@M360 , From your description, it seems when we manually connect the WIFI with the certificate deployed via Intune. It is working. But when we deploy the WIFI profile, it failed. If there's any misunderstanding, please let us know.
I notice we have Cisco ISE. Is it the one which mentioned in the following link? If so please ensure Integrate Cisco ISE MDM with Microsoft Intune is done.
https://community.cisco.com/t5/security-documents/how-to-integrate-cisco-ise-mdm-with-microsoft-intune/ta-p/4187375
Note: Non-Microsoft link, just for the reference.
On device side, it will make several attempts but not connect. Could you check on the network to see if the request have passed to WiFi server and what is the error we get?
If there's any update, feel free to let us know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello @M360 ,
I am having the same issue with iOS devices connecting to SSID with EAP-TLS authentication.
What we have is a global Root CA, with an intermediate CA and a NAC server using a dedicated certificate.
Should I had more to the Wi-Fi profile, such as Root CA URL or FQDN, Intermediate CA URL or FQDN, and/or fingerprints of those certificates ?
To cross test this, I created a second SSID to test the manual mode. Once all the right certificates are deployed onto iOS, the manual authentication using PKCS works perfectly. I am down to the actual Wi-Fi profile into Intune.
What worked for you ? Could you be a little more specific ?
Thanks in advance,
Wow! I've been looking at this EXACT issue all week and you have saved me a load of troubleshooting time. Adding the SHA1/SHA2 fingerprints worked for me also. I have no idea why this would be needed though! Did you log this to MS support?
Wow! I've been looking at this EXACT issue all week and you have saved me a load of troubleshooting time. Adding the SHA1/SHA2 fingerprints worked for me also. I have no idea why this would be needed though! Did you log this to MS support?
Sign in to comment