Archive

Posts Tagged ‘UDM’

UDM: Conditional Access – Saving of Access Rules to Exchange has failed (error: A2CE0100)

March 29, 2015 Leave a comment

A few days ago we have been working on extending our hybrid demo environment. We made some changes required to demonstrate conditional access with Exchange online. Details on how we set things up will follow shortly in another post.

Once the basics were in place we implemented a policy that would block a user to access their mailbox when using an unmanaged device.

The policy was properly deployed to a collection which included my demo user, however I noticed my demo user could still sync his mail on an iPhone 5 which was not enrolled. Even after an hour or two this condition remained unchanged so something was wrong.

Initial investigation did not show anything out of the ordinary in the Configuration Manager console. However in the Intune console I noticed an entry in the Alerts node:

Saving of Access Rules to Exchange has failed


Microsoft Intune was unable to set the requested mobile device access rules or related settings in Exchange due to the following error: A2CE0100

 

image

Unfortunately the “View Troubleshooting Information” link is broken. So is the one on the top right in the console and the right-click one. As such it was hard to find any further details on this specific error.

I made a few attempts to get things working, including the following:
– Modifying the compliance policy (increasing the revision number)
– Removing and adding the user from and to the target collection
– Removing and recreating the deployment of the compliance policy

I can confirm none of the above resolves the issue. The policy still did not get applied.

In the end to get things working again what I had to do was to delete the compliance policy,  recreate it from scratch, and deploy it again.

image

When synching mail on the iPhone 5 a few minutes later, the policy kicked in.

image

Although the problem was solved and we now have a working demo scenario; in the end I have no idea what went wrong initially and how I could have been troubleshooting this in a more optimized way. Whatever it was it does not seem to resolve itself. Also the repeat count of the alert not increasing indicates the system itself does not do any retries.

I definitely see a few areas for improvement here:

  • Fixing the link to the troubleshooting information so the admin can troubleshoot properly and in a most optimized way.
  • Exposing Intune alerts to the Configuration Manager Console so the admin does not have to look in multiple locations.
  • Having the system retry the action “Saving of Access Rules” at least a few times. In case the alert repeat counter increases the admin can further look into a blocking issue. Otherwise there may have just been a glitch and the issue would have resolved itself.

If you are ever facing the same issue, I hope this article will save you some troubleshooting time!

Tim

MMS 2014 Debrief

November 16, 2014 2 comments

2014-11-09 18.15.06-1Last week I was at the Midwest Management Summit (MMS) in Minneapolis, a three day conference organized by the Minnesota System Center User Group.

At this event I had the pleasure to deliver two sessions for which I again teamed up with my friend and ECM MVP Kenny Buntinx. Based on the feedback received on our sessions so far, we did well again at evangelizing Unified Device Management (UDM) with Configuration Manager and Intune.

Having a lot of time for Q&A made these sessions very interactive and allowed attendees to (hopefully) ask all their questions. If you did attend and have further feedback, questions, or comments please make sure to send them to Kenny and/or myself.

Next to speaking I also had the opportunity to attend some really nice sessions. As my focus is on Enterprise Client Management I was really pleased to see so many sessions on ECM topics on the schedule. Building a schedule for the conference was quite challenging.

Having these sessions delivered by community experts is a big plus as you have the chance pick up a lot of experience (and potential pitfalls) from the field. One really nice example of this would be the session on Pull DP’s with Todd Hemsell. Also the sponsor sessions were a great fit: I attended those from 1E and Secunia and really enjoyed the technical level of these sessions. No marketing fluff.

2014-11-10 18.06.17-1Another highlight for me was the talk on getting MMS right at home where the user group leads could share experiences. Next to that the event also brought back some of the best ingredients from the ‘old MMS’, for example the Configmgr State of the Union and the Jeopardy Quiz.

Overall this has been a really great event – except for the outside temperatures there are really no negatives I could think of. Winking smile

Although still to be confirmed I sincerely hope there will be a 2015 edition of this event! I for sure would love to attend!

Tip: looking for session content and want to grab it all in one shot? Check out this script to download the files.

Until next time!

Tim

UDM: Enrolling an iOS device step by step

August 29, 2014 Leave a comment

To be able to demonstrate Unified Device Management scenarios we recently added some new mobile devices to our demo environment. Amongst these devices are also iPads and iPhones which we had to enroll. The integration between Windows Intune and System Center 2012 R2 Configuration Manager was done earlier on.

