Forum Discussion
kkeirstead
Mar 09, 2020Copper Contributor
Android Enterprise SCEP user and device issuing errors
Hi, We are attempting to deliver Android Enterprise SCEP certificates (both user and device based) and both seem to fail. We have our environment set up for iOS SCEP and Android Device Admin SCEP...
pejtan66
May 12, 2020Copper Contributor
Any news on this? hitting the same wall atm 😃 kkeirstead
Edit, posted a summary of my problem.
I got a couple of Samsung Galaxy 6 tabs that are enrolled with knox into Dedicated devices in Intune. They are configured as Kiosk devices with managed homescreen. They are fully patched to Android 10, latest updates.
I try to deploy SCEP device certificates to them for Wifi auth. I got the backend infrastructure setup with ndes, ca, Intune cert connector and an azure app proxy., We are using User certificates on our Android Work Profile phones, iPads and iPhones from the same backend.
I get my root CA certificate deployed to the device.
But i can't understand why i don't get a scep device cert, in intune the only error i can see is "Error 0" in my profile configuration status. I went through the ndes logs and there i can see a connection to the web server with result 200 from my Android device which should be that it's Ok. Then nothing else, no requests are being made to the CA and nothing in the other logfiles.
In the scep settings i'm not sure what configuration i should use.
I've tried alot of different settings in the Subject name format and alternative name Right now i have CN={ {AAD_Device_ID} } for Subject name format and Subject alternative name UPN { [AAD_Device_ID} }@domain.local. These im not sure about. I read that i need UPN to get wifi working when i actually get the cert.
Rest of the configuration is identical to the working User Certs. Certificate validity period
1 Years
Key usage
Key encipherment, Digital signature
Key size (bits)
2048
Hash algorithm
SHA-1, SHA-2
Renewwal threshold
20
SCEP Server Urls
https://"myserver".msappproxy.net/certsrv/msc
Any ideas?
kkeirstead
May 19, 2020Copper Contributor
pejtan66 I wish I had more information to give you. The main issue we were having is the root cert we were deploying didn't match the root certificate on the NDES server.
I am seeing some successful deployments on some devices but on others I'm seeing the same "Error 0" error on those devices. I can't tell what would be different between those devices, they are enrolled into the same profile, the same OS and the same tablet type.
- tseipMar 30, 2021Copper ContributorDid you ever find a solution to this? I have the exact same problem now.