ConfigMgr + Apple DEP

It’s pretty awesome that you can extend Configuration Manager to not only manage your corporate on-prem devices, you can also turn it into a single-pane-of-glass Mobile Device Management solution for all of your devices.

I recently hooked up our ConfigMgr environment into Intune with the intent to manage a pilot group of iPads. During that time, I ran into an issue. When I attempted to upload our Apple DEP token, I was presented with the following error:

ConfigMgr Error Object:

instance of SMS_ExtendedStatus
{
Description = "SyncAction communication failure reported by uploader.";
ErrorCode = 0;
File = "e:\\cm1706_rtm\\sms\\siteserver\\sdk_provider\\smsprov\\sspsyncaction.cpp";
Line = 135;
Operation = "ExecMethod";
ParameterInfo = "SMS_MDMCorpOwnedDevices";
ProviderName = "WinMgmt";
StatusCode = 2147749889;
};

------------------------------- Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException

The SMS Provider reported an error.

Stack Trace:

at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.ExecuteMethod(String methodClass, String methodName, Dictionary2 methodParameters, Boolean traceParameters) at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.ExecuteMethod(String methodClass, String methodName, Dictionary2 methodParameters) at Microsoft.ConfigurationManagement.AdminConsole.CloudServiceRoles.DepOnboardingHelper.InvokeDepAction(ConnectionManagerBase connectionManager, String methodName, Dictionary2 inParams) at Microsoft.ConfigurationManagement.AdminConsole.CloudServiceRoles.DepOnboardingHelper.UploadDepToken(ConnectionManagerBase connectionManager, String encryptedDepToken) at Microsoft.ConfigurationManagement.AdminConsole.CloudServiceRoles.DEPOnboardingPageControl.UploadTokenToIntune() 

-------------------------------

System.Management.ManagementException

Generic failure

Stack Trace:

at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.ExecuteMethod(String methodClass, String methodName, Dictionary2 methodParameters, Boolean traceParameters) at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.ExecuteMethod(String methodClass, String methodName, Dictionary2 methodParameters) at Microsoft.ConfigurationManagement.AdminConsole.CloudServiceRoles.DepOnboardingHelper.InvokeDepAction(ConnectionManagerBase connectionManager, String methodName, Dictionary2 inParams) at Microsoft.ConfigurationManagement.AdminConsole.CloudServiceRoles.DepOnboardingHelper.UploadDepToken(ConnectionManagerBase connectionManager, String encryptedDepToken) at Microsoft.ConfigurationManagement.AdminConsole.CloudServiceRoles.DEPOnboardingPageControl.UploadTokenToIntune() -------------------------------

I also found this error in dmpuploader.log:

ERROR: Manageable exception caught, Error = Microsoft.Management.Services.Common.InternalErrorException: An error has occurred - Operation ID (for customer support): xxxx-xxxx-xxxx-xxx - Activity ID: xxxx-xxxx-xxxx-xxxx - Url: https://fef.msua02.manage.microsoft.com/StatelessConnectorService/AccountActions(guid'xxxx-xxxx-xxxx-xxxx')/UploadDepToken - CustomApiErrorPhrase:~~ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at Microsoft.Management.Services.OData.Client.ODataServiceActionContext.d__71.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Management.Services.OData.Client.V2ContextExecutor.<>c__51.<b__5_0>d.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Management.Services.OData.Client.V2ContextExecutor.d__6.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Management.Services.OData.Client.FabricServiceSession.<>c__DisplayClass22_01.<b__0>d.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Management.Services.OData.Client.FabricServiceSession.d__26.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Management.Services.OData.Client.FabricServiceSession.<>c__DisplayClass24_0.<b__0>d.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Management.Services.Common.RetryOperation.d__41.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at Microsoft.Management.Services

That’s quite a mouthful! If you come across this issue, the resolution is pretty straightforward:

  1. Log in to your Apple DEP portal
  2. Create a new MDM server
  3. Upload a new DEP token request
  4. Download the generated token and add it to your ConfigMgr server
  5. Success!

If you had any devices assigned to your MDM server, you can move them in the Apple DEP portal by exporting the serial numbers to a CSV then reimporting them and selecting the option to move them to a new server.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.