EAP-TLS Wi-Fi / PKCS certificate profile to Android device not working

Frits Compatibill 26 Reputation points
2022-02-28T15:52:56.657+00:00

We want to deploy a new WiFi network for our customer using Android devices, using Endpoint Manager.

We created 4 new configuration profiles:

  • trusted root certificate from our CA server to all devices. Succesfully received by the Android device
  • trusted intermediate certificate from our CA server to all devices. Succesfully received by the Android device
  • wifi profile - new WiFi profile with EAP-type: EAP-TLS selected and set to a group of users - Keeps failing to distribute. No error message.
  • pkcs certificate profile - receive a client certificate from ca-server set to a group of users - Keeps pending status.

When we perform these step manually on the Android device it works perfectly.
Something wrong with the deployment?

Microsoft Intune Application management
Microsoft Intune Application management
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Application management: The process of creating, configuring, managing, and monitoring applications.
894 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,475 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Crystal-MSFT 44,411 Reputation points Microsoft Vendor
    2022-03-01T01:47:10.707+00:00

    @Frits Compatibill , Thanks for posting in our Q&A. From the information you provided, it seems the PKCS certificate and WiFi profile deployment are not successfully.

    For our issue, as the user or device certificate is needed in the WiFi profile, we can firstly check on the PKCS certificate deployment.

    In General, when the PKCS certificate profile is deployed to the device, the Intune service will ask Intune Certificate Connector to create the certificate for the user. send the request to CA, CA will issue the certificate and send it to Intune Certificate connector.And this certificate will be uploaded to Intune. Intune will re-encrypt the certificate and send it to the device. After all, the device will report the status to Intune.

    To know which stage it is pending, we need log analysis. Here is a link with detailed information for the reference:
    https://learn.microsoft.com/en-us/troubleshoot/mem/intune/troubleshoot-pkcs-certificate-profiles

    To ensure your data is protected, if you need any help with log analysis, you can open case which is free to troubleshoot it. Here is a link to guide how to open case for the reference:
    https://learn.microsoft.com/en-us/mem/get-support

    Hope it can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Frits Compatibill 26 Reputation points
    2022-03-04T14:43:16.01+00:00

    I have looked in the wrong place.
    I found the NDESConnector logging. How to open?
    And is there a certain thing to look for?