Security

I'm trying to set up the v5 intune extension and I get this error when trying to sync:

[2021-09-30T11:27:09.898] [ERROR] Intune - Error getting device list. self signed certificate in certificate chain

I suspect this is because we're doing SSL decryption on our firewall since we've seen similar issues before. The problem is I don't know what URL the extension is trying to reach to whitelist it from decryption. The extension IP address doesn't show up in the firewall logs, and I tried whitelisting graph.windows.net but that didn't help.

Another thread suggested using curl against the extension address but curl doesn't exist as a command on the cppm. Any ideas what to try?

------------------------------
Chalupa Supreme
------------------------------

Try whitelisting graph.microsoft.com as that's the API endpoint.

------------------------------
James Andrewartha
------------------------------

Original Message:
Sent: Sep 30, 2021 02:32 PM
From: Chalupa Supreme
Subject: Intune Extension v5 Error getting device list. self signed certificate in certificate chain

I'm trying to set up the v5 intune extension and I get this error when trying to sync:

[2021-09-30T11:27:09.898] [ERROR] Intune - Error getting device list. self signed certificate in certificate chain

I suspect this is because we're doing SSL decryption on our firewall since we've seen similar issues before. The problem is I don't know what URL the extension is trying to reach to whitelist it from decryption. The extension IP address doesn't show up in the firewall logs, and I tried whitelisting graph.windows.net but that didn't help.

Another thread suggested using curl against the extension address but curl doesn't exist as a command on the cppm. Any ideas what to try?

------------------------------
Chalupa Supreme
------------------------------

That did the trick. I had to reinstall the extension after whitelisting it but it started pulling devices down after that, thanks for the help!

------------------------------
Chalupa Supreme
------------------------------

Original Message:
Sent: Sep 30, 2021 08:51 PM
From: James Andrewartha
Subject: Intune Extension v5 Error getting device list. self signed certificate in certificate chain

Try whitelisting graph.microsoft.com as that's the API endpoint.

------------------------------
James Andrewartha

Original Message:
Sent: Sep 30, 2021 02:32 PM
From: Chalupa Supreme
Subject: Intune Extension v5 Error getting device list. self signed certificate in certificate chain

I'm trying to set up the v5 intune extension and I get this error when trying to sync:

[2021-09-30T11:27:09.898] [ERROR] Intune - Error getting device list. self signed certificate in certificate chain

I suspect this is because we're doing SSL decryption on our firewall since we've seen similar issues before. The problem is I don't know what URL the extension is trying to reach to whitelist it from decryption. The extension IP address doesn't show up in the firewall logs, and I tried whitelisting graph.windows.net but that didn't help.

Another thread suggested using curl against the extension address but curl doesn't exist as a command on the cppm. Any ideas what to try?

------------------------------
Chalupa Supreme
------------------------------