Forum Discussion
Starting Wait for ODJ Blob
- The laptop has a connection to Endpoint Manager, gets the enrollment profile and the Intune connector is listening for Hybrid Join events. If needed, it will do an Offline Domain Join by sending the computer account blob to Endpoint Manager which sends it to the client. There is no direct connection between the laptop and Intune Connector needed,
Does the server which runs the Intune Connector have internet access to all the URLs mentioned in the deployment guide?
No, it does not have Internet access. Only opened to those URLs that were mentioned in the network requirements. Should it have Internet access? Ain't we exposing this then to the Internal network?
Yes, Harm. We followed the Network Requirements documents
https://docs.microsoft.com/en-us/mem/autopilot/networking-requirements
https://docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints
Other than that nothing. Only Microsoft location it goes to everything else is denied. I also see that this is there in the certificateConnectors event log
CertificateConnector:
Failed to retrieve URL
System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Management.Services.ConnectorCommon.ServiceLocator.RetrieveServiceLocations(Uri LocationServiceUri)
at Microsoft.Management.Services.ConnectorCommon.ServiceLocator..ctor(String serviceBaseUrl, X509Certificate2 channelEncryptionCert, IWebProxy proxy)
at Microsoft.Management.Services.ConnectorCommon.UrlManager.GetUrlCallback()
- It should have at least access to the URLs mentioned in the installation instructions. Are you sure that they are all open, firewall logs show nothing when trying to deploy a machine?
Could also be that TLS1.2 is not enabled on the server...- I do see that it is enabled TLS1.2\Client\ Enabled
- Do you use SSL inspection on the firewall or have an antivirus solution blocking things?