locked
Create APN's certificate request hangs RRS feed

  • Question

  • Hi,

    I just upgraded a ConfigMgr 2012 R2 to SP1 and CU1.

    I have configured the Intune connector and am now trying to enable supporte for IOS devices.

    I have to do a "Create APN's certificate request" for the Apple push certificate. I select where to save the certificate and click "Download".

    Then a new window opens and I am asked to sign in with an Intune administrator account.

    When I have done that the new Windows just turns blank (White) with a headline saying "Subscription" and I have a "Cancel" button in the lower right corner. Nothing else happens.

    On the "Request Apple Push Notification Service Certificate Signing Request" below the new blank Windows there is a progress bar running with a text above stating "Status: Connection to Microsoft Intune".

    Have anyone seen this and know what to do to make it go further?

    If not are the any other way to create the APN certificate request?


    Thomas Forsmark Soerensen

    Thursday, August 6, 2015 1:55 PM

Answers

  • MS returned to me today and told me that this issue was identified as an outage in their
    systems and should be resolved now.

    I tried again today and it is now working.

    I have asked MS if it was a problem with my tenant or a general problem but I have not received an answer yet.


    Thomas Forsmark Soerensen

    • Marked as answer by Forsmark Tuesday, September 1, 2015 1:21 PM
    Saturday, August 29, 2015 2:21 PM

All replies

  • Is this also happening when using a remote console?

    Torsten Meringer | http://www.mssccmfaq.de

    Thursday, August 6, 2015 2:50 PM
  • Are you doing this on a server? I find it is best to run this process on a desktop device with the Configmgr console installed as the browser is not running restricted as it will be on a server.

    Cheers Paul | http://sccmentor.wordpress.com

    Thursday, August 6, 2015 3:03 PM
  • Hi,

    I just installed the ConfigMgr 2012 R2 SP1 CU1 console on a Windows 7 SP1 computer.

    I tried the same from there and it is the same problem.

    Is it possible to create an Intune trial and use that to request the APN's certificate request or are tere any Intune server or subscription related information in the request?

    Thanks in advance....


    Thomas Forsmark Soerensen


    • Edited by Forsmark Friday, August 7, 2015 8:41 AM
    Friday, August 7, 2015 8:16 AM
  • Unfortunately not. You must make the APN request through the console. It must be linked to your Intune subscription. BTW what you are describing is very rare. I've never seen this problem on a desktop OS (I have on a server OS). Have you any other environmental factors at play here (eg proxy etc)?


    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Friday, August 7, 2015 9:15 AM
  • No proxy.

    Have a firewall but I can manually login to the Intune console without any problems.


    Thomas Forsmark Soerensen

    Friday, August 7, 2015 9:51 AM
  • Can you try changing your default browser on the Win 7 device to Google Chrome and try again?

    Cheers Paul | http://sccmentor.wordpress.com

    Friday, August 7, 2015 9:54 AM
  • I already tried that without any luck :-(

    It does not look like ConfigMgr uses other browsers than IE...


    Thomas Forsmark Soerensen

    Friday, August 7, 2015 10:58 AM
  • Is there a way to download it using PowerShell...


    Thomas Forsmark Soerensen

    Monday, August 10, 2015 7:26 AM
  • Were you able to get around this at all?  I'm having the exact same issue.  2012 R2 SP1.  Tried from multiple server and workstation OS' and still no joy.  I've done this multiple times in the last couple weeks with no issues in other environments but they were all R2 and earlier.  Could this be a bug in R2 SP1/SP2?
    Friday, August 14, 2015 12:58 PM
  • Hi,

    I opened a support case with MS.

    We have not found a solution yet, but they say that this might be a known problem that have been solved last week. I will keep you informed when I know more...


    Thomas Forsmark Soerensen

    Friday, August 21, 2015 11:39 AM
  • Thanks for feedback Thomas

    Cheers Paul | http://sccmentor.wordpress.com

    Friday, August 21, 2015 12:15 PM
  • I also have a case open and will post back as well once we have a solution.  I'm also having an issue where the certificate is not being delivered from Intune which is preventing extensions from coming down.  I don't think the two issues are related since I believe you should be able to make the APN request without having any active subscription but the tech I am working with, stated there are multiple cases open with these same issues so it could be a bug.
    Friday, August 21, 2015 12:35 PM
  • Any updates on this one? I am encountering the same issue on SCCM 2012 R2 SP1+CU1.
    Tuesday, August 25, 2015 1:32 PM
  • No updates from me yet.  My case is still being worked.
    Tuesday, August 25, 2015 2:02 PM
  • No update here either. I am getting a bit frustrated :-D

    Yesterday I was told to try Again using a "cloud only" admin account but I had already tried that with the same result.


    Thomas Forsmark Soerensen

    Wednesday, August 26, 2015 11:37 AM
  • Same problem here as well. SCCM 2012 R2 SP1.

    I can see this in SmsAdminUI.log every time the subscription-box hangs.
    ERROR: WebException is returned. Typically, this means server has thrown an error. Detailed message is: System.Net.WebException: The remote server returned an error: (403) Forbidden

    Thursday, August 27, 2015 8:45 AM
  • I get the same error in SmsAdminUI.log. This log was sent to MS support(support case was raised). We tried yesterday to run following queries on SCCM database:

    update SC_ClientComponent_Property set Value2 = '' where Name like '%APNS%'
    delete from MDMPolicy where PolicyType = 7
    delete from MDMPolicyAssignment where PolicyType = 7
    update SC_ClientComponent_Property set Value2 = '' where Name like '%APNS%'
    delete from MDMPolicy where PolicyType = 11
    delete from MDMPolicyAssignment where PolicyType = 11
    DELETE Drs_Signals

    followed by restart of SMS_Executive service on site server but unfortunately this didn't help us to solve the issue.

    Thursday, August 27, 2015 9:20 AM
  • MS returned to me today and told me that this issue was identified as an outage in their
    systems and should be resolved now.

    I tried again today and it is now working.

    I have asked MS if it was a problem with my tenant or a general problem but I have not received an answer yet.


    Thomas Forsmark Soerensen

    • Marked as answer by Forsmark Tuesday, September 1, 2015 1:21 PM
    Saturday, August 29, 2015 2:21 PM
  • We also got an answer from MS that they made some change on our tenant and I can confirm that this change fixed the issue.

    Edit. Changes were made on backend permission services.

    • Proposed as answer by Garth JonesMVP Monday, August 31, 2015 1:16 PM
    • Edited by dast85 Tuesday, September 1, 2015 1:27 PM
    Saturday, August 29, 2015 2:45 PM
  • Hey guys, I also got the same message from support over the weekend and my issue is resolved as well.
    Monday, August 31, 2015 1:13 PM
  • I faced the same issue today. I removed the proxy settings first and then configuration script in the same tab of IE settings. I was able to download the CSR. 
    Monday, May 13, 2019 8:18 AM