Forum Discussion
Android Enterprise SCEP user and device issuing errors
Hi,
We are attempting to deliver Android Enterprise SCEP certificates (both user and device based) and both seem to fail. We have our environment set up for iOS SCEP and Android Device Admin SCEP certificates and they work fine. Using the same settings in the Android Enterprise profiles they fail with the error of "0 (No error code)" Does anyone know of anything that might be causing this? I reached out to the networking team to look in the logs, but they don't see any that sticks out that would cause this to fail.
Any news on this? hitting the same wall atm 😃 kkeirstead
Edit, posted a summary of my problem.
I got a couple of Samsung Galaxy 6 tabs that are enrolled with knox into Dedicated devices in Intune. They are configured as Kiosk devices with managed homescreen. They are fully patched to Android 10, latest updates.I try to deploy SCEP device certificates to them for Wifi auth. I got the backend infrastructure setup with ndes, ca, Intune cert connector and an azure app proxy., We are using User certificates on our Android Work Profile phones, iPads and iPhones from the same backend.I get my root CA certificate deployed to the device.But i can't understand why i don't get a scep device cert, in intune the only error i can see is "Error 0" in my profile configuration status. I went through the ndes logs and there i can see a connection to the web server with result 200 from my Android device which should be that it's Ok. Then nothing else, no requests are being made to the CA and nothing in the other logfiles.In the scep settings i'm not sure what configuration i should use.I've tried alot of different settings in the Subject name format and alternative name Right now i have CN={ {AAD_Device_ID} } for Subject name format and Subject alternative name UPN { [AAD_Device_ID} }@domain.local. These im not sure about. I read that i need UPN to get wifi working when i actually get the cert.Rest of the configuration is identical to the working User Certs. Certificate validity period1 YearsKey usageKey encipherment, Digital signatureKey size (bits)2048Hash algorithmSHA-1, SHA-2Renewwal threshold20SCEP Server Urlshttps://"myserver".msappproxy.net/certsrv/mscAny ideas?pejtan66 I wish I had more information to give you. The main issue we were having is the root cert we were deploying didn't match the root certificate on the NDES server.
I am seeing some successful deployments on some devices but on others I'm seeing the same "Error 0" error on those devices. I can't tell what would be different between those devices, they are enrolled into the same profile, the same OS and the same tablet type.
- Did you ever find a solution to this? I have the exact same problem now.
Update from me, maybe it helps someone else.
Our issue was because of something wrong with the certificate template.
When we created a new one it worked.
Was there a specific setting with the certificate template that you can share? We are having the same issue with Android Enterprise with trying to deploy device certs. iOS works for both user and device but Android will not get a certificate. We have been working with Microsoft ...sharing logs and verifying settings, but no resolution so far.
