Microsoft Intune 中的 iOS/iPadOS 设备注册问题疑难解答Troubleshoot iOS/iPadOS device enrollment problems in Microsoft Intune

本文可帮助 Intune 管理员在 Intune 中注册 iOS/iPadOS 设备时了解和解决问题。This article helps Intune administrators understand and troubleshoot problems when enrolling iOS/iPadOS devices in Intune.

必备条件Prerequisites

在开始故障排除之前,请务必收集一些基本信息。Before you start troubleshooting, it's important to collect some basic information. 此信息可帮助你更好地了解问题并缩短找到解决方法的时间。This information can help you better understand the problem and reduce the time to find a resolution.

收集有关问题的下列信息:Collect the following information about the problem:

  • 确切错误消息是什么?What is the exact error message?
  • 在哪里看到错误消息?Where do you see the error message?
  • 何时开始出现问题?When did the problem start? 注册成功了吗?Has enrollment ever worked?
  • 哪个平台(Android、iOS/iPadOS、Windows)存在问题?What platform (Android, iOS/iPadOS, Windows) has the problem?
  • 有多少用户受到影响?How many users are affected? 是所有用户都受影响还是仅仅一部分用户受影响?Are all users affected or just some?
  • 有多少设备受到影响?How many devices are affected? 是所有设备都受影响还是仅仅一部分设备受影响?Are all devices affected or just some?
  • 什么是 MDM 机构?What is the MDM authority?
  • 如何执行注册?How is enrollment being performed? 是“自带设备”(BYOD) 还是带有注册配置文件的 Apple 自动设备注册划 (ADE)?Is it "Bring your own device" (BYOD) or Apple Automated Device Enrollment (ADE) with enrollment profiles?

错误消息Error messages

配置文件安装失败。Profile Installation Failed. 发生了网络错误。A Network Error Has Occurred.

原因:设备上的 iOS/iPadOS 存在未指定的问题。Cause: There's an unspecified problem with iOS/iPadOS on the device.

解决方法Resolution

  1. 若要防止在以下步骤中丢失数据(还原 iOS/iPadOS 会删除设备上的所有数据),请确保备份数据。To prevent data loss in the following steps (restoring iOS/iPadOS deletes all data on the device), make sure to back up your data.
  2. 将设备置于恢复模式,然后将其还原。Put the device in recovery mode and then restore it. 请确保将其设置为新设备。Make sure that you set it up as a new device. 有关如何还原 iOS/iPadOS 设备的详细信息,请参阅 https://support.apple.com/HT201263For more information about how to restore iOS/iPadOS devices, see https://support.apple.com/HT201263.
  3. 重新注册设备。Re-enroll the device.

配置文件安装失败。Profile Installation Failed. 无法建立到服务器的连接。Connection to the server could not be established.

原因:Intune 租户配置为仅允许公司拥有的设备。Cause: Your Intune tenant is configured to only allow corporate-owned devices.

解决方法Resolution

  1. 登录到 Azure 门户。Sign in to the Azure portal.
  2. 选择“更多服务”,搜索“Intune”,然后选择“Intune” 。Select More Services, search for Intune, and then select Intune.
  3. 选择“设备注册” > “注册限制” 。Select Device enrollment > Enrollment restrictions.
  4. 在“设备类型限制”下,选择要设置的限制,然后选择“属性” > 选择平台 > 针对“iOS”选择“允许” ,然后单击“确定”。Under Device Type Restrictions, select the restriction that you want to set > Properties > Select platforms > select Allow for iOS, and then click OK.
  5. 选择“配置平台”,针对个人拥有的 iOS/iPadOS 设备选择“允许”,然后单击“确定”。Select Configure platforms, select Allow for personally owned iOS/iPadOS devices, and then click OK.
  6. 重新注册设备。Re-enroll the device.

原因:你注册了以前使用其他用户帐户注册的设备,并且以前的用户未相应地从 Intune 中删除。Cause: You enroll a device that was previously enrolled with a different user account, and the previous user was not appropriately removed from Intune.

解决方法Resolution

  1. 取消安装当前所有配置文件。Cancel any current profile installation.
  2. 在 Safari 中打开 https://portal.manage.microsoft.comOpen https://portal.manage.microsoft.com in Safari.
  3. 重新注册设备。Re-enroll the device.

