Forum Discussion
InTune management extension SecureChannelFailure (Could not create SSL/TLS secure channel)
I'm experiencing networking problem when Microsoft Endpoint manager is trying to deploy InTune management extension from https://endpoint.microsoft.com/ to a Win10 device within a company network. ...
These are all the url's / IP's that you need to be able to access https://docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints . Also check the list of CDN's that should be accessible for Win32App/PowerShell scripts (And the Intune Management extension is installed on a client when using those).
- Thanks for the tip Harm.
I have a feeling that my problems are related to the "The inspection of SSL traffic is not supported to 'manage.microsoft.com' endpoint." note, since the network in question uses a custom root certificate to inspect SSL traffic.
Is there a way to verify that assumption by enabling more verbose logging or similar?- Not sure if you can enable more verbose logging, can you bypass manage.microsoft.com in your firewall for testing purposes? If you deploy the Windows 10 device using a guest network/Wi-Fi hotspot or on another location without inspection, it does work then?
I've already verified that InTune management extension seem to work fine when deploying from a public network. I'm therefore quite sure that this problem is tied to proxy and/or SSL inspection restrictions on the company network in question.
This still leaves me with the problem of more accurately pin-pointing the concrete problem. I'll need to know exactly what/how the management extension is failing in order to submit a change request for the company network infrastructure setup. Preferable with a minimal reproducer. Is this something you can help me with?
