VPN certificates for iOS devices failed to deploy

Copper Contributor

Hi all,

 

I'm facing an issue with VPN certificates for iOS devices. The problem is the following:


VPN certificates are not delivered to user iOS device and the management profile does not appear on his iOS devices after installing the VPN management profile.
This happens multiple times already and the only workaround that we have is to reboot the server where the connector host is located.
We are not able to gather any logs, because no logs appear on the PfxRequest in the Failed folder or in the Processing folder.
Also we are not able to find errors in Intune admin center.

 

 

Any suggestions?

 

Tnx,

Filip

4 Replies

Hi @Filip_Mishkoski,

here are some steps you can try first when you're facing issues with VPN certificate deployment for iOS devices in Intune:

  1. Recheck Certificate Settings:

    • Verify that the VPN certificate profile in Intune is configured correctly. Pay attention to details such as the certificate name, expiration date, and target devices.
  2. Device Enrollment:

    • Make sure that the iOS devices are enrolled in Intune and have the correct profiles applied. Ensure that the devices are properly connected to the internet and can communicate with the Intune service.
  3. Retry Certificate Deployment:

    • In the Intune admin center, try re-sending the VPN certificate profile to the affected iOS devices. Sometimes, retrying the deployment can resolve the issue.
  4. Device Restart:

    • On the iOS devices, try restarting them. Occasionally, a simple restart can help in applying profiles and certificates correctly.
  5. Check Device Storage:

    • Ensure that the iOS devices have sufficient storage space available. A lack of storage can sometimes prevent the installation of profiles and certificates.
  6. Clear Existing Profiles:

    • If there are any existing VPN profiles on the iOS devices, consider removing them before deploying the new certificate profile.
  7. Manual Certificate Installation:

    • As a temporary workaround, you can try manually installing the VPN certificate on the iOS devices by sending the certificate file to the user via email or a file-sharing service. The user can then install it manually in the device's settings.
  8. Contact Apple Support:

    • If the issue persists and you suspect it may be related to the iOS devices themselves, consider contacting Apple Support for assistance. They may be able to provide guidance specific to iOS device-related problems.
  9. Reinstall Intune Connector:

    • If none of the above steps work, you can try uninstalling and reinstalling the Intune Connector on the server where it's hosted. Sometimes, this can resolve communication issues between Intune and the server.

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

Dear,

@ LeonPavesic this was all checked and the issue still is going on.

Any idea on how to create a notification for failed deployment on VPN certificates?
At least the admin side like this will be notified if a failure happens.

Tnx a lot.

Kind regards

Filip M

Hi @Filip_Mishkoski,

thanks for your update.

Intune does not have a built-in feature tailored for this particular situation, but you can try to employ Microsoft's Power Automate (formerly known as Microsoft Flow) to design a workflow that sends an email notification when a deployment encounters a failure.

Here's a basic outline of how you can configure it:

  1. Access Power Automate: Visit the Power Automate website and log in with your administrative credentials.

  2. Initiate a new workflow: Navigate to "My flows" in the left menu, click "+ New," and choose "Automated from blank."

  3. Establish the trigger: Search for "Intune" in the search box and select the "When a device configuration deployment state changes" trigger. This trigger will initiate the workflow whenever the state of a device configuration deployment changes in Intune.

  4. Incorporate a condition: Add a new step and search for "Condition." In the condition, specify that the workflow should proceed only if the deployment state is "failed."

  5. Configure the action: If the condition is met (indicating a failed deployment), include an action to dispatch an email. Search for "Send an email" and input the email details, including the recipient (admin), subject, and body. Include pertinent details about the unsuccessful deployment in the email.

  6. Save the workflow: After configuring everything, remember to save the workflow.

Perhaps you can create a discussion here: Power Automate - Microsoft Community Hub


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

Hi @LeonPavesic

 

Thank you for your suggestion, I think this can be viable solution for the notification part, but unfortunately I don't see the option "Automated from blank". I can only see these options when I open "New flow ".

Filip_Mishkoski_0-1699953352776.png

When i tried "Automated cloud flow" i wasn't able to find Intune there I'm I missing something?

 

Kind regards,

 

Filip M