备注

如果注册仍失败,请在 Safari 中删除 cookie(不要阻止 cookie),然后重新注册设备。If enrollment still fails, remove cookies in Safari (don't block cookies), then re-enroll the device.

原因:该设备已经在另一个 MDM 提供程序中注册。Cause: The device is already enrolled with another MDM provider.

解决方法Resolution

  1. 在 iOS/iPadOS 设备上打开“设置”,转到“常规”>“设备管理”。Open Settings on the iOS/iPadOS device, go to General > Device Management.
  2. 删除任何现有的管理配置文件。Remove any existing management profile.
  3. 重新注册设备。Re-enroll the device.

原因:尝试注册该设备的用户没有 Microsoft Intune 许可证。Cause: The user who is trying to enroll the device does not have a Microsoft Intune license.

解决方法Resolution

  1. 转到 Microsoft 365 管理中心,然后选择“用户”>“活动用户”。Go to the Microsoft 365 Admin Center, and then choose Users > Active Users.
  2. 选择想要为其分配 Intune 用户许可证的用户帐户,然后选择“产品许可证”>“编辑”。Select the user account that you want to assign an Intune user license to, and then choose Product licenses > Edit.
  3. 将需要分配给该用户的许可证切换到“打开”位置,然后选择“保存”。Switch the toggle to the On position for the license that you want to assign to this user, and then choose Save.
  4. 重新注册设备。Re-enroll the device.

不支持此服务。This Service is not supported. 无注册策略。No Enrollment Policy.

原因:Intune 中未配置 Apple MDM Push Certificate,或者该证书无效。Cause: An Apple MDM push certificate isn't configured in Intune, or the certificate is invalid.

解决方法Resolution

公司门户暂时不可用。Company Portal Temporarily Unavailable. 公司门户应用遇到问题。The Company Portal app encountered a problem. 如果问题仍然存在,请与系统管理员联系。If the problem persists, contact your system administrator.

原因:公司门户应用已过期或已损坏。Cause: The Company Portal app is out of date or corrupted.

解决方法Resolution

  1. 从设备中删除公司门户应用。Remove the Company Portal app from the device.
  2. App Store 下载并安装 Microsoft Intune 公司门户应用。Download and install the Microsoft Intune Company Portal app from App Store.
  3. 重新注册设备。Re-enroll the device.

备注

如果用户尝试注册的设备数目超过配置允许的设备注册数,也会出现此错误。This error can also occur if the user is attempting to enroll more devices than device enrollment is configured to allow. 如果这些步骤不能解决问题,请按照以下“已达到设备上限”的解决方法步骤操作。Follow the resolutions steps for Device Cap Reached below if these steps do not resolve the issue.

已达到设备上限Device Cap Reached

原因:用户尝试注册的设备数超过设备注册限制。Cause: The user tries to enroll more devices than the device enrollment limit.

解决方法Resolution

  1. Microsoft Endpoint Manager 管理中心中,选择“设备” > “所有设备”,并检查用户已注册的设备数。In the Microsoft Endpoint Manager admin center, choose Devices > All Devices, and check the number of devices the user has enrolled.

    备注

    还应让受影响的用户登录到 Intune 用户门户并检查这些用户已注册的设备。You should also have the affected user logon to the Intune user portal and check devices that have enrolled. Intune 用户门户中可能显示一些设备,但 Intune 管理门户中没有显示,此类设备也会计入设备注册限制。There may be devices that appear in the Intune user portal but not in the Intune admin portal, such devices also count toward the device enrollment limit.

  2. Microsoft Endpoint Manager 管理中心中,选择“设备” > “注册限制”,然后查看设备注册限制。In the Microsoft Endpoint Manager admin center, choose Devices > Enrollment restrictions > check the device enrollment limit. 默认情况下,将此限制设置为 15 个。By default, the limit is set to 15.
  3. 如果已注册的设备数已达到限制,请删除不必要的设备,或者增加设备注册限制。If the number of devices enrolled has reached the limit, remove unnecessary devices, or increase the device enrollment limit. 由于每个已注册的设备都使用 Intune 许可证,因此建议首先删除不必要的设备。Because every enrolled device consumes an Intune license, we recommend that you always remove unnecessary devices first.
  4. 重新注册设备。Re-enroll the device.

