At a customer and integrating/managing Windows Phone 8 with Windows Intune and System Center Configuration Manager 2012 SP1 ? Using the Support Tool for Windows Intune Trial Management of Window Phone 8 (can be downloaded at http://www.microsoft.com/en-sg/download/details.aspx?id=39079) ?
The Support Tool for Windows Intune Trial Management of Window Phone 8 facilitates Microsoft System Center 2012 Configuration Manager admins to try out Windows Phone 8 software distribution scenarios during the Trial period.
However we couldn’t get our Windows phone 8 enrolled. It always came back with the following error on the phone : “We weren’t able to set up this company account on your phone”.
Verify the following before going forward :
- If Are you using ADFS , check my previous blog post “Troubleshooting ADFS 2.1 Services for Windows Intune (WaveD)”.
- Have you synced your AD accounts to Azure AD? Is dirsync working correctly ? Check from Azure AD that you see your local AD users there.
- Make sure the UPN is set correctly to your Domain ( SCUG.be instead of scug.onmicrosoft.com)
- Set CNAME to manage.microsoft.com
- Reset your Users password. Because the user must reset the password after the first logon, logon to e.g. portal.manage.microsoft.com with the user account, before enrolling the device.
- It is important that you first synchronize your AD users to Azure and after that add the user account to user collection that is allowed to enroll the devices. If you first add the user to the collection and the new user is not in Azure AD, you need to wait up to 24 h. (Tnx to my fellow MVP Panu Sauko!)
- If you get the latter error message, change the language & regional settings of your mobile phone to en-US and try to enroll again. (Tnx to my fellow MVP Panu Sauko!)
Going down in the logs , by the way very difficult on a Windows phone 8 or Windows Intune side , the only option was to look into the System Center Configuration Manager Log files .
Looking in the dmpdownloader.log and found the following line appearing every time I tried to enroll the WP8 device . Strange .
ERROR: Service health log: WP appStoreURI is missing for account 73dab792-979c-40be-947b-b7c8040e725b and userId ******************************33d16d
Solution :
Apparently to that message , it seems that we have Certificate issues on the Company portal . After re-registering the steps below , it works . Before it executed also successfully ,and I thought everything was OK , but I was wrong. So if you have the above error message “ Service health log: WP appStoreURI is missing for account “ , it means there is something wrong with your company portal and signed certificates.
- Step 1 : Disable the Windows Phone 8 support on the intune connector :
- Step 2 : Simply redeploy your WP8 trial software as described here : http://blogs.technet.com/b/windowsintune/archive/2013/07/03/support-tool-for-windows-intune-trial-management-of-windows-phone-8.aspx
1. Create your application “Company portal” that is included in the toolkit.
2. The first step to enable the management of Windows Phone 8 devices is to run the script that is included cscript ConfigureWP8Settings.vbs <server> QuerySSPModelName . It is important to notate the Scope_ID<GUID> information as it will be used in the next step.
3. Next we need to run the script again but this time in Save mode with the SSP name to populate the necessary certificate information that enables Windows Phone 8 Management. The command will will use this time is: cscript ConfigureWP8Settings.vbs <server> SaveSettings <Company Portal name> where <Company Portal name> is the output for Model Name from the earlier step.
4. After completion of the steps above, you can now verify that Windows Phone 8 device management is enabled.
Now you can enroll your Windows Phone 8 devices in your Windows Intune Unified Trial Account. It works like a charm now .
Hope it Helps ,
Kenny Buntinx
MVP enterprise Client Management