Xamarin.Android specific: Error Code 53000, but device is compliant.
Prerequisites:
Android phone with V12
Setup Microsoft Intune company portal
Register your device with InTune successfully
Microsoft credentials or account to log in
Expected Result: I want a user to log in with a Microsoft account and fetch a user token, given that I have access to login with a Microsoft account when Intunes is configured on Android Phone.
Actual Result: The login is successful with a domain account if not enrolled in https://endpoint.microsoft.com/#home. When the user uses the registered domain, the mobile application takes the user to the "set up your device to get access" page and it asks to register in the InTune application even though the specific device is registered.
Below is the Error details
Error Code: 530003
Request Id: 1bc3c...70500
Correlation Id: 333...1a1b2
Timestamp: 2022-03-28T23:06:42.840Z
App name: XXXXXX
App id: 708c...87c0
Device identifier: Not available
Device platform: Android
Device state: Unregistered
NOTE:
- Followed this tutorial here - https://github.com/Azure-Samples/active-directory-xamarin-native-v2 (used this one, "1-Basic")
- I have also tried the second approach (2-With-broker) in the above link but no results, the Android specif issue still exists as I was a bit unsure which I use to pick as per my requirement.
Can someone suggest the right pick? - iPhone has no issues logging in when I use ".WithUseEmbeddedWebView(false)". With this set to true, iPhone has the issue like in Android. However, this making it false or true didn't work out for Android.
Overall, it is said to be worked when Admin can see the device ID under Device info in the https://endpoint.microsoft.com/#home
Xamarin
Microsoft Intune
Microsoft Entra ID
-
Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 42,431 Reputation points • Microsoft Vendor
2022-03-30T05:52:58.337+00:00 I've tested the repo in my Android Emulator with Android 12 and Android 11, both work fine in my testing.
Error Code 530003 means Access has been blocked due to conditional access policies, please make sure you already have access.
Device State: Unregistered
Refer to Microsoft Edge identity support and configuration, you can try to sign in your account in the browser firstly.
-
Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 42,431 Reputation points • Microsoft Vendor
2022-04-01T06:20:43.15+00:00 I have not heard from you for a couple of days. Please let me know if there is anything that I can help here.
-
MVS 21 Reputation points
2022-04-01T10:45:41.293+00:00 Hey, I am doing the new VS support and updating Xamarin to test on the latest versions.
please make sure you already have access. - yes, my Microsoft account has access, and the device is registered and updated successfully in the Microsoft Intune company portal. I have no issues with iPhone and windows computers. Regarding iPhone, please see my Point 3 in the above note.
Also, Android was working earlier; as per my observation, it suddenly started to show the page "Set up your device with the above error" to set up the Intune. There are no mobile code changes or endpoint changes we did recently.A live example, My colleague also noticed the same issue while using the Atlassian app on mobile yesterday. We captured the Chrome version in the log endpoint, and it is PFA (Chrome Mobile 99.0.4844). The Device ID is null in the Device info tab at https://endpoint.microsoft.com/#home. The trick is to uninstall Chrome and install edge in the work profile, and it doesn't ask to set up your device. It might vary from case to case, but it should work with all browsers.
Also not Android-specific but related thread here - https://learn.microsoft.com/en-us/answers/questions/708101/conditional-access-error-code-53000-but-device-is.html![189055-atlassianappwithsameaccount.png][1]
-
MVS 21 Reputation points
2022-04-01T10:53:39.527+00:00 Questions:
- As per my case, do you suggest I try the 1. Basic or 2. with-broker sample changes to my existing code? PFA, my sample code changes below; if you see something else, I need to try it.
- My Client ID will vary dynamically based on the user's area selection, in example 1. Basic, I am not sure how to concatenate the client ID in App. cs and AndroidManifest dynamically.
Note: My Android phone has a work profile, and the apps at present which are installed are Edge, MS Authenticator, and MS Intune company portal, and the issue is not resolved yet.
-
MVS 21 Reputation points
2022-04-01T11:10:44.597+00:00 Hey, one more thing in case it helps to figure out what's going wrong.
For Jira by Atlassian, it asks a certificate popup like this when I use the same account credentials but not in our application
-
Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 42,431 Reputation points • Microsoft Vendor
2022-04-04T05:58:07.07+00:00 iPhone has no issues logging in when I use ".WithUseEmbeddedWebView(false)". With this set to true, iPhone has the issue like in Android.
