Forum Discussion
Devices not connecting to WPA2 Enterprise (EAP-TLS) wireless network automatically
I believe that there is an engineering issue with certificate authentication and the WiFi profiles on iOS (an organisation that I work with has an open product support call).
It looks like the configuration profile is only accepted by iOS devices if the root cert is the issuing CA for the SCEP certificate. In an enterprise with tiered CA's and a mix of certificate trust relationships then that just doesn't work.
Get a support call logged and add your name to the list of customers with this issue.
I believe that there is an engineering issue with certificate authentication and the WiFi profiles on iOS (an organisation that I work with has an open product support call).
It looks like the configuration profile is only accepted by iOS devices if the root cert is the issuing CA for the SCEP certificate. In an enterprise with tiered CA's and a mix of certificate trust relationships then that just doesn't work.
Get a support call logged and add your name to the list of customers with this issue.
- Hi Andrew,
Did you make any headway with Microsoft regarding the support call the organisation you work with has open?The case is still with Engineering as far as I know. I would advise opening your own support case.
This might need a change from Apple because the options to create a Wi-Fi profile with the correct root certificates are missing from the Apple configurator.
I do have my own case open... for the past 40 days now but support has been slow.
Interestingly, devices enrolled yesterday have started connecting to the Wi-Fi network automatically since I had a chat with an escalation engineer and even though I haven't made any changes to the profiles so perhaps it's being resolved on the backend. I'll see if this happens consistently as more users enrol onto Intune in the next few weeks. Hopefully it does.
Thanks Andrew.
I've been banging my head against the wall with this issue for a couple weeks.
I've opened a case with Microsoft so hopefully, they shed some light on the issue soon.
Do you know whether there are any public comms on the issue? Do you know whether it's primarily an Intune issue, iOS or a bit of both?
There is no public comms because Microsoft support are treating it as an edge case.
The issue appears to be partially Intune and partially iOS. An identical configuration profile works on Android because Android does not appear to care about certificate trust!
Thanks Andrew,
I thought as much. My next step was to deploy to Android devices when I'm back on site to see whether I encountered the same issue.
Let's see what Microsoft support comes back with.
