Tag Archives: Intune

The Connector Update Service failed to check for an update. If this error persists, please use the following link to verify that all necessary ports are open in your firewall: https://go.microsoft.com/fwlink/?linkid=843463. For more details, please see our troubleshooting page: http://go.microsoft.com/fwlink/?LinkID=512316&clcid=0x409. Additional details: ‘Unable to connect to the remote server’.

Posted on by
Reply

Hi Guys,

I have been working with Microsoft Azure AD Application Proxy connector lately to publish Applications in the Azure and I came across an issue that although the Microsoft Azure AD Application Proxy connector was installed and running on the on-premise server, it was not fully functional with the Microsoft Azure AD Application Proxy portal.

Error location: Event Viewer> Applications and services logs>Microsoft>AadApplicationProxy>Updater

Error log: The Connector Update Service failed to check for an update.
If this error persists, please use the following link to verify that all necessary ports are open in your firewall: https://go.microsoft.com/fwlink/?linkid=843463.
For more details, please see our troubleshooting page: http://go.microsoft.com/fwlink/?LinkID=512316&clcid=0x409.
Additional details: ‘Unable to connect to the remote server’.

 

 

 

Root cause: once you install the Microsoft Azure AD Application Proxy connector, its adds 2 Services to your host server the Microsoft AAD Application Proxy Connector and the Microsoft AAD Application Proxy Connector Updater.

 

However it appears that the Microsoft AAD Application Proxy Connector Updater service requires access to the Service Bus control channels that the connector service uses also require connectivity to specific IP addresses. This is the official line from Microsoft until Service Bus moves to an FQDN instead. My client was not happy but here are the options to resolve the issue.

Solution: There are two solutions

  • Configure connectors config to bypass your on-premises outbound proxies.
  • Configure connectors config to use an outbound proxy to access Azure AD Application Proxy.

This is the official Microsoft Link for Configuring both options: Application-proxy-working-with-proxy-servers

However what I found was that you are better off using a bit of both during the installation of the Azure AD Application Proxy connector because most proxy solution like Bluecoat, you can whitelist the URLs but not the IP range.

Actually more Urls popped up than Microsoft has listed because the Urls keep bouncing from one domain to another which is secure but hard to manage.

  1. //management.azure.com/
  2.  //*.azure.com/
  3.  //*.microsoftonline.com/
  4.  //login.microsoftonline.com/
  5.  //login.windows.net/
  6.  //*.microsoft.com/
  7.  //portal.azure.com/
  8.  //www.microsoft.com/
  9.  //microsoft.com/
  10.  //symcb.com/
  11.  //ocsp.verisign.com/
  12.  //crl.verisign.com/
  13.  //symcd.com/
  14.  //*.msappproxy.net/
  15. //*.servicebus.windows.net

Once you verify that the Connector services has installed successfully and Running.

Check that both Service have installed

 

 

 

 

 

 

 

 

Then you need to Allow the connector outbound access to Azure datacenter IP ranges. from your Azure Application Proxy connector server only for Security reason obviously.

Only then will the Azure AD Application Proxy Connector work with the Azure AD Application Proxy service.

Ms Intune-New end-user experience: Conditional access for Exchange Online

Posted on by
1

Microsoft  updated the experience for iOS, Android, and Windows Phone 8.1 users who were blocked from accessing Exchange Online using native Exchange ActiveSync email clients because their devices are not enrolled or compliant with policy. When users are blocked, they will receive an email from Exchange with a link to open the Microsoft Intune Company Portal app (iOS and Android) or the Company Portal website (Windows Phone 8.1). The new guided workflow will take users through the steps for enrolling and addressing any compliance issues. This update won’t affect users who already have access to email.

You can read this blog update by Microsoft to Conditional Access for Exchange Online using Microsoft Intune

Previous blog post “Conditional Access for Exchange Online using Microsoft Intune” has now been updated to include the new improved user experience.

iOS devices APN certificate request error when signing to Intune SCCM 2012 R2

Posted on by
1

This is a fix to the issue – Purge APNs certificate data in SCCM SQL Database

intune2
In Configuration Manager, disable iOS inside of the Windows Intune Connector.

Go to “Administration > Cloud Services”
Right click the Intune subscription in the right pane and select “Properties” to get a popup window.

 

 

intune

On the “iOS” tab, uncheck “Enable iOS Enrollment”.

 

 

 

 

 

 

 

 

On your SCCM SQL server login with a service account that can Read and write to the SCCM Database and run the script listed.

  1. update SC_ClientComponent_Property set Value2 = ” where Name like ‘%APNS%’
  1. delete from MDMPolicy where PolicyType = 7
  1. delete from MDMPolicyAssignment where PolicyType = 7
  1. update SC_ClientComponent_Property set Value2 = ” where Name like ‘%APNS%’
  1. delete from MDMPolicy where PolicyType = 11
  1. delete from MDMPolicyAssignment where PolicyType = 11

DELETE Drs_Signals

On your primary SCCM server recreate APNs Certificate request again