Due to this, the issue might be caused by the
EmbeddedWebView
.Refer to Using web browsers, you can try to add
OpenBrowserAsync = SystemWebViewOptions.OpenWithEdgeBrowserAsync,,
into yoursystemWebViewOptions
.You can also refer Use Microsoft Authenticator or Intune Company Portal on Xamarin applications to get more details about Broker with Xamarin apps.
-
MVS 21 Reputation points
2022-04-06T15:11:11.517+00:00 Hey, Before trying out some options above. I want to test the sample repo itself with my changes and as you said it works for you, so it should work for me too.
Let's resolve this as first priority.I am struggling to compile and deploy the build to the Android 12 device.
Please share with me your package reference and VS info, so I will try to sync to compile this repo.
OR share with me know issues and the resolutions for it to compile.
Once the error is resolved, I can test this sample if it works for me with my credentials before trying any new things.I am getting this error - error MSB6006: "java.exe" exited with code 1.
More info, code changes I tried(you may not have access, not sure) - https://github.com/Azure-Samples/active-directory-xamarin-native-v2/pull/191
and 190597-vs2022-17-msalsample-1-basic-compilationissues.txt -
Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 42,431 Reputation points • Microsoft Vendor
2022-04-07T05:59:58.243+00:00 Could not find a part of the path 'AccessibilityManagerCompat_AccessibilityStateChangeListenerImplementor.class'
The issue caused by that, your path to the solution could be too long to find.
You need to make sure that the path is short, and you don't have any spaces or special characters in the path to your project.
"java.exe" exited with code 1.
It might be caused by Proguard, Proguard is being replaced by Google's R8.
You can refer to this documentation https://github.com/xamarin/xamarin-android/blob/main/Documentation/guides/D8andR8.md.
I used Microsoft Visual Studio Professional 2019 Version 16.11.10, Pixel 5 XL Emulator API 30 and 32, other references is the same as 1_Basic needed.
-
MVS 21 Reputation points
2022-04-07T17:26:03.03+00:00 okay, will try that and update you.
Hey, I have some updates; maybe you can guide the next steps.
- My Android device has a personal and work profile.
- Personal profile's MS company portal: I have enabled browser access by installing the certificate "VPN and apps," The management policy is in sync.
- Work profile's MS company portal: Browser access is enabled, and management policy is in sync.
- Logging into "https://login.microsoftonline.com." I can log in to the chrome browser in the work profile but not in the personal chrome app. It throws the same error 530003. Do you know why? What are the next steps?
- While I am developing, the debug Dooap app gets installed in the personal profile. I hope that shouldn't be a problem? However, the app is available to install in the work profile's play store.
- The app in the play store, even though it is installed in the work profile, still gives the same error. Am I missing something to check?
-
MVS 21 Reputation points
2022-04-07T19:21:23.777+00:00 Hello,
- Regarding java.exe issue, I tried adding the below as suggested but it didn't help
<Project>
<PropertyGroup>
<AndroidEnableProguard>True</AndroidEnableProguard>
<AndroidEnableMultiDex>True</AndroidEnableMultiDex>
<AndroidEnableDesugar>True</AndroidEnableDesugar>
<!--New properties-->
<AndroidDexTool>d8</AndroidDexTool>
<AndroidLinkTool>r8</AndroidLinkTool>
</PropertyGroup>
</Project>- Unfortunately I do not have that old version.
I had VS 2021 and VS2022, so I tried to compile in VS 2021 and ended up with this issue
I tried to update the XF to the latest and I have added this "
<AndroidManifestMerger>manifestmerger.jar</AndroidManifestMerger>" as suggested in couple sites but that didn't help. These options helped in VS 2022 though before I got that final Java error. I am sure if you update to the latest you will see a good number of issues. :)
-
MVS 21 Reputation points
2022-04-07T19:27:17.653+00:00 error AMM0000: Exception in thread "main" java.lang.NullPointerException
2>C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Xamarin\Android\Xamarin.Android.Common.targets(1441,3): error AMM0000: at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:878)
2>C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Xamarin\Android\Xamarin.Android.Common.targets(1441,3): error AMM0000: at com.android.manifmerger.XmlNode$NamespaceAwareName.<init>(XmlNode.java:208)
2>C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Xamarin\Android\Xamarin.Android.Common.targets(1441,3): error AMM0000: at com.android.manifmerger.XmlNode$NamespaceAwareName.<init>(XmlNode.java:194)
2>C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Xamarin\Android\Xamarin.Android.Common.targets(1441,3): error AMM0000: at com.android.manifmerger.XmlNode.unwrapName(XmlNode.java:122)
2>C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Xamarin\Android\Xamarin.Android.Common.targets(1441,3): error AMM0000: at com.android.manifmerger.OrphanXmlElement.getName(OrphanXmlElement.java:74)
2>C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Xamarin\Android\Xamarin.Android.Common.targets(1441,3): error AMM0000: at com.android.manifmerger.OrphanXmlElement.getId(OrphanXmlElement.java:67)
2>C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Xamarin\Android\Xamarin.Android.Common.targets(1441,3): error AMM0000: at -
Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 42,431 Reputation points • Microsoft Vendor
2022-04-08T07:14:28.177+00:00 The real cause seems too complex to draw a conclusion.