Over-the-air enrollment of iOS devices is a rather straightforward process. In this blog post we will outline the step by step procedure to enroll an iPhone.

 

Enrollment

Time to fire up our iPhone 3GS and get started:

IMG_0003

First you need the get the Windows Intune Company Portal app from the App Store. Be aware that this app can only be installed on devices that are running iOS 6 or a later version.

 

IMG_0006

As soon as the Company Portal app is opened you will have to provide your user credentials and tap Sign In. We have ADFS implemented in our demo environment so we provide our AD credentials.

 

IMG_0007

So far so good – but at this point our device is not enrolled yet. The notification icon in the top right corner, and the blue ‘i’ icon on the device name indicate there are still further actions to be taken. Tap the icon at the top or the device name at the bottom.

 

IMG_0009

Tap Add this device.

 

IMG_0010

Tap Add in the top right corner.

 

IMG_0011

The device is being enrolled. This may take a minute.

 

IMG_0012

Tap the install button to install the management profile.

 

IMG_0013

A notification is displayed. Confirm by tapping Install Now.

 

IMG_0014

Tap Install in the top right corner.

 

IMG_0015

Profile installed successfully. Tap Done in the top right corner.

 

IMG_0016

And that is all there is to it!

 

image

The device then also becomes visible in the ConfigMgr console. Our ConfigMgr administrators are now able to manage this device.

 

Troubleshooting

 

If you encounter any problems during the enrollment process you can shake the iOS device to get a diagnostics screen. Make sure the Company Portal app is running when you start shaking.

IMG_0025

A diagnostics dialog box is shown where you can open up the log file for further analysis or email it.

 

Removing the profile

 

The management profile can be removed afterwards as well.  This is the out-of-the-box behavior. We can block the user from doing this but that is a subject for a future blog post.

 

IMG_0020

To remove the management profile go to Settings > General > Profile – Management Profile.

 

I hope you found this information helpful.

Until next time!

Tim

IT/Dev Connections 2014 Speaker

August 21, 2014 1 comment

In a few weeks I will be heading to Las Vegas for IT/Dev Connections. This conference is taking place at the Aria Resort from September 15th to the 19th.

With MMS being discontinued, this is an event I have been really looking forward to for the past few months. Next to being a first time attendee I am also honored to be able to deliver 2 sessions in the Windows track.

The Windows track has a great line-up of speakers and sessions, and the keynote for this track will be presented by Brad Anderson, Corporate VP at Microsoft (blog).

These are the session titles and abstracts of the sessions that I will be delivering:

Session 1 : System Center 2012 R2 Configuration Manager and Intune: Setup and deployment Notes from the field, with a focus on Single Sign on.

This session dives into what you’ll do at the server level to drive System Center 2012 R2 Configuration Manager and Windows Intune integration for mobile device management.

The session includes real-life experience from the field to set up a subscription, connectors, certificates, Active Directory Federation Services (AD FS 2.0/2.1/3.0), DirSync, and workplace join scenarios among all possible server configurations that enable mobile device management.

Learn best practices for setting up AD FS from the field for user authentication and Single Sign-On; prepare for the challenges if you invested in previous AD FS 2.0/2.1 and want to take advantage of AD …

Session 2 : Managing your hybrid Mobile cloud workforce demystified with System Center Configuration Manager 2012 R2.

Do you need to manage Windows 8.1/RT, including non-Microsoft mobile devices, with Microsoft’s UDM solution (Configuration Manager 2012 R2 plus Intune)? Do you need to provide functionality for deploying the new Intune extensions (such as email profiles), managing your MDM settings, configuring VPN and wireless profiles, and deploying certificates?

Compliance settings, company resource access, and Intune extensions delivered in Configuration Manager are mostly unexplored territory for the Configuration Manager administrator. In this session we’ll use numerous demos to demystify these features. …

I will be co-hosting these sessions together with my friend and ECM expert Kenny Buntinx. Both are currently scheduled on Wednesday September 17h. You can browse the full session catalog here.

Note that Kenny and myself will not be the only Belgians presenting at the conference. Also in the Windows track there will be 2 sessions from our fellow SCUG member Dieter Wijckmans and a session from Michael Van Horenbeeck. Together we will show some serious Belgian Community Power!

Interested? Registrations for the event are still open. Click here for details.

Hope to see you there!

Tim

Week in Review – CW31

August 3, 2014 Leave a comment

Time for my weekly wrap-up of stuff to catch up with:

See you next week!

Tim