Known Issue: Missing certificates after updating Samsung work profile devices to Android 12

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Microsoft Intune was recently alerted to an issue for Samsung devices enrolled with a work profile that, after updating to Android 12, some email and VPN applications are losing access to certificates when the user tries to access them (such as Gmail and AnyConnect VPN). The missing certificates prevent users from being able to access their email on Gmail and VPN apps. We are working closely with Samsung to resolve this issue but wanted to share temporary workarounds to help users access their VPN apps. We’ll update this post as more information becomes available.

AnyConnect VPN

Users attempting to use the AnyConnect VPN app will see a prompt from the app suggesting that the client certificate needed to make the connection could not be found and a valid certificate should be chosen. This issue can be addressed by clearing out the app data cache.

 

 

  1. Go to Settings > Work Profile > Apps > AnyConnect VPN > Storage > Clear Data.
  2. Upon opening AnyConnect VPN again, the app will request the certificates again in a popup prompt.
  3. Select the certificate to fix the problem.

 

Gmail

Users attempting to access Gmail on their device are prompted to select a certificate when accessing Gmail and then see a “Can’t reach server” message after selecting the appropriate certificate. In this scenario, there are two different approaches you can use to work around the issue; one is on the device and the other option is through IT administrator action.

 

Option 1: On a device - Remove and reinstall the work profile and Company Portal

 

  1. Open the Company Portal app> Menu > tap Remove Company Portal.
  2. Open Google Play app > select the Intune Company Portal app > Uninstall the app.
  3. In Google Play, Install the Intune Company Portal app.
  4. Open and sign into the Company Portal.
  5. Gmail in the work profile now works as expected.

 

Option 2 (IT administrators only): Remove and re-add the Gmail device configuration

 

  1. In the Microsoft Endpoint Manager admin center, create an exclusion group for the Gmail app.

  2. Add the user(s) to the exclusion group.

  3. Sync the policy on the Android device.

  4. Confirm Gmail is removed from the device.

  5. Remove the user from the exclusion group.

  6. Confirm Gmail is added to the device.

  7. Gmail in the work profile now works as expected.

We will continue to update this post as new information becomes available. If you have any questions, reply to this post or reach out to @IntuneSuppTeam on Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.