You can refer to this documentation Report a problem with the Visual Studio product or installer to send you feedback.
-
MVS 21 Reputation points
2022-04-08T09:39:01.393+00:00 Did you mean to report the above two problems?
- java.exe error and 2. manifest merger exception.
ok, I will take that up there to get a resolution.
It would be good if I had it working, so I can change my Client ID, etc quickly to test. Bad luck, hope they will give me a resolution there.
I do not have any more space to try your OLd visual studio 2019 to where it works for you.
Wondering no one tried this with the latest VS 2021 or VS 2022?Could you help me understand with the below questions, pasting them here again for tracking
Hey, I have some updates; maybe you can guide the next steps.
My Android device has a personal and work profile.
Personal profile's MS company portal: I have enabled browser access by installing the certificate "VPN and apps," The management policy is in sync.
Work profile's MS company portal: Browser access is enabled, and management policy is in sync.
Logging into "https://login.microsoftonline.com." I can log in to the chrome browser in the work profile but not in the personal chrome app. It throws the same error 530003. Do you know why? What are the next steps?
While I am developing, the debug Dooap app gets installed in the personal profile. I hope that shouldn't be a problem? However, the app is available to install in the work profile's play store.
The app in the play store, even though it is installed in the work profile, still gives the same error. Am I missing something to check?
-
MVS 21 Reputation points
2022-04-11T23:16:59.56+00:00 1Hey,
I have some updates.
I tried with the 1_basic sample by hardcoding the client id, I tried to follow the same coding which is given in the sample and it looks like it worked.
I have four clients IDs and I need to update them dynamically in the MSALActivity and in the AndroidManifest.
How can I do it?- The user will see the environment screen first and he selects the region and the client id needs to be updated in the MSALActivity and/or in the AndroidManisfet.
- When I upload it to the play store for internal testing the application will get installed in the personal profile. it most likely works if it is installed in the work profile. I am confused about how to test the build in the work profile to make sure it works when published LIVE?
-
SHEETAL RODRIGUES 20 Reputation points
2024-04-18T06:42:27.6633333+00:00 Hi @Yonglun Liu (Shanghai Wicresoft Co,.Ltd.)
I am facing exactly same Issue i.e, getting error code 53003 while logging in my Xamarin.Android App. While it is perfectly working fine for Xamarin.IOS App. It was working previously but suddenly stopped working in my Android Device.
Error Details:
Error Code: 530003
Request Id: xxxxxxxx
Correlation Id: xxxxxxxx
Timestamp: xxxxxxxx
App name: xxxxxxxxx
Device identifier: Not available
Device platform: Android Device state: Unregistered
Error Message : Set up your device to get access.
I have used the Basic approach to implement the MSAL Authentication. Here is my code changes:
**PCA = PublicClientApplicationBuilder.Create(clientId) **
.WithRedirectUri($"msal{clientId}://auth")
.WithAuthority(commonAuthority)
.WithIosKeychainSecurityGroup(bundleIdentifier)
.Build();
AuthenticationResult authResult = null;
try
{
IEnumerable<IAccount> accounts = await PCA.GetAccountsAsync().ConfigureAwait(false);
try
{
IAccount firstAccount = accounts.FirstOrDefault();
authResult = await PCA.AcquireTokenSilent(Scopes, Account)
.ExecuteAsync()
.ConfigureAwait(false);
}
catch (MsalUiRequiredException)
{
try
{
var builder = PCA.AcquireTokenInteractive(Scopes)
.WithParentActivityOrWindow(Authentication.ParentWindow);
builder.WithUseEmbeddedWebView(true);
authResult = await builder.ExecuteAsync().ConfigureAwait(false);
}
catch (Exception ex)
{
}
}
Tried using Broker Authentication, Tried registering the device freshly in the authenticator app but it did'nt work, Authentication working fine for other microsoft apps . Please suggest if i need to do any changes over here ?
Sign in to comment