Apple Configurator Your Itunes Store Session Has Expired

1. Apple Configurator Your Itunes Store Session Has Expired Video
2. Itunes Download
3. Itunes Store Music
4. Itunes App Store
5. Itunes Store Download
6. Apple Configurator Your Itunes Store Session Has Expired -

If your Apple Developer Program membership is valid, your existing apps on the App Store won't be affected. However, you'll no longer be able to upload new apps or updates signed with the expired or revoked certificate to the App Store. IOS Distribution Certificate (in-house, internal-use apps). This popup usually occurs for users who cancelled their Apple Music subscription or iTunes Match subscription. The fix is pretty simple: Open iTunes Music player The moment you open the iTunes a pop up error message gets displayed i.e 'Your iTunes Store session has expired'.

Now log in to iCloud using the new AppleID: go to Settings click your name at the top iCloud and sign in. On i-devices, go to Settings Music and turn on 'Show Apple Music' and, optionally, 'Add Playlist Songs (if that's what you want). On i-devices, go to Settings click your name at the top iTunes and App Store turn on Music. I had something similar on windows-10. Make sure you are signed into iTunes. Be sure to authorize iTunes → Accounts → Authorizations → Authorize This Computer. Enable iTunes Wi-Fi sync for your phone. Minimize iTunes when done. Make sure it is still open in the background. Run altserver as admin. 3) Plug your iPhone or iOS device to the computer – recommended via cable. Ensure your iOS device is detected by the computer. 4) On the computer, with iOS device connected, go to AltServer, then click 'Install AltStore' and choose your iOS device. 5) When prompted, key-in your Apple ID and password that your iOS device is using.

This article helps Intune administrators understand and troubleshoot problems when enrolling iOS/iPadOS devices in Intune.

Prerequisites

Before you start troubleshooting, it's important to collect some basic information. This information can help you better understand the problem and reduce the time to find a resolution.

Collect the following information about the problem:

• What is the exact error message?
• Where do you see the error message?
• When did the problem start? Has enrollment ever worked?
• What platform (Android, iOS/iPadOS, Windows) has the problem?
• How many users are affected? Are all users affected or just some?
• How many devices are affected? Are all devices affected or just some?
• What is the MDM authority?
• How is enrollment being performed? Is it 'Bring your own device' (BYOD) or Apple Automated Device Enrollment (ADE) with enrollment profiles?

Error messages

Profile Installation Failed. A Network Error Has Occurred.

Cause: There's an unspecified problem with iOS/iPadOS on the device.

Resolution

1. To prevent data loss in the following steps (restoring iOS/iPadOS deletes all data on the device), make sure to back up your data.
2. Put the device in recovery mode and then restore it. Make sure that you set it up as a new device. For more information about how to restore iOS/iPadOS devices, see https://support.apple.com/HT201263.
3. Re-enroll the device.

Profile Installation Failed. Connection to the server could not be established.

Cause: Your Intune tenant is configured to only allow corporate-owned devices.

Resolution

1. Sign in to the Azure portal.
2. Select More Services, search for Intune, and then select Intune.
3. Select Device enrollment > Enrollment restrictions.
4. Under Device Type Restrictions, select the restriction that you want to set > Properties > Select platforms > select Allow for iOS, and then click OK.
5. Select Configure platforms, select Allow for personally owned iOS/iPadOS devices, and then click OK.
6. Re-enroll the device.

Cause: You enroll a device that was previously enrolled with a different user account, and the previous user was not appropriately removed from Intune.

Resolution

1. Cancel any current profile installation.
2. Open https://portal.manage.microsoft.com in Safari.
3. Re-enroll the device.

Note

If enrollment still fails, remove cookies in Safari (don't block cookies), then re-enroll the device.

Cause: The device is already enrolled with another MDM provider.

Resolution

1. Open Settings on the iOS/iPadOS device, go to General > Device Management.
2. Remove any existing management profile.
3. Re-enroll the device.

Cause: The user who is trying to enroll the device does not have a Microsoft Intune license.

Resolution

1. Go to the Microsoft 365 Admin Center, and then choose Users > Active Users.
2. Select the user account that you want to assign an Intune user license to, and then choose Product licenses > Edit.
3. Switch the toggle to the On position for the license that you want to assign to this user, and then choose Save.
4. Re-enroll the device.

This Service is not supported. No Enrollment Policy.

Cause: An Apple MDM push certificate isn't configured in Intune, or the certificate is invalid.

Resolution

• If the MDM push certificate isn't configured, follow the steps in Get an Apple MDM push certificate.
• If the MDM push certificate is invalid, follow the steps in Renew Apple MDM push certificate.

