ADFS & Workplace Join & Intune : "Profile Installation Failed" error when iOS device is Workplace Joined by using DRS on a Windows Server 2012 R2-based server

August 21, 2014 at 4:59 am in ADFS, ADFS 3.0, CM12, CM12 R2, CM12 SP1, intune, MDM, SCCM 2012, SCCM 2012 R2, SCCM 2012 SP1, UDM, Workplace Join by Kenny Buntinx [MVP]

Hi,

We’ve got in our lab environment our 2012 R2 Workplace Join environment up & running with one Windows 8.1 client successfully browsing the claims app. When we tried to workplace join an IPAD device, it could go as far as the Workplace Join screen.

If you want to know what ‘Workplace join’ is and how to manage it, please visit my earlier blog post at  http://scug.be/sccm/2014/05/20/workplace-join-with-adfs-3-0-device-registration-services-and-our-workplace-join-hitman-powershell-app-to-the-rescue/

Attempt to install the profile resulted in two different errors:

– On the Ipad you should see the profile install fail on the iPad. Assuming that the Apple iOS device is configured by using the over-the-air enrollment. An Apple certificate for the IOS device is expired. In this situation, you receive an error message that resembles the following: ‘Profile Installation Failed the server certificate for federation server name/otaprofile/profile?operation=enroll is invalid.’

– If I look on the ADFS WAP server , I see the following issue in the eventvwr

clip_image001

There are two main places you can start when troubleshooting an iOS-specific issue. 

1) The DRS event logs on the AD FS server.  May shed some light as to what is wrong.
2) The iOS device logs.  You’ll need to download the iPhone Configuration Utility (works with iPads as well).  http://support.apple.com/kb/DL1466

Microsoft has released a Hotfix for this http://support.microsoft.com/kb/2970746. Make sure to download and install it !

Hope it Helps ,

Kenny Buntinx

Enterprise Client Management MVP

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest