Forum Discussion
Endpoint privilege management, deployment unsuccessful with "device health monitoring" error
Mmm okay.. if someone could install fiddler on his device, enable https decyrption and watch the repsons… i am all ears!!!! (I ran fiddler as the current user with admin permissions)
Because it should show you the discovery (which succeeds as it mentions the cert pinning) but I am wondering what happens or what it mentions in the response( as it should mention the enrollment.dm part)
Feel free to reach out on teams: email address removed for privacy reasons
Rudy_Ooms_MVP I have exactly the same issue. My device can't get dual enrolled with 4022 error :Failed to enroll MMP-C for dual enrollment mode. Result: (The endpoint address URL is invalid.)..
And there's no SSL Inspection, can you please give me some advice to dual enroll it?
i would rather configure it with a csp in intune to be 100% sure it will be targetted at the proper enrollment instead of the localmdm one:
OMAURI: ./Device/Vendor/MSFT/DMClient/Provider/MS%20DM%20SERVER/LinkedEnrollment/DiscoveryEndpoint
Type: string
Value:
https://discovery.dm.microsoft.com/EnrollmentConfiguration?api-version=1.0">https://discovery.dm.microsoft.com/EnrollmentConfiguration?api-version=1.0But looking at the response you got 405... this discovery URL shouldn't be the main issue.
Your best option is to install fiddler just like i did,to find out what error it gets when it reaches out to the service
Because the error you got, was exactly the same as the k12 schools got.. so that's why i am wondering about the actual domain name (as that domain name is sent over in the request)
MMP-C Discovery failed | No valid Endpoint | EPM (call4cloud.nl)
IF you don't know how send me a pm (teams /x) to set it up
I see, I am surely can tell you that there's only one dot in the domain name.
- I mean your corporate bought domain which you use… just like email address removed for privacy reasons
- Oh, and the domain name is like abcd00000000.onmicrosoft.com
- Yeah I tried to replace it as you said, but it shows 405 status because there's no "DiscoveryEndpoint" Data with the LocURI.
-----------------
PS C:\Windows\system32> Send-localmdmrequest -OmaUri ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/LinkedEnrollment
CmdId : 4
Cmd : Get
Status : 200
OmaUri : ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/LinkedEnrollment
Data : Enroll/Unenroll/Priority/LastError/EnrollStatus
PS C:\Windows\system32> $test3 = @"
>> <SyncBody>
>> <Replace>
>> <CmdID>2</CmdID>
>> <Item>
>> <Target>
>> <LocURI> ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/LinkedEnrollment/DiscoveryEndpoint</LocURI>
>> </Target>
>> <Data>https://discovery.dm.microsoft.com/EnrollmentConfiguration?api-version=1.0</Data>
>> </Item>
>> </Replace>
>> </SyncBody>
>> "@
PS C:\Windows\system32> send-localmdmrequest -SyncML $test3
CmdId : 5
Cmd : Replace
Status : 405
OmaUri : ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/LinkedEnrollment/DiscoveryEndpoint
Data : - The first blog i mentioned in the repsonse will show you how to manaully configure it with a csp
Rudy_Ooms_MVP Hi, Thanks for the reply.
I read your blog and noticed that DiscoveryEndpoint is missing on my device.
The SyncML Cmd for Replace resoponsed 405 status.
There're EnrollState, LastError (0x803d0020), MMPLocked (1) in the LinkedEnrollment.
I was trying to set the discoveryendpoint csp by Intune custom policy but it failed because the OS is not Insider Preview.
Can you please tell me how to set the discoveryendpoint csp manually?
Many Thanks..
Hi... 1.. what is the domain name you use?
2...what happens when trying to manually configure the discoveryendpoint?
https://call4cloud.nl/2023/11/in-the-shadow-of-the-discoveryendpoint/Also this blog contains the exact steps the process goes through
MMP-C Discovery failed | No valid Endpoint | EPM (call4cloud.nl)