Solved: ISE 2.7 P3 fails to connect to MS Azure Intune

Frank Lothar Weber · ‎05-25-2021

Hi, folks.

I am trying to connect ISE 2.7 P3 to a MS Intune MDM tenant, sadly without success ....

We have imported the necessary certificates (DigiCert and MS Chains) into ISE trusted certs, exported the

ISE-cert to be imported into Intune by the cloud-guys ... I was also told that all configurations (APP, rights etc.) were

done correctly on the Intune-side .... but connection still fails.

Connection Failed: 403:Forbidden: the MDM server is not reachable

Is there a detailed description of what happens when the "test connection" button is pressed in one of ISEs log-files ??

If so, which one might that be ??

I also could not find a detailed description on which services the imported certificates should be trusted for ... any ideas ?

Rgs

Frank

lrojaslo · ‎05-25-2021

Confirm you have traffic with MDM server via port 443.

Regarding certificates, check the Trust for authentication within ISE and Trust for authentication of Cisco Services.

You should be able to see the events on ise-psc.log file.

Otherwise, you better open a TAC case for further assistance.

lrojaslo · ‎05-25-2021

Confirm you have traffic with MDM server via port 443.

Regarding certificates, check the Trust for authentication within ISE and Trust for authentication of Cisco Services.

You should be able to see the events on ise-psc.log file.

Otherwise, you better open a TAC case for further assistance.

thomas · ‎06-06-2021

Try adding the DigiCert Global Root G2 certificate to the ISE Trusted Certificate store?

Microsoft updated their Graph API cert in ~September 2020 to use the new cert so that may be it.