Android Enterprise Customer Community

Zackory · ‎11-14-2023

Dear Community Members,

We are currently encountering an issue with the enrollment of three recently acquired Samsung S23 devices. While we are able to successfully enroll other devices, these specific models are presenting a persistent problem.

The error message displayed is as follows: "Zero-Touch Registration is not available. Check your internet connection and try again."

To address this, we have attempted the following troubleshooting steps:

Utilized mobile data from various carriers as well as Wi-Fi connections, yet the error persists.
Formatted the devices.
Completely removed the devices from the Zero-Touch portal (https://partner.android.com/zerotouch#) and subsequently re-added them.
Attempted manual enrollment using the QR Code provided by Intune.

Despite these efforts, the issue remains unresolved. Interestingly, we have successfully enrolled a Samsung XCover 5 without encountering any similar difficulties.

We are reaching out to inquire if others in the community are experiencing similar challenges with Samsung S23 devices. Any insights or suggestions would be greatly appreciated.

Thank you for your attention to this matter.

Kind regards,

Zackory

Lizzie · ‎01-22-2024

Hello everyone,

I hope you are doing well.

I wanted to come back to you all with some positive news a fix has been implemented for this issue. I've heard from a couple of you that this is now working. If you could all check your impacted devices please to see if this has been resolved and let me know, that would be a great help.

Once again a massive thank you for all the feedback you have shared in this discussion, it has really helped to get this resolved.

Hope to hear from you soon and thanks again.

Lizzie

P.S - I will mark this as resolved and update the service announcement, but do keep me posted if you believe this isn't the case. Thanks.

I'm currently away from the Community on holiday, read more here.

Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

View solution in original post

Lizzie · ‎07-10-2024

Hey everyone,

I hope you are doing well. As this issue is now resolved and it's quite a long discussion, to avoid confusion with any future comments I'm going to close this topic for new replies now. I hope this is all fine with you.

If you are experiencing something similar or want to discuss something related, please do create a new topic here in the community (here is the direct link to do it) and we can carry on the conversation.

Thanks so much,

Lizzie

I'm currently away from the Community on holiday, read more here.

Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

View solution in original post

weberda · ‎12-11-2023

@Lizzie Hi all! We are using MS Intune and Samsung Galaxy A54 devices enrolling into COPE via Zero Touch. Since Tuesday last week, we are experience the exact same situation as described here.

Everything to workaround this did not succeed. Waiting for some solution and raised a Google case with one of our Resellers to have a priority on this.

Moombas · ‎12-11-2023

@all with the issue here (as this has turned out to be a Samsung related issue) is there a reason that you don't use Knox instead of Google ZTP?

weberda · ‎12-11-2023

For us, simplicity in forms of "just use one entry point for all manufacturers". If we decide to switch to another manufacturer or use multiple manufacturers devices we can still use the same setup process (internal guides ...)

Moombas · ‎12-11-2023

Ok, so just simplifying.

Just asking because we use Knox for the Samsung and Google ZTP for the rest as Knox provides more functionality (adding Tags etc.) but completely understand the reason for simplifying.

Was some how more a hint if someone maybe can check if it'S one Google ZTP related and maybe works via Knox instead as Samsung devices always look into Knox first and later (if solved from Google side) you can just remove them from Knox and then all are using G ZTP again.

Peter · ‎12-11-2023

I assigned a knox mobile enrollment profile AFTER the device ran into the zero-touch enrollment error > the knox enrollment profile does not take effect.

zero-touch enrollment error

Moombas · ‎12-11-2023

Interesting, not what i would expect but very good to know.

Definitely also something to let Samsung know.

Moombas · ‎12-12-2023

And FYI: Just enrolled a Samsung A34 5G EE with Android 14, enrolling fine using Samsung Knox as the system pointing to our MDM.

Marina · ‎12-12-2023

Hello Community! A52 5G has the same issue with Zero-Touch as described.

Lizzie · ‎12-14-2023

Hello everyone,

@Zackory, @EricW, @LFagni, @Peter, @Marina, @weberda, @EdwinK, @HarmonJames, @treborny

I just wanted to come back to you all. Thanks again for continuing to share what you are experiencing here.

To confirm, we are aware of this issue and our team are currently working with Samsung to resolve this.

In the meantime, I was wondering if I could ask for your help providing a few more details. So that you don't need to post this publicly, I'll send you a direct message to your community inbox here in the community.

I will continue to keep you posted with any updates I receive.

Thank you again,

Lizzie

I'm currently away from the Community on holiday, read more here.

Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

xfiha · ‎12-15-2023

Hi Lizzie,

I just ran into this issue while deploying devices. Can you please keep me posted aswell?
If you would like some additional details I can provide with that too.

Best regards,
Filip

Lizzie · ‎12-19-2023

Hello @xfiha,

Thanks so much for reply here. I've just sent you a direct message with some questions.

Speak to you soon.

Lizzie

I'm currently away from the Community on holiday, read more here.

Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

AndriusG · ‎12-19-2023

Hi, we are facing the exact same problem, can we please get some assistance on what we can do in this case?

