direct mobile device management for iOS devices and acquire a valid APNs certificate.

  2. Renew your APNs certificate.

  3. In the Windows Intune administrator console, go to Administration. Then, in Mobile Device Management, set the Mobile Device Management Authority.

  4. In the Windows Intune administrator console, go to Administration. Then, in Mobile Device Management, set the Mobile Device Management Authority to Windows Intune.

Version not supported

You are trying to enroll an iOS device that runs an iOS version lower than 5.0.

Upgrade to a supported iOS: version 5.0 or later. Then try again.

Cannot connect to company apps

The user has reached the allowed quota of 5 enrolled mobile devices.

noteNote
This quota pertains only to enrolled modern devices that are managed by direct mobile device management.

In the Windows Intune administrator console, delete one of the user’s existing devices before attempting to enroll a new one.

noteNote
Although the user can remove an existing device in the company portal, these removed devices remain in Windows Intune with an Unhealthy state. To completely delete the device, you must perform the deletion from the Windows Intune administrator console.

The following material addresses problems that users might encounter while enrolling an iOS device with Windows Intune. This table lists specific symptoms along with possible causes and recommended resolution actions.

 

Symptom Possible cause Resolution

The enrollment process stops in the middle.

This symptom is typically the result of one of the following causes:

  1. The user was deleted in the Windows Intune account portal.

  2. The user’s account was deleted in the account portal.

  3. The user’s APNs certificate was deleted.

  4. The user has reached the quota for enrolled devices.

  5. The user attempted to enroll multiple devices simultaneously.

  6. An internal error occurred during the enrollment process.

Follow the resolution step that corresponds to the suspected possible cause:

  1. Add the user in the Windows Intune account portal.

  2. Add the user’s account in the account portal.

  3. Upload an APNs certificate.

  4. In the Windows Intune administrator console, delete one of the user’s existing devices before attempting to enroll a new one.

  5. Instruct the user to enroll only one device at a time.

The system repeatedly asks the user to identify the device to be used to access the mobile Windows Intune company portal.

This symptom is typically the result of one of the following causes:

  1. The user previously enrolled the mobile device, but deleted cookies on the device. This prevents Windows Intune from identifying the device.

  2. The user enrolled more than one mobile device of the same type (iPhone, iPad, or iPod Touch).

  3. The user previously enrolled this device, but then restored it to a point from before it was enrolled.

Follow the resolution step that corresponds to the suspected possible cause:

  1. The user should select the current device from the displayed list of mobile devices.

  2. The user should select the option to add another device and follow the enrollment process.

  3. The user should select the option to add a device and follow the enrollment process.

The mobile device was enrolled, but when the user tries to install apps from the mobile Windows Intune company portal, the apps do not install. Or, the device was enrolled but it does not appear in the Windows Intune administrator console or in the Windows Intune company portal.

These symptoms are typically the result of one of the following causes:

  1. The user completed the enrollment process but the device is still continuing to enroll in the background and has not yet updated the service with the token and push magic parameters received from APNs that enable Windows Intune to wake up the device.

  2. The APNs certificate that is used by the account was deleted, revoked by Apple, expired, or replaced.

  3. The user deleted the management profile from the device when the device was not connected to the Internet.

  4. The device is connected to the Internet using a Wi-Fi connection, and the wireless network is blocking communications from the Apple Push Notification service. This prevents the device from completing the enrollment.

Follow the resolution step that corresponds to the suspected possible cause:

  1. Make sure the device is connected to the Internet and wait a few minutes to see if the requested apps are pushed to the device. If the problem persists, try deleting both the management profile and cookies from the device and enroll the device again.

  2. Make sure that the APNs certificate that is used by the account is valid. If the certificate was replaced and now has a different topic than the one that was used when the device enrolled, enroll the device again.

  3. Remove the device entry from the Windows Intune administrator console. Then, delete cookies on the device and enroll the device again.

  4. If the device is connected over Wi-Fi and is unable to receive notifications, make sure that port 5223 is open to TCP traffic. For more information, see the relevant Apple documentation

The user clicks Install in the Company Apps page, but enrollment does not start.

The configuration profile has not yet been properly downloaded in Apple's format.

Use the built-in Safari browser to perform the enrollment process. You can only download the configuration profile from the Safari browser.

Troubleshooting Windows RT and Windows Phone 8 Enrollment

The following material addresses errors that users might encounter while enrolling Windows RT and Windows Phone 8 devices with Windows Intune. This table lists specific symptoms along with possible causes and recommended resolution actions.

 

Symptom Possible cause Resolution

The system displays a Not Authorized error.

This symptom is typically the result of one of the following causes:

  1. The user is not provisioned to enroll a device and download apps.

  2. The user has reached the allowed quota of 5 enrolled mobile devices.

    noteNote
    This quota pertains only to enrolled modern devices that are managed by direct mobile device management.

  3. Mobile device management authority was not selected.

  4. The organizational account is not active with Windows Intune.

  5. The Windows Phone 8 device is missing the necessary sideloading keys.

Follow the resolution step that corresponds to the suspected possible cause:

  1. In the account portal, provision the user for Windows Intune.

  2. Remove devices either in the Windows Intune company portal or in the Windows Intune administrator console.

  3. In the Windows Intune administrator console, set the Mobile Device Management Authority to Windows Intune.

  4. Make sure your Windows Intune account status is either Active or Warning in order to enroll users.

  5. Complete the necessary steps to enable mobile device management for Windows Phone 8 devices. For more information, see Set up Windows Intune Direct Management for Windows Phone 8 Mobile Devices.

The system displays the error Unable to locate a server for this request.

The device cannot find the service details necessary for completing enrollment.

  1. The user can manually enter the server address: manage.microsoft.com

  2. Set up your DNS server to enable devices to automatically detect the service. Check the management server auto-detection in the Windows RT or Windows Phone 8 setup page. For more information, see Set up Windows Intune Direct Management for Windows Devices or Set up Windows Intune Direct Management for Windows Phone 8 Mobile Devices.

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.