Troubleshoot and review Wi-Fi device configuration profiles in Intune - Intune (2023)

In Intune, you can create device configuration profiles that contain connectivity settings for your WiFi network. Use this setting to connect users' Android, iOS/iPadOS, and Windows devices to your organization's network.

This article shows what a Wi-Fi profile looks like when successfully applied to devices. It also includes registry information, general issues, and more. Use this article to troubleshoot your WiFi profiles.

For more information about Wi-Fi profiles in Intune, seeAdd and use WiFi settings on your devices.

Troubleshooting Android WiFi profiles

In this section, we review the user experience when installing configuration profiles on an Android device. This scenario uses a Nokia 6.1 device. Before installing the Wi-Fi profile on the device, install the Trusted Root and SCEP profiles.

1. Users receive a notification about installing the Trusted Root Certificate Profile:

   

2. The following notification prompts installation of the SCEP certificate profile:

   

   Advice

   If you're using a device administrator-managed Android device, the list might contain multiple certificates. If a certificate profile is revoked or deleted, the certificate remains on the device. In this scenario, select the latest certificate. This is usually the last certificate shown in the list.

   (Video) Microsoft Endpoint Manager Intune Configuration Profiles Part XII Wi Fi Profiles

   This situation does not occur on Android Enterprise and Samsung Knox devices. For more information, seeManage Android devices with work profilejRemove SCEP and PKCS certificates.

3. Users will then receive a notification to install the Wi-Fi profile:

   

4. Once complete, the Wi-Fi connection will appear as a saved network:

   

Check the Company Portal app logs

On Android is theOmadmlog.logThe file describes the activities of the Wi-Fi profile when installed on the device. You can have up to five omadmlog log files. Make sure you get the last sync timestamp as it will help you find the related registry entries.

Use in the example belowCMTraceTo read the logs and search for wifimgr:

The following log shows the results of your search and shows the successfully created Wi-Fi profile:

Verb com.microsoft.omadm.platforms.android.wifimgr.OneX 15118 04142 Start parsing OneX from Wifi XML.2019-08-01T19:22:46.8100000 VERB com.microsoft.omadm.platforms.android.wifimgr.OneX 15118 04142 Parsing completed Wifi OneX XML.2019-08-01T19:22:46.8209999 VERB com.microsoft.omadm.platforms.android.wifimgr.WifiProfile 15118 04142 Completed parsing wifi profile xml named "<profile id>" .2019-08-01T19 : 22:46.8240000 INFO com.microsoft.omadm.utils.CertificateSelector 15118 04142 Selected CA certificate with alias: "user:205xxxxx.0" and thumbprint "<thumbprint>".2019-08-01T19 : 22:47.0990000 VERB com.microsoft . omadm.platforms.android.certmgr.CertificateChainBuilder 15118 04142 Complete certificate chain built with Complete certs.2019-08-01T19:22:47.1010000 VERB com.microsoft.omadm.utils.CertUt ils 15118 04142 1 certificate(s) with criteria: User < ID>[i:<ID>,17CECEA1D337FAA7D167AD83A8CC7A8FCBF9xxxx;eku:1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2]2019-08-01T19:22:47.1090000 VERB com.microsoft.omadm . utils.CertUtils 15118 04142 0 Certificate(s) excluded by criteria:2019-08-01T19:22:47.1110000 INFO com.microsoft.omadm.utils.CertificateSelector 15118 04142 Selected client certificate with alias "User<ID>" and RequestId "ModelName =<ModelName>%2FLogicalName_<LogicalName>;Hash=-912418295'.2019-08-01T19:22:47.4120000 VERB com.microsoft.omadm.Services 15118 04142 Applied successfully, WiFi profile enabled and '<Profile- ID>'2019 saved -08-01T19:22:47.4240000 VERB com.microsoft.omadm.platforms.android.wifimgr.OneX 15118 04142 Start parsing OneX from Wifi XML.2019-08-01T 19:22:47.4910000 VERB com.microsoft.omadm.platforms.android.wifimgr.OneX 15118 04142 OneX full scan of wifi XML.2019-08-01T19:22:47.4970000 VERB com.microsoft.omadm.platforms.android.wifimgr. WifiProfile 15118 04142 Starts parsing wifi-i profile xml named <profile id>. XML.2019-08-01T19:22:47.5820000 VERB com.microsoft.omadm.platforms.android.wifimgr.OneX 15118 04142 Full OneX scan of Wifi XML.2019-08-01T19:22:47.5900000 VERB com.microsoft.omadm .platforms.android.wifimgr.WifiProfile 15118 04142 XML parsing of wifi profile named '<profile id>' completed.2019-08-01T19:22:47.5910000 INFO com.microsoft.omadm.platforms.android Applied profile <Profile ID>

