Microsoft
MicrosoftWe tried installing the new connector and ran into an error. When we run the Wizzard, we can log into with the Global Admin / Intune Admin but can't move any forward. We don't receive any error message in the GUI.
The account on the server has delegated the permission to create Service Accounts in AD and is local Admin on the server (even tried Domain Admin). A service account is created in the OU in Active Directory every time I click "Sign In". Running Test-ADServiceAccount even returns a "True" for this account on the server.
The Wizzard log (ODJConnectorUI.log) is showing following:
ODJ Connector UI Information: 0 : Browser loaded page https://portal.manage.microsoft.com/Home/ClientLogonSuccess
DateTime=2025-03-04T08:11:59.1540429Z
ODJ Connector UI Information: 0 : Getting the URL for EnrollmentService from https://manage.microsoft.com/RestUserAuthLocationService/RestUserAuthLocationService/ServiceAddresses
DateTime=2025-03-04T08:11:59.4821790Z
ODJ Connector UI Information: 0 : Received Url for EnrollmentService as https://fef.msub05.manage.microsoft.com/StatelessEnrollmentService from RestUserAuthLocationService.
DateTime=2025-03-04T08:11:59.4821790Z
ODJ Connector UI Information: 0 : Getting the URL for RAODJPlusFEGatewayService_FEF from https://manage.microsoft.com/RestUserAuthLocationService/RestUserAuthLocationService/ServiceAddresses
DateTime=2025-03-04T08:11:59.4821790Z
ODJ Connector UI Information: 0 : Received Url for RAODJPlusFEGatewayService_FEF as https://fef.msub05.manage.microsoft.com/TrafficGateway/TrafficRoutingService/RAODJPlus/StatelessODJService from RestUserAuthLocationService.
DateTime=2025-03-04T08:11:59.4821790Z
ODJ Connector UI Information: 0 : Searching for any pre-existing Managed Service Accounts installed on this machine.
DateTime=2025-03-04T08:11:59.4977923Z
ODJ Connector UI Information: 0 : MSA name : msaODJAb91q
DateTime=2025-03-04T08:11:59.7165453Z
ODJ Connector UI Error: 2 : ERROR: Enrollment failed. Detailed message is: Microsoft.Management.Services.ConnectorCommon.Exceptions.ConnectorConfigurationException: MSA account msaODJAb91q is not valid!
at Microsoft.Management.Services.ConnectorCommon.ManagedServiceAccountUtilities.ManagedServiceAccountUtilities.CreateManagedServiceAccount(String domainName, String precreatedMsaAccount)
at ODJConnectorUI.EnrollmentTab.CreateMsa(String domainName, StepsStarted& stepsStartedFlag)
at ODJConnectorUI.EnrollmentTab.webBrowser_LoadCompleted(Object sender, NavigationEventArgs e)
DateTime=2025-03-04T08:11:59.9040514Z
ODJ Connector UI Information: 0 : Storing telemetry: CreateMsaAccount, hasException: True
DateTime=2025-03-04T08:11:59.9040514Z
ODJ Connector UI Information: 0 : Sending telemetry: CreateMsaAccount, hasException: True
DateTime=2025-03-04T08:11:59.9040514Z
ODJ Connector UI Information: 0 : Sending telemetry to ODJService
DateTime=2025-03-04T08:11:59.9040514Z
ODJ Connector UI Information: 0 : RAODJPlus Service URL: https://fef.msub05.manage.microsoft.com/TrafficGateway/TrafficRoutingService/RAODJPlus/StatelessODJService/odjConnectorTelemetry/uploadTelemetry
DateTime=2025-03-04T08:11:59.9040514Z
ODJ Connector UI Information: 0 : Successfully sent request to RAODJPlusFEGatewayService_FEF
DateTime=2025-03-04T08:12:00.2946816Z
ODJ Connector UI Information: 0 : Response from ODJService: OK
DateTime=2025-03-04T08:12:00.2946816Z
ODJ Connector UI Error: 8 : Removing Managed Service Account ...
Can you please advice what going wrong here?
I got it working. You need to have the Intune Administrator role explicitly assigned to your account/role group. Global Administrator is NOT sufficient.
Unfortunately, this didn't work for me. I've the Global Admin and the Intune Administrator assigned in Entra ID.
Intune_Support_Teamcan we get some feedback?
Thanks! Adding the "Enterprise Admin" seems to fix the issue.
Well this i undocumented and not best practice Intune_Support_Team
