Forum Discussion
Solved
Connector for Active Directory enrollment fails
Hi all, My customer is unable to enroll its Intune Connector for Active Directory. Once he signs in the UI keeps coming back to the enrollment page. I had a look at the ODJConnectorUI.log file but ...
- OK I finally figured out what was the problem: one URL is missing in the Microsoft doc for Intune network requirements.
Indeed, the doc tells us to allow "*.manage.microsoft.com" but does not mention "manage.microsoft.com", which is not included in "*.manage.microsoft.com" because of the dot before. Once the network team added manage.microsoft.com, everything went fine!
Do you have access to firewall logs to see if anything is blocked / Can you temporarily allow everything from that machine from inside to outside network? Logging into portal.office.com does work on that server?
Did you turn IESC off?
Follow these steps to disable Internet Explorer Enhanced Security Configuration:
On the computer the agent is installed (Windows Server operating system), open Server Manager.
Navigate to the Internet Explorer Enhanced Security Configuration window.
Select the Off option under Administrators.
Click OK.
Did you turn IESC off?
Follow these steps to disable Internet Explorer Enhanced Security Configuration:
On the computer the agent is installed (Windows Server operating system), open Server Manager.
Navigate to the Internet Explorer Enhanced Security Configuration window.
Select the Off option under Administrators.
Click OK.
Hi! Unfortunately I don't have access yet to the firewall logs. I would love to allow everything temporarily but my customer is a huge company with a cautious security team...
Yeah I disabled IESC, I even tried to force TLS 1.2 using the registry, still no clue...
I also have doubts about the network but the security team claims all Intune URLs are opened.
I can't access to portal.office.com from this server, since this is not a required URL for Intune, but I have access to config.office.com.
Yeah I disabled IESC, I even tried to force TLS 1.2 using the registry, still no clue...
I also have doubts about the network but the security team claims all Intune URLs are opened.
I can't access to portal.office.com from this server, since this is not a required URL for Intune, but I have access to config.office.com.
- You could try running the setup again with a tcpview.exe running (Ihttps://docs.microsoft.com/en-us/sysinternals/downloads/tcpview) and filter the setup executable in there. You can see there if it can open certain fqdn's or not