Company Portal Temporarily Unavailable. The Company Portal app encountered a problem. If the problem persists, contact your system administrator.

Cause: The Company Portal app is out of date or corrupted. P40dc.

Resolution

1. Remove the Company Portal app from the device.
2. Download and install the Microsoft Intune Company Portal app from App Store.
3. Re-enroll the device.

Note

This error can also occur if the user is attempting to enroll more devices than device enrollment is configured to allow. Follow the resolutions steps for Device Cap Reached below if these steps do not resolve the issue.

Device Cap Reached

Cause: The user tries to enroll more devices than the device enrollment limit.

Resolution

1. In the Microsoft Endpoint Manager admin center, choose Devices > All Devices, and check the number of devices the user has enrolled.

   Note

   You should also have the affected user logon to the Intune user portal and check devices that have enrolled. There may be devices that appear in the Intune user portal but not in the Intune admin portal, such devices also count toward the device enrollment limit.

2. In the Microsoft Endpoint Manager admin center, choose Devices > Enrollment restrictions > check the device enrollment limit. By default, the limit is set to 15.
3. If the number of devices enrolled has reached the limit, remove unnecessary devices, or increase the device enrollment limit. Because every enrolled device consumes an Intune license, we recommend that you always remove unnecessary devices first.
4. Re-enroll the device.

Workplace Join failed

Cause: The Company Portal app is out of date or corrupted.

Resolution

1. Remove the Company Portal app from the device.
2. Download and install the Microsoft Intune Company Portal app from App Store.
3. Re-enroll the device.

User License Type Invalid

Cause: The user who is trying to enroll the device does not have a valid Intune license.

Resolution

1. Go to the Microsoft 365 admin center, and then choose Users > Active Users.
2. Select the affected user account > Product licenses > Edit.
3. Verify that a valid Intune license is assigned to this user.
4. Re-enroll the device.

Apple Configurator Your Itunes Store Session Has Expired Video

User Name Not Recognized. This user account is not authorized to use Microsoft Intune. Contact your system administrator if you think you have received this message in error.

Cause: The user who is trying to enroll the device does not have a valid Intune license.

1. Go to the Microsoft 365 admin center, and then choose Users > Active Users.
2. Select the affected user account, and then choose Product licenses > Edit.
3. Verify that a valid Intune license is assigned to this user.
4. Re-enroll the device.

Profile Installation Failed. The new MDM payload does not match the old payload.

Cause: A management profile is already installed on the device.

Resolution

1. Open Settings on the iOS/iPadOS device > General > Device Management.
2. Tap the existing management profile, and tap Remove Management.
3. Re-enroll the device.

NoEnrollmentPolicy

Cause: The Apple Push Notification Service (APNs) certificate is missing, invalid, or expired.

Resolution

Verify that a valid APNs certificate is added to Intune. For more information, see Set up iOS/iPadOS enrollment.

AccountNotOnboarded

Cause: There's a problem with the Apple Push Notification service (APNs) certificate configured in Intune.

Resolution

Renew the APNs certificate, and then re-enroll the device.

Important

Make sure that you renew the APNs certificate. Don't replace the APNs certificate. If you replace the certificate, you have to re-enroll all iOS/iPadOS devices in Intune.

• To renew the APNs certificate in Intune standalone, see Renew Apple MDM push certificate.
• To renew the APNs certificate in Microsoft 365, see Create an APNs Certificate for iOS/iPadOS devices.

XPC_TYPE_ERROR Connection invalid

When you turn on a ADE-managed device that is assigned an enrollment profile, enrollment fails, and you receive the following error message:

Cause: There's a connection issue between the device and the Apple ADE service.

Resolution

Fix the connection issue, or use a different network connection to enroll the device. You may also have to contact Apple if the issue persists.

The configuration for your iPhone/iPad could not be downloaded from : Invalid Profile.

Cause: The enrollment is blocked by a device type restriction.

Resolution

1. Sign in to the Microsoft Endpoint Manager admin center > Devices > Enroll devices > Enrollment restrictions.
2. Under Device type restrictions, select All Users > Properties.
3. Select Edit next to the Platform settings.
4. On the Edit restriction page, select Allow for iOS/iPadOS and proceed to the Review + save page, then select Save.

Sync token errors between Intune and ADE (DEP)

This section includes token sync errors with:

• Apple Business Manager (ABM)
• Apple School Manager (ASM)

Expired or invalid token

Cause: The token may be expired, revoked, or malformed.

Resolution

Expired tokens can be renewed, Invalid token will need to have a new token created in Intune.

Note

The new token can be used on an existing MDM Server in Apple Business Manager/Apple School Manager (ABM/ASM), via the Edit option, MDM Server settings, Upload public key.