Workplace Join 失败Workplace Join failed

原因:公司门户应用已过期或已损坏。Cause: The Company Portal app is out of date or corrupted.

解决方法Resolution

  1. 从设备中删除公司门户应用。Remove the Company Portal app from the device.
  2. App Store 下载并安装 Microsoft Intune 公司门户应用。Download and install the Microsoft Intune Company Portal app from App Store.
  3. 重新注册设备。Re-enroll the device.

用户许可证类型无效User License Type Invalid

原因:尝试注册该设备的用户没有有效的 Intune 许可证。Cause: The user who is trying to enroll the device does not have a valid Intune license.

解决方法Resolution

  1. 转到 Microsoft 365 管理中心,然后选择“用户” > “活动用户”。Go to the Microsoft 365 admin center, and then choose Users > Active Users.
  2. 选择受影响的用户帐户 >“产品许可证” > “编辑”。Select the affected user account > Product licenses > Edit.
  3. 验证是否为此用户分配了有效的 Intune 许可证。Verify that a valid Intune license is assigned to this user.
  4. 重新注册设备。Re-enroll the device.

未识别用户名。User Name Not Recognized. 此用户帐户无权使用 Microsoft Intune。This user account is not authorized to use Microsoft Intune. 如果你认为收到的消息不正确,请与系统管理员联系。Contact your system administrator if you think you have received this message in error.

原因:尝试注册该设备的用户没有有效的 Intune 许可证。Cause: The user who is trying to enroll the device does not have a valid Intune license.

  1. 转到 Microsoft 365 管理中心,然后选择“用户” > “活动用户”。Go to the Microsoft 365 admin center, and then choose Users > Active Users.
  2. 选择受影响的用户帐户,然后选择“产品许可证” > “编辑”。Select the affected user account, and then choose Product licenses > Edit.
  3. 验证是否为此用户分配了有效的 Intune 许可证。Verify that a valid Intune license is assigned to this user.
  4. 重新注册设备。Re-enroll the device.

配置文件安装失败。Profile Installation Failed. 新的 MDM 有效负载与旧负载不匹配。The new MDM payload does not match the old payload.

原因:设备上已安装管理配置文件。Cause: A management profile is already installed on the device.

解决方法Resolution

  1. 在 iOS/iPadOS 设备上打开“设置”>“常规” > “设备管理”。Open Settings on the iOS/iPadOS device > General > Device Management.
  2. 点击现有的管理配置文件,然后点击“删除管理”"。Tap the existing management profile, and tap Remove Management.
  3. 重新注册设备。Re-enroll the device.

NoEnrollmentPolicyNoEnrollmentPolicy

原因:Apple Push Notification 服务 (APNs) 证书丢失、无效或已过期。Cause: The Apple Push Notification Service (APNs) certificate is missing, invalid, or expired.

解决方法Resolution

验证是否已将有效的 APNs 证书添加到 Intune。Verify that a valid APNs certificate is added to Intune. 有关详细信息,请参阅设置 iOS/iPadOS 注册For more information, see Set up iOS/iPadOS enrollment.

AccountNotOnboardedAccountNotOnboarded

原因:Intune 中配置的 Apple Push Notification 服务 (APNs) 证书存在问题。Cause: There's a problem with the Apple Push Notification service (APNs) certificate configured in Intune.

解决方法Resolution

续订 APNs 证书,然后重新注册设备。Renew the APNs certificate, and then re-enroll the device.

重要

请务必续订 APNs 证书。Make sure that you renew the APNs certificate. 请勿替换 APNs 证书。Don't replace the APNs certificate. 如果替换证书,则必须在 Intune 中重新注册所有 iOS/iPadOS 设备。If you replace the certificate, you have to re-enroll all iOS/iPadOS devices in Intune.

XPC_TYPE_ERROR 连接无效XPC_TYPE_ERROR Connection invalid

当你打开一台分配有注册配置文件且受 ADE 管理的设备时,注册将会失败,并且你会收到以下错误消息:When you turn on a ADE-managed device that is assigned an enrollment profile, enrollment fails, and you receive the following error message:

asciidoc
mobileassetd[83] <Notice>: 0x1a49aebc0 Client connection: XPC_TYPE_ERROR Connection invalid <error: 0x1a49aebc0> { count = 1, transaction: 0, voucher = 0x0, contents = "XPCErrorDescription" => <string: 0x1a49aee18> { length = 18, contents = "Connection invalid" } }
iPhone mobileassetd[83] <Notice>: Client connection invalid (Connection invalid); terminating connection
iPhone com.apple.accessibility.AccessibilityUIServer(MobileAsset)[288] <Notice>: [MobileAssetError:29] Unable to copy asset information from https://mesu.apple.com/assets/ for asset type com.apple.MobileAsset.VoiceServices.CombinedVocalizerVoices
iPhone mobileassetd[83] <Notice>: 0x1a49aebc0 Client connection: XPC_TYPE_ERROR Connection invalid <error: 0x1a49aebc0> { count = 1, transaction: 0, voucher = 0x0, contents = "XPCErrorDescription" => <string: 0x1a49aee18> { length = 18, contents = "Connection invalid" }

原因:设备与 Apple ADE 服务之间存在连接问题。Cause: There's a connection issue between the device and the Apple ADE service.

解决方法Resolution

解决连接问题,或使用其他网络连接来注册设备。Fix the connection issue, or use a different network connection to enroll the device. 如果问题仍然存在,可能还需要联系 Apple。You may also have to contact Apple if the issue persists.

其他问题Other issues

ADE 注册不启动ADE enrollment doesn't start

打开分配有注册配置文件且受 ADE 管理的设备时,Intune 注册过程未启动。When you turn on a ADE-managed device that is assigned an enrollment profile, the Intune enrollment process isn't initiated.

原因:在将 ADE 令牌上传到 Intune 之前创建了注册配置文件。Cause: The enrollment profile is created before the ADE token is uploaded to Intune.

解决方法Resolution

  1. 编辑注册配置文件。Edit the enrollment profile. 可以对配置文件进行任何更改。You can make any change to the profile. 目的是更新配置文件的修改时间。The purpose is to update the modification time of the profile.
  2. 同步 ADE 管理的设备:在 Microsoft Endpoint Manager 管理中心中,选择“设备” > “iOS” > “iOS 注册” > “注册计划令牌”> 选择令牌 >“立即同步” 。Synchronize ADE-managed devices: In the Microsoft Endpoint Manager admin center, choose Devices > iOS > iOS enrollment > Enrollment program tokens > choose a token > Sync now. 会向 Apple 发送同步请求。A sync request is sent to Apple.

在用户登录时,ADE 注册停滞ADE enrollment stuck at user login

打开分配有注册配置文件且受 ADE 管理的设备并输入凭据后,初始设置会停滞。When you turn on a ADE-managed device that is assigned an enrollment profile, the initial setup sticks after you enter credentials.

原因:启用了多重身份验证 (MFA)。Cause: Multi-Factor authentication (MFA) is enabled. 在 ADE 设备上注册期间,当前 MFA 不起作用。Currently MFA doesn't work during enrollment on ADE devices.

解决方法Resolution

禁用 MFA,然后重新注册设备。Disable MFA, and then re-enroll the device.

身份验证不会重定向到政府云Authentication doesn’t redirect to the government cloud

从另一台设备登录的政府用户会重定向到公有云进行身份验证,而不是政府云。Government users signing in from another device are redirected to the public cloud for authentication rather than the government cloud.

原因:从另一台设备登录时,Azure AD 尚不支持重定向到政府云。Cause: Azure AD does not yet support redirecting to the government cloud when signing in from another device.

解决方法Resolution

使用“设置”应用中的 iOS 公司门户“云”设置,将政府用户身份验证重定向到政府云。Use the iOS Company Portal Cloud setting in the Settings app to redirect government users’ authentication towards the government cloud. 默认情况下,“云”设置将设置为“自动”,公司门户将身份验证定向到设备自动检测到的云(如公有云或政府云)。By default, the Cloud setting is set to Automatic and Company Portal directs authentication towards the cloud that is automatically detected by the device (such as Public or Government). 从另一台设备登录的政府用户需要手动选择政府云进行身份验证。Government users who are signing in from another device will need to manually select the government cloud for authentication.

打开“设置”应用并选择“公司门户”。Open the Settings app and select Company Portal. 在公司门户设置中,选择“云”。In the Company Portal settings, select Cloud. 将“云”设置为政府云。Set the Cloud to Government.

后续步骤Next steps