I'm working on a Windows AutoPilot solution for a customer this week. This is a hybrid AD solution and the devices will join both Azure AD and the corp AD. I had previously deployed the Intune Connector for Active Directory for testing purposes and it's pretty straightforward. However it's a little different in an enterprise environment.
Example
"We
are unable to complete your request because a server-side error occurred.
Please try again. [Exception Message: \"DiagnosticException: 0x0FFFFFFF.
We are unable to complete your request because a server-side error occurred.
Please try again.\"] [Exception Message: \"Failed to get a value for
Key: OdjServiceBaseUrl\"] [Exception Message: \"The given key was not
present in the dictionary.\"
The proxy log files showed no activity so clearly I needed some way to ensure that the tool was directing traffic to the proxy.
This
document discusses using the tool with on-premise proxies
However,
it’s really not useful as it just recommends bypassing the proxy and
configuring the tool (ODJConnectorUI.exe.config and ODJConnectorSvc.exe.config)
to do that. We all know that is not practical. Most
enterprise customers won’t allow you to bypass the proxy so I needed a way to
make the Intune Connector use the proxy.
- Configuring the proxy in IE does not work
- Using “netsh winhttp set proxy” does not work
Michael Niehaus worked on this and provided the code to add
to the config files.
It worked perfectly and the Intune Connector was created (you have to restart the Intune ODJConnector Service).
The documentation will be updated
accordingly.
This is the code snippet that should be added to both the ODJConnectorUI.exe.config and ODJConnectorSvc.exe.config files.
<?xml
version="1.0" encoding="utf-8" ?>
<configuration>
<system.net>
<defaultProxy>
<proxy
usesystemdefault="false" proxyaddress="http://contoso-proxy:3128"
/>
</defaultProxy>
</system.net>
<startup>
<supportedRuntime version="v4.0"
sku=".NETFramework,Version=v4.6" />
</startup>
<appSettings>
</appSettings>
</configuration>
It was good to see successful communication in the event logs
Note:
It is important to include http:// in the proxy address. We didn't at first and we spotted the following in the event logs:
":"We
are unable to complete your request because a server-side error occurred.
Please try again. [Exception Message: \"DiagnosticException: 0x0FFFFFFF.
We are unable to complete your request because a server-side error occurred.
Please try again.\"] [Exception Message: \"The ServicePointManager
does not support proxies with the xxx.int.domain.com scheme.\"]"
Until next time....
Gerry, you are a legend. This is the only answer to this issue I could find after hours of trawling the Internet. I had to do the same to get my Azure AD Sync tool working on another server but did not join the dots. Thanks so much for this!
ReplyDelete