Hybrid scenarios with System Center Configuration Manager 2012 R2 – Windows Intune – ADFS – WAP – NDES – Workplace Join: Hotfixes you really need in your environment.

December 29, 2014 at 8:26 pm in ADFS, ADFS 3.0, CM12, CM12 R2, CM12 SP1, ConfigMgr, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 SP1, EMS, hybrid, intune, Intune Standalone, sccm, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1, WAP by Kenny Buntinx [MVP]

 

To make the most out of you’re lab or production environment when going to implement several features that are combined when using System Center Configuration Manager 2012 R2 and Intune for mobile workforce deployment, I will advise you to install the following hotfixes :

For your System Center Configuration manager 2012 R2 environment and Windows Intune connector:

 

1. Install Cu3 KB2994331 . A lot of things are fixed in each Cu , but not every fix is noted down in the release notes. It is therefore very important that you install the latest cumulative updates in general !

Why CU’s Matter (again ! ) –> Pre CU3 NDES templates need to be recreated > Re-targeting from device to user is not sufficient as there no good migration happening when upgrading from Cu1 or Cu2 !

2. Install KB article 2990658 . This hotfix greatly reduces the time that’s required to execute a successful retire or wipe of an MDM device by using a notification to "push" these tasks. Without this hotfix, retire and wipe operations could require 24 hours to run successfully, because they relied on a "pull" mechanism of this frequency . This hotfix will probably included when the next Cumulative Update will be released.

3. Install KB article 3002291 . This hotfix will fix when a user becomes a cloud-managed user In Microsoft SystemCenter 2012 R2 Configuration Manager, a settings policy may not target the assignment for the user.

For your ADFS and WAP (Web Application Proxy) with Server 2012 R2 environment:

 

1. To fix the "Profile Installation Failed" error when iOS device is workplace-joined by using DRS on a Windows Server 2012 R2-based server , look at Knowledgebase article 2970746 and make sure you deploy KB2967917 on your WAP Server , which is the July 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 .

2.  To fix the “Large URI request in Web Application Proxy fails in Windows Server 2012 R2” when deploying and NDES server thru the Web Application Proxy (WAP) , look at Knowledgebase article 3011135 (Issue found and resolved by Pieter Wigleven) and make sure you deploy KB3013769 on your WAP Server , which is the December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

For your CA (certificate Authority) infrastructure when you want to use NDES:

 

1. The issuing CA needs to be Windows Server 2008R2 (with KB2483564) or preferable with a Windows Server 2012 R2 OS.

 

Hope it Helps ,

Kenny Buntinx

Enterprise Client Management MVP

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest