Forum Discussion
Starting Wait for ODJ Blob
- The laptop has a connection to Endpoint Manager, gets the enrollment profile and the Intune connector is listening for Hybrid Join events. If needed, it will do an Offline Domain Join by sending the computer account blob to Endpoint Manager which sends it to the client. There is no direct connection between the laptop and Intune Connector needed,
Does the server which runs the Intune Connector have internet access to all the URLs mentioned in the deployment guide?
Harm_Veenstra This time after ensuring that the service account is all set correct and tried again and I got this error message.
- Does the server that runs the connector have internet access? Does the ODJ event log show anything?
No, it does not have Internet access. Only opened to those URLs that were mentioned in the network requirements. Should it have Internet access? Ain't we exposing this then to the Internal network?
Yes, Harm. We followed the Network Requirements documents
https://docs.microsoft.com/en-us/mem/autopilot/networking-requirements
https://docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints
Other than that nothing. Only Microsoft location it goes to everything else is denied. I also see that this is there in the certificateConnectors event logCertificateConnector:
Failed to retrieve URL
System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Management.Services.ConnectorCommon.ServiceLocator.RetrieveServiceLocations(Uri LocationServiceUri)
at Microsoft.Management.Services.ConnectorCommon.ServiceLocator..ctor(String serviceBaseUrl, X509Certificate2 channelEncryptionCert, IWebProxy proxy)
at Microsoft.Management.Services.ConnectorCommon.UrlManager.GetUrlCallback()
- Should this server have Internet access? Isn't it not risky to do this.
