MDMServerReachable not working with ISE 3.2 with Intune as the MDM

rrealica · ‎10-13-2023

Hello,

We are in a midst of a POC and one of the scenarios we are testing is if Intune (our MDM) is not reachable for some reason (internet transit problems, problems with Intune itself, etc) and we cannot get a consistent result from the policy evaluation. We have MDMServerReacheable equals UnReacheable condition and it's not being triggered. All our clients are still showing MDMServerReacheable = True for some reason. We have disabled internet access already on the ISE nodes for a few days already and our logs are filled with the "External MDM Server Connection Failure", we have deleted the clients from the ISE database as well, tried new clients, we have opened a TAC case as well to no avail.

This problem seems to be similar to CSCvn70558 : Bug Search Tool (cisco.com) - MDMServerReachable does not work for SCCM MDM again

This is not a deal breaker we just need to know what to expect so we can go forward and set expectations accordingly. All are other Intune/MDM policy check works except for the MDMServerReachable.

Any feedback would be appreciated. Thanks.

Arne Bier · ‎10-19-2023

Hello @rrealica

Looks like a bug, smells like a bug ... it's probably a bug.

It seems like the most basic flag that should be set, especially, given that the rest of ISE (logs) are confirming that the MDM is unreachable. Stick with the TAC case and don't give up!

rrealica · ‎10-19-2023

Thank you; TAC was able to reproduce the issue. No ETA was provided as of yet.

Greg Gibbs · ‎10-19-2023

Just FYI... Out of curiosity, I tested the same flow with ISE 3.1 p7 and the 'MDMServerReachable = false' condition did match in my AuthZ Policy. This appears to be a new bug introduced at some point in 3.2.