Varun3330 · ‎12-19-2023

Any update on this?

jasonbayton · ‎12-15-2023

FWIW to everyone affected, From what I hear Samsung are resolving this with an OTA. Details are light however since it appears to be a system issue, unless Google and Samsung implement a workaround in the immediate term, a full fix won't go out before the next 1-2 rounds of system updates.

KME (Knox Mobile Enrolment) is a viable alternative in the short term and will get you and your users back up on your feet. Remember whether you switch to KME or use another provisioning method such as QR, the ZT config must be first removed or you'll face issues with devices wanting to reset.

Sagarlps · ‎12-19-2023

Our customers are facing the same issue while enrolling their Samsung devices.

Oliver_Reitz · ‎12-19-2023

Hi,
I have the same problems with Zero Touch.
I don't use Knox.
If I remove the Zero Touch profile I can set it up with the QR code.
With almost 1000 new devices coming out now, there is no good solution.
Please Google help us

Lizzie · ‎12-19-2023

Hello @Oliver_Reitz, @Sagarlps and @AndriusG,

Thanks for sharing here, I am sorry to hear this is also impacting some of your devices. I hope you don't mind, I've just sent your direct message to your community inbox, with a few additional questions.

Thanks again,
Lizzie

I'm currently away from the Community on holiday, read more here.

Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

Varun3330 · ‎12-19-2023

Many of our customers are facing the same issue. QR code enrolment may not be an appropriate way. Please help

weberda · ‎12-20-2023

Hi everyone.

Samsung released an KB article describing the issue: https://docs.samsungknox.com/admin/knox-platform-for-enterprise/kbas/kba-1120-unable-to-enroll-devic...

As @jasonbayton already posted the only real solution (short-term) is using KME or QR Code enrollment after unassigning the devices in ZT portal. Maybe you can reach out to Samsung account management to see whether the offer some solutions for uploaded devices into KME after purchasing them...

EricW · ‎12-21-2023

I wanted to add more information about provisioning a device directly to Intune by using the QR code token, that bypasses the Zero Touch. What I lost was all the native Samsung apps and the Galaxy store. I was able to learn how to get the apps back by following this information Manage Android Enterprise system apps in Microsoft Intune | Microsoft Learn. But for some reason the Samsung Gallery has decided that it is not available and compatible with the S23 that I am trying to setup. It seems to think it is a S8 phone. So, I Installed the Google Gallery app, the only issue is that you can't access the gallery directly from the camera. As far as I can tell that is my only issue. I was able to compare Samsung apps that are in use, on a non-managed Samsung S20 phone. I added the following Samsung apps using the method in the link above: Samsung Clock, Galaxy Store, Weather and Wi-Fi Calling, and attempted the Gallery. That is working out. Would prefer to have that code that is in the Zero Touch config that says to leave the native apps.

Moombas · ‎12-21-2023

Hi Eric,

try to add this in the QR:

"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true,

I would expect it to work but didn't use it yet.

EricW · ‎12-21-2023

Yes, thank you Moombas, I have that in my Zero Touch configuration, but I do not know where to put that in the Microsoft Intune provisioning token. Yesterday I did find a forum where people said they added that to their QR, but no one gave any type of instructions on how to do that. I tried saving it as a Json file and add the code and use our QR Tiger account to create the QR code again but it didn't work.

Moombas · ‎12-21-2023

Hi Eric,

a provisioning QR looks like this (Example from my QR code generator for Soti as MDM but with that intune expire date added as you use intune, not sure if you need it) but tried to rework it for Intune:

{"qrCodeContent":

{"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",

"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.cloudpc/.receivers.CloudDeviceAdminReceiver",

"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup",

"android.app.extra.PROVISIONING_WIFI_SSID":"Wifi_SSID",

"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"WPA",

"android.app.extra.PROVISIONING_WIFI_PASSWORD":"WifiPassword",

"android.app.extra.PROVISIONING_USE_MOBILE_DATA":true,

"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true,

"android.app.extra.PROVISIONING_SKIP_ENCRYPTION":true,

"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":

{"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YourEnrollmentToken" ,

"PROVISIONING_MODE":"FULLY_MANAGED_DEVICE"}

},

"expirationDate": "2025-12-31T18:29:59.920206Z"}

The bold ones are those i changed because of Intune, the underlined bold one is the extra line you need to add.

EricW · ‎12-21-2023

Thank you, I had the code in the wrong place, but using the QR Code Tiger online app is yeilding me with an error message: Wrong QR Code Ask your IT admin for the correct code. So I must need to use a better QR code generator? My code that I was able to download from Intune is:

{
"qrCodeContent": {
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "NDEBIBNS"
}
},
"expirationDate": "0001-01-01T00:00:00Z"
}

Intune does have a spot that allows you to edit the scope tags of the token but that yields in a no access error message, and I am using the super admin.

EricW · ‎12-22-2023

Update, I figured out why my new QR codes would not work. I was pasting in an extra line of code that should not be there when creating a new QR code. after I deleted;

{
"qrCodeContent":

and generated the code it worked just fine!

Android Enterprise Customer Community

Android Enterprise Customer Community

Zero-Touch-Registration is not available