Troubleshooting iOS/iPadOS WiFi profiles

After the Wi-Fi profile is installed on the device, it will appear on theManagementprofil:

Check the iOS/iPadOS console and device logs

On iOS/iPadOS devices, the Company Portal app log does not contain information about Wi-Fi profiles. To view the installation details of your Wi-Fi profiles, use the console/device logs:

1. Connect iOS/iPadOS device to Macapplications>Utilitiesand open the console app.

2. Lowaction, chooseInclude informational messagesjInclude debugging messages:

   

   (Video) Create and Deploy Wifi profile in Microsoft Intune

3. Play the scenario and save the logs to a text file:

   1. Select all messages on the current screen:Edit>Choose All.
   2. Copy messages:Edit>Copy.
   3. Paste the log data into a text editor and save the file.

4. Browse the saved log file to view detailed information. If the profile installs successfully, the output looks like the following log:

   Line 390870: Debug 11:19:58.994815 -0400 Profiled dependent www.windowsintune.com.wifi.Contoso add Microsoft.Profiles.MDM principal in domain ManagingProfileToManagedProfile for system\Line 390872: Debug 11:19:58.995210 -0400 Profiled dependent Microsoft .Profiles.MDM to www.windowsintune.com.wifi.Contoso parent in domain ManagedProfileToManagingProfile to system\Line 392346: Default 11:19:59.360460 -0400 Profiled profile \'93www.windowsintune.com.wifi.Contoso\' 94 installed .\

Troubleshooting Windows Wi-Fi profiles

After installing the Wi-Fi profile on the device, go toIdeas>Content>access to work or school> Select your account >Information:

InMicrosoft Managed Spaces,W-lanit shows:

To view the Wi-Fi connection, go toIdeas>Red e-Internet>W-lan:

Check the Event Viewer logs

On Windows devices, details about Wi-Fi profiles are logged in Event Viewer:

1. open thatEvent ViewerApplication
2. About himVistaselect menuView analysis and debug logs.
3. ExpandApplication and Service Logs>Microsoft>Window>DeviceManagement-Enterprise-Diagnostic-Provider>Administration

Its output resembles the following logs:

Log Name: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/AdminSource: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-ProviderDate: 7/8/2019 8:01:41 PMEvent ID: 1506 Task Category: (1 ) Level : InformationKeywords: (2)User: SYSTEMComputer: <computer name>Description:WiFi Configuration Service Provider: Node Set Value, Type: (0x4), Result: (The operation completed successfully.)

General problems

This section provides troubleshooting guidance for the following scenarios:

• The Wi-Fi profile is not implemented on the device
• The Wi-Fi profile is implemented on the device, but the device cannot connect to the network
• Users do not get a new profile after changing the password on the existing profile
• All Wi-Fi profiles report an error
• A Wi-Fi profile reports an error but appears to be working

The Wi-Fi profile is not implemented on the device

• Confirm that the WiFi profile is assigned to the correct group:

  1. insideMicrosoft Endpoint Manager Admin Center, chooseDevices>configuration profiles.
  2. Select your profile >Tasks. Confirm that the selected groups are correct.
  3. Select in Endpoint ManagerTroubleshooting + Support. Check theTasksInformation.

• Select in Endpoint ManagerTroubleshooting + Support. Confirm that the device can sync with Intune by checking the boxLast postTime.

• If the Wi-Fi profile is associated with the Trusted Root and SCEP profiles, confirm that both profiles are deployed on the device. The Wi-Fi profile depends on these profiles.

• On Windows 10 and newer devices, check the MDM diagnostic information log:

  1. BecomesIdeas>Content>access to work or school.

     (Video) Microsoft Endpoint Manager Intune Configuration Profiles Part VII Delivery Optimization

  2. Select your work or school account >Information.

  3. At the bottom of theIdeaspage, selectCreate a report.

  4. A window opens with the path to the log files. ChooseExport.

  5. Ve a la\Users\Public\Documents\MDMDiagnosticsRoute and view the report:

  Advice

  For more information, seeDiagnose MDM errors in Windows 10.

• On Android devices, if the Trusted Root and SCEP profiles are not installed on the device, you will see the following entry in the Company Portal app omadmlog file:

  2019-08-01T19:18:13.5120000 INFO com.microsoft.omadm.platforms.android.wifimgr.WifiProfileManager 15118 04105 Skipping wifi profile <profile id> because it has pending certificates.