Access denied

Cause: Intune can't talk to Apple anymore. For example, Intune has been removed from the MDM server list in ABM/ASM. The token has possibly expired.

Resolution

• Verify whether your token has expired, and if a new token was created.
• Check to see if Intune is in the MDM server list.

Terms and conditions not accepted

Cause: New terms and conditions (T&C) need to be accepted in ABM/ASM.

Resolution

Accept the new T&C in Apple ABM/ASM Portal.

Note

This must be done by a user with the Administrator role in ABM/ASM.

Internal server error

Resolution

Contact Microsoft support, as additional logs are needed.

Invalid support phone number

Cause: The support phone number is invalid.

Resolution

Edit the support phone number for your profiles.

Invalid configuration profile name

Cause: The configuration profile name is either invalid, empty, or too long.

Resolution

Edit the name of the profile.

Invalid cursor

Itunes Download

Cause: The cursor was rejected by Apple or not found.

Resolution

Contact support so they can retry to sync from Intune's side.

Cursor expired

Cause: The cursor is expired on Intune's side.

Resolution

Contact the Intune support team. They can retry syncing from the Intune service.

Required cursor

Cause: The cursor was not initially set by Intune during the sync.

Resolution

Contact support so they can fix the sync from Intune's side to return the cursor.

Apple profile not found

Cause: There are a variety of reasons why a profile is not found.

Resolution

Create a new profile, and assign the profile to devices.

Invalid department entry

Cause: The department field entry is invalid.

Resolution

Edit the department field for your profiles.

Other issues

ADE enrollment doesn't start

When you turn on a ADE-managed device that is assigned an enrollment profile, the Intune enrollment process isn't initiated.

Cause: The enrollment profile is created before the ADE token is uploaded to Intune.

Resolution

1. Edit the enrollment profile. You can make any change to the profile. The purpose is to update the modification time of the profile.
2. Synchronize ADE-managed devices: In the Microsoft Endpoint Manager admin center, choose Devices > iOS > iOS enrollment > Enrollment program tokens > choose a token > Sync now. A sync request is sent to Apple.

ADE enrollment stuck at user login

When you turn on a ADE-managed device that is assigned an enrollment profile, the initial setup sticks after you enter credentials.

Cause: Multi-Factor authentication (MFA) is enabled. Currently MFA doesn't work during enrollment on ADE devices.

Resolution

Disable MFA, and then re-enroll the device.

Authentication doesn't redirect to the government cloud

Government users signing in from another device are redirected to the public cloud for authentication rather than the government cloud.

Itunes Store Music

If your Apple Developer Program membership is valid, your existing apps on the App Store won't be affected. However, you'll no longer be able to upload new apps or updates signed with the expired or revoked certificate to the App Store. IOS Distribution Certificate (in-house, internal-use apps). This popup usually occurs for users who cancelled their Apple Music subscription or iTunes Match subscription. The fix is pretty simple: Open iTunes Music player The moment you open the iTunes a pop up error message gets displayed i.e 'Your iTunes Store session has expired'.

Now log in to iCloud using the new AppleID: go to Settings click your name at the top iCloud and sign in. On i-devices, go to Settings Music and turn on 'Show Apple Music' and, optionally, 'Add Playlist Songs (if that's what you want). On i-devices, go to Settings click your name at the top iTunes and App Store turn on Music. I had something similar on windows-10. Make sure you are signed into iTunes. Be sure to authorize iTunes → Accounts → Authorizations → Authorize This Computer. Enable iTunes Wi-Fi sync for your phone. Minimize iTunes when done. Make sure it is still open in the background. Run altserver as admin. 3) Plug your iPhone or iOS device to the computer – recommended via cable. Ensure your iOS device is detected by the computer. 4) On the computer, with iOS device connected, go to AltServer, then click 'Install AltStore' and choose your iOS device. 5) When prompted, key-in your Apple ID and password that your iOS device is using.

This article helps Intune administrators understand and troubleshoot problems when enrolling iOS/iPadOS devices in Intune.

Prerequisites

Before you start troubleshooting, it's important to collect some basic information. This information can help you better understand the problem and reduce the time to find a resolution.

Collect the following information about the problem:

• What is the exact error message?
• Where do you see the error message?
• When did the problem start? Has enrollment ever worked?
• What platform (Android, iOS/iPadOS, Windows) has the problem?
• How many users are affected? Are all users affected or just some?
• How many devices are affected? Are all devices affected or just some?
• What is the MDM authority?
• How is enrollment being performed? Is it 'Bring your own device' (BYOD) or Apple Automated Device