Connector for Active Directory enrollment fails
Hi all,
My customer is unable to enroll its Intune Connector for Active Directory.
Once he signs in the UI keeps coming back to the enrollment page. I had a look at the ODJConnectorUI.log file but I don't understand why does the connection close:
"ODJ Connector UI Information: 0 : User clicked on SignIn
DateTime=2021-12-02T09:31:21.9240384Z
ODJ Connector UI Information: 0 : Navigating to URL https://portal.manage.microsoft.com/Home/ClientLogon
DateTime=2021-12-02T09:31:21.9240384Z
ODJ Connector UI Information: 0 : Browser loaded page https://portal.manage.microsoft.com/Home/ClientLogonSuccess
DateTime=2021-12-02T09:31:23.4746356Z
ODJ Connector UI Information: 0 : Getting the URL for EnrollmentService from https://manage.microsoft.com/RestUserAuthLocationService/RestUserAuthLocationService/ServiceAddresses
DateTime=2021-12-02T09:31:23.5296295Z
ODJ Connector UI Error: 2 : ERROR: Enrollment failed. Detailed message is: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at ODJConnectorUI.Enrollment.GetURLFromLocationService(String userToken, String LSUrl, String key)
at ODJConnectorUI.Enrollment.webBrowser_LoadCompleted(Object sender, NavigationEventArgs e)
DateTime=2021-12-02T09:31:23.5747625Z"
I tried multiple reinstall but I keep getting the same error.
The connector is installed on a fully updated Server 2019 (en-US), intune endpoints URLs are opened, the user is Intune Administrator and has an Intune license.
- OK I finally figured out what was the problem: one URL is missing in the Microsoft doc for Intune network requirements.
Indeed, the doc tells us to allow "*.manage.microsoft.com" but does not mention "manage.microsoft.com", which is not included in "*.manage.microsoft.com" because of the dot before. Once the network team added manage.microsoft.com, everything went fine!