  • If Trusted Root and SCEP profiles are present and supported on the Android device, the Wi-Fi profile may not be on the device. This problem occurs when theCertificate SelectionThe Company Portal app provider cannot find a certificate that matches the specified criteria. The specific criteria can be included in the certificate template or in the SCEP profile.

    If the matching certificate is not found, the certificates will not be installed on the device. The Wi-Fi profile is not applied because it does not have the correct certificate. In this scenario, you see the following entry in the omadmlog file for the Company Portal app:

    Skipping WiFi profile <profile ID> because it has pending certificates.

    The following example log shows the exclusion of certificates because theany purposeExtended Key Usage (EKU) criteria were specified. However, the certificates assigned to the device do not have this EKU:

    2018-11-27T21:10:37.6390000 VERB com.microsoft.omadm.utils.CertUtils 14210 00948 Exclude the certificate with alias User<ID1> and RequestId <requestID1> because it has no purpose EKU.2018-11-27T21 :10 :37.6400000 VERB com.microsoft.omadm.utils.CertUtils 14210 00948 Exclude the certificate with alias User<ID2> and RequestId <requestID2> because it has no purpose EKU.2018-11-27T21:10:37.6400000 VERB com.microsoft. omadm.utils.CertUtils 14210 00948 0 Certificate(s) with criteria:2018-11-27T21:10:37.6400000 VERB com.microsoft.omadm.utils.CertUtils 14210 00948 2 Certificate(s) excluded by criteria:2018-11-27T21 :10:37.6400000 INFO com.microsoft.omadm.platforms.android.wifimgr.WifiProfileManager 14210 00948 Skipping wifi profile <profile id> because it has pending certificates.

    The following example shows the SCEP profile entered in theany purposeECU. However, it is not entered in the certificate template of the certification authority (CA). To fix the problem, add theany purposeCertificate template option. Or delete themany purposeSCEP-Profiloption.

    (Video) Microsoft Endpoint Manager Intune Configuration Profiles Part I The Basics and Beyond

  • Confirm that all required certificates are in the full certificate chain on the Android device. Otherwise, the Wi-Fi profile cannot be installed on the device. For more information, seeMissing intermediate CA(opens the Android website).

  • Filter the omadmlog with keywords to find information e.g. B. which certificate is used in the WLAN profile and whether the profile was successfully applied.

    Use for exampleCMTraceto read the registers. Use the search string to filter for "wifimgr":

    

    The output resembles the following log:

    If you see an error in the log, copy the timestamp of the error and remove the filter from the log. Then use the "Find" option with the timestamp to see what happened just before the error.

The Wi-Fi profile is implemented on the device, but the device cannot connect to the network

Typically, this issue is caused by something outside of Intune. The following tasks can help you understand and troubleshoot connectivity issues:

• Connect to the network manually using a certificate with the same criteria as the Wi-Fi profile.

  If you can connect, look at the certificate properties in the manual connection. Then update the Intune WiFi profile with the same certificate properties.

• Connection errors are usually logged in the Radius server log. For example, it should show if the device tried to connect using the Wi-Fi profile.

Users do not get a new profile after changing the password on the existing profile

You create a corporate Wi-Fi profile, deploy the profile to a group, change the password, and save the profile. If the profile changes, some users may not receive the new profile.

To resolve this issue, set up guest WiFi. If the corporate WiFi goes down, users can connect to the guest WiFi. Be sure to enable all automatic connection settings. Deploy the guest WiFi profile to all users.

Some additional recommendations:

• If the Wi-Fi network you are connecting to uses a password or passphrase, make sure you can connect directly to the Wi-Fi router. You can test with an iOS/iPadOS device.
• After successfully connecting to the wireless endpoint (wireless router), note the SSID and the credentials used (this value is the password or passphrase).
• Enter the SSID and credentials (password or passphrase) in the Pre-Shared Key field.
• Deploy to a test group with a limited number of users, preferably just the IT team.
• Sync your iOS/iPadOS device with Intune. Sign up if you haven't already.
• Try connecting to the same Wi-Fi endpoint (as mentioned in the first step) again.
• Deploy to larger groups and eventually to all expected users in your organization.

All Wi-Fi profiles report an error

For corporate-owned, dedicated, and fully-managed Android Enterprise work profile devices, you may receive a report that all profiles failed. This can happen when you implement more than one Wi-Fi profile. In this case, if one fails, all profiles you provided will be reported as failed (even if they still work).

A Wi-Fi profile reports an error but appears to be working

If a Wi-Fi profile works fine on an Android device but reports an error, it may be a reporting error. To fix this, update the Intune app to version 2021.05.02 or later.