Reset Search
 

 

Article

KB43890 - iOS device certificate details are password protected until installed after enrolling the device using Microsoft InTune with Pulse for iOS 7.0.0

« Go Back

Information

 
Last Modified Date9/12/2018 10:00 PM
Synopsis
This article describes an issue that occurs when using Microsoft Intune to enroll iOS devices after installing or upgrading to Pulse Mobile for iOS 7.0.0, where Pulse certificate authentication fails with error:

Missing certificate.  Check that your certificate is valid and up-to-date and try again.  
Problem or Goal
Using Microsoft Intune to enroll iOS devices after installing or upgrading to Pulse Mobile for iOS 7.0.0, Pulse certificate authentication fails with the following error:
Missing certificate.  Check that your certificate is valid and up-to-date, and try again.



User-added image

When viewing the configuration profile from iOS, the affected certificates show the following message:
 
Issued by: Certificate details are password protected until installed. 


(Screenshot of affected certificates from iOS configuration profile.), do note that the certificate is not greyed out but shows the error above.

User-added image
Cause

The root cause for this issue is that when Pulse Mobile for iOS 7.0.0 is installed, the underlying iOS components performs migration of certificates to the new locations.However, Pulse Secure have found that after Apple iOS performs this migration the client certificates are not available for the Pulse Secure app to use when using Microsoft Intune as MDM.
Solution

Pulse Secure has reported this issue to Apple as a bug and it is currently under investigation by Apple. 

Below are possible scenarios and workarounds :
 
ScenarioIssueImpactWorkaround
Intune-enrolled iOS device updates from Pulse Mobile for iOS 6.x  to 7.0.0 or installs Pulse Mobile for iOS 7.0.0 after device enrollmentClient certificate is delivered to device, but Pulse client cannot select the cert. VPN stops workingSee workarounds below
Device with Pulse Mobile for iOS 7.0 installed, upgrades to a newer version of iOS. Pulse client will not be able to select the certificateVPN stops workingPerform workarounds below to fix issue below before upgrading to iOS 12
3.Intune-enrolled iOS device updates from Pulse Secure 6.x to 7.0.0/ installs 7.0.0 after device enrolment.Cert profile deployed through Intune used for Pulse Secure VPN profile is also used for other Apps,Pulse client will not be able to select the certificate but other  Apps like Wifi or Email will be able to select the certificate.VPN stops working but other Apps leveraging same certificate will not be affectedSee workarounds below
Deploy NE profile in 6.x pulse client to avoid issue when upgrading to 7.0.0Deploy the NE profile in 6.x client before upgrading to 7.0.0 pulse client to handle situations where client certificate is not selectable breaking VPN.Devices on 6.8.0 will see no impact if we implement the NE profile and upgrade to 7.0.0 client,do note that before upgrading to iOS 12,devices will need to be on 7.0.x version of Pulse iOS client. Please refer KB43870

On the Pulse Mobile for iOS 7.0.0, the certificate is not available for selection and is not binded with VPN profile.

User-added imageUser-added image


Workaround 1 :
  1. In Microsoft Intune open the existing plugin-profile.

User-added image
  1. Rename the Connection name from plugin to plugin-1.

User-added image
 

If Workaround 1 does not work, we can try Workaround 2 below :

Workaround 2 :

We can remove the assignment (such as group/people) and reassign the same again after 5 – 10 minutes.This will remove the profile and re-assign it back.

Remove group assignment as in below screenshot :

User-added image

Re-assign the group after 5-10 minutes :

User-added image

After few minutes, the profile will get pushed to the iOS device and the device certificates will be recognized by the device and can be used for authentication. 

The client certificate should be now available for selection in the Pulse Client.


User-added image

Please open a case with support if the workaround does not resolve the issue.
Related Links
http://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43813
http://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43870
http://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43801
http://kb.pulsesecure.net/articles/Pulse_Technical_Bulletin/TSB43886
http://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43885
Attachment 1 
Created Byjai laisram

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255