Jump to content


HLJ

Company Portal - missing ConfigMgr apps deployed to users

By HLJ, in System Center Configuration Manager (Current Branch)

Recommended Posts

HLJ Newbie

HLJ

Posted
Posted

I'm having an issue with company portal only showing some of the apps deployed from ConfigMgr (Intune apps show up fine). 
On a closer look, apps assigned to device collections shows up in both software center and in company portal while apps assigned to users only show up in software center. 
This issue only occurs while I am on-prem and only on hybrid joined devcies. If I move the device to an Internet connection or force the client into alwaysOnInternet via the registry (or use a co-managed Entra ID joined device) all apps show up in Company Portal. 
I tried a few different types of deployments; packages, applications, custom, msi, weblinks, deployed as required, deployed as available -no difference noted. 

Is this the expected behaviour? I'm seeing this both in a prod environment and in lab

Setup (both in prod and lab):

ConfigMgr 2403
Entra ID hybrid joined devices
CMG in place
Client apps workload moved to Intune
Client setting deployed to use company portal instead of Software Center
User / device allowed to retrieve policies from Internet
MP allows CMG traffic
ConfigMgr in HTTPS only mode
policyAgent.log shows device recieving user and device policies
Win10 (22H2) and Win11 (23H2) clients

Share this post

Link to post
Share on other sites
HLJ Newbie

HLJ

Posted
Posted

Ok, fixed it. 
In case anyone else ends up with this issue; the problem in this case was trusted site settings. 
For some reason the "include all local (intranet) sites" option was not being respected and the fqdn of the primary site; cmserver.corp.com had to be added to the local intranet zone. 

The company portal logs shows that an exception occurred  when calling the config manager user service
Exception of type MessageSecurityException has been thrown. Detailed message: MessageSecurityException handled when trying to query the User Service with using...
and that the Config Manager user service is using Windows Authentication
76xxxxxa-0xxa-4a6e-911f-fxxxxxxx9    2-1-1    Configuration Manager User Service is using Windows Auth.

IIS logs on site server shows no authenticating users but a series of 401 returns to requesting client. 

When the client is on the Internet the company portal logs shows that the user service is contacted using AAD Auth instead of Windows auth so in that case no Integrated authentication was attempted. 

After adding the site server to the local intranet zone and re-launching the company portal all apps were displayed and no auth failures were logged

  • Like 1

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.