ms-intune-app-sdk-ios icon indicating copy to clipboard operation
ms-intune-app-sdk-ios copied to clipboard

Published 20 hours ago verified publisher icon msintuneappsdk

v16.0.9 Issue - The Intune MAM SDK failed to connect to the location service to determine the user's endpoint

Open clcpowers opened this issue 2 years ago • 3 comments

Description: Recently updated to Intune v16.0.9 (from 16.0.5), and we are on the latest MSAL v1.2.2.

We receive 204 errors in the enrollmentRequest(with status: IntuneMAMEnrollmentStatus) callback. This is happening on first time launch after acquireToken interactively, successfully obtaining account, and then calling registerAndEnrollAccount with the obtained account from MSAL auth -- "The Intune MAM SDK failed to connect to the location service to determine the user's endpoint, see error object for details."

We have been seeing this error inconsistently since updating to v16 (first with 16.0.3), but with the recent 16.0.9 update we have been seeing this error at a much higher frequency and more consistently internally and externally. Conditional access is not being applied to accounts encountering the issue, and no other configurations have been made to users/configurations that have accessed error-free with previous SDK releases.

Also to note, this does seem similar to what we recently experienced in our 16.0.3 update. Currently, we're blocked from app updates since our Apple testers keep encountering this error while going through the app review process.

Intune App SDK for iOS (please complete the following information):

What version of the Intune SDK are you using? Are you using the latest version? Yes, 16.0.9 (first detected issue when updated from 16.0.5) What platform is your app based in (native, Xamarin based, Cordova, etc)? iOS (Swift)

clcpowers avatar Aug 15 '22 14:08 clcpowers

Hi @clcpowers. Can you send your Intune MAM logs to [email protected]?

Thank you, Neil

msft-neiljac avatar Aug 15 '22 15:08 msft-neiljac

Was there ever a resolution to this issue that can be made public? I am encountering the same error.

IT-MikeS avatar Sep 06 '22 14:09 IT-MikeS

Hi @IT-MikeS . We were not able to get logs for this issue yet. If you are able to get logs, please send them to [email protected].

Thank you, Neil

msft-neiljac avatar Sep 06 '22 14:09 msft-neiljac

Hi. Currently seeing this same issue with Intune SDK version 17.1.2. MSAL 1.2.15 iOS 17.0.3

IntuneMAM: CMAROperationScheduler: Enrollment failed with status code 204 and error code 0

malar036 avatar Oct 26 '23 08:10 malar036

Hi @malar036, is this a consistent failure? Can you send logs?

Thanks, Neil

msft-neiljac avatar Oct 30 '23 12:10 msft-neiljac

Hi Neil, We did have about 10 enrolled users successful with this app in question built for intune. Currently next 3 person's enrolled have consistent failure. It is working for me and others. Something happened on the way and new enrollments fail. I am not sure I can share these logs. Our Intune engineer should have opened a case with MSFT. But it seems that cause is unknown.

malar036 avatar Nov 01 '23 10:11 malar036

Hi @malar036. If you like, you can email me the support case number at [email protected] and I can look into the status of the case. Also please update the version of the Intune SDK to the latest 17.x version if you're building your app with Xcode14 or the latest 18.x version if using Xcode15. There are known issues with version 17.1.2 on iOS17.

Thanks, Neil

msft-neiljac avatar Nov 01 '23 13:11 msft-neiljac

Hi Neil, thanks for the replies. I have forwarded this information to the app provider for response. Waiting for the ticket ID from our intune egineer.

malar036 avatar Nov 01 '23 15:11 malar036

Hi Neil, MSFT ticket ID: 2311011420001053

malar036 avatar Nov 02 '23 08:11 malar036

Hi Neil, We did try the latest versions compiled (Our vendor- mobile dev team has created the custom build with Intune SDK 17.7.6 along with MSAL SDK 1.2.18.) and test deployed via TestFlight. Same issue. MSFT engineer in the ticket points to potential DNS issue in the mobile VPN solution.

2023-10-23T09:05:58.237Z ERRO com.symphony.intune tid=17 id=bc0e49,ui=(nil),io=(nil) IntuneMAM: CMARLocationServiceRequestOperation: Request to MAM Service Locator failed with error Error Domain=NSURLErrorDomain Code=-1003 "(null)"

CMARLocationServiceRequestOperation: Location Service URL is CMARScrubbedURL:https://go.microsoft.com/63592b8f86297afe79e49a57b3410eb217c0a1c23601dd08abed20d74c2b599d?18de75530bb7ec7fa824045fe4bf26d0310888595b3b3148ae69eed3a56b2c55

Which seems to be af fwlink/redirect to https://mamservice.manage.microsoft.com/api/Locations

Our NetEng confirm that these URLs are resolveable in the VPN.
What are your thoughts on such issue?Hi Neil, We did try the latest versions compiled and test deployed via TestFlight. Same issue. MSFT engineer in the ticket points to DNS issue in the mobile VPN solution.

2023-10-23T09:05:58.237Z ERRO com.symphony.intune tid=17 id=bc0e49,ui=(nil),io=(nil) IntuneMAM: CMARLocationServiceRequestOperation: Request to MAM Service Locator failed with error Error Domain=NSURLErrorDomain Code=-1003 "(null)"

CMARLocationServiceRequestOperation: Location Service URL is CMARScrubbedURL:https://go.microsoft.com/63592b8f86297afe79e49a57b3410eb217c0a1c23601dd08abed20d74c2b599d?18de75530bb7ec7fa824045fe4bf26d0310888595b3b3148ae69eed3a56b2c55

Which seems to be af fwlink/redirect to https://mamservice.manage.microsoft.com/api/Locations

Our NetEng confirm that these URLs are resolveable in the VPN.
What are your thoughts on such error code?

malar036 avatar Nov 09 '23 12:11 malar036

Hi @malar036. I've been working with the support engineer. The NSURLErrorDomain -1003 error corresponds to NSURLErrorCannotFindHost. This is a DNS issue, but it's not clear from the log if the go.microsoft.com URL cannot be resolved or if it's the mamservice.managed.microsoft.com URL.

Is the VPN configured at the per-app level or device level? If at the device level, if the affected users enter https://go.microsoft.com/fwlink/?linkid=2138939 into Safari/Edge does the URL resolve? They will see a message containing "No valid authentication...." if it does. If it doesn't then have them try again without the VPN enabled. If the VPN is configured for per-app, then do something similar except you might have to target Safari/Edge with the VPN profile if it isn't already.

Thanks, Neil

msft-neiljac avatar Nov 09 '23 13:11 msft-neiljac

Hi Neil, Yes, the https://go.microsoft.com/fwlink? works and resolve URL in safari. It provides me the "No valid authentication mechanism found" and the url that I land on is: mamservice.manage.microsoft.com. The app in question is configured for per-app. In the VPN view the app along with safari is included. I now have 1 iOS device(iphone) previously enrolled ok and working (for now) 1 new iOS device (Ipad) freshly enrolled which do get this error message. (Same as my users) so it seems to be persistent/reproducable across all new enrollments. I will check internally with our Intune team for review. thanks

malar036 avatar Nov 13 '23 12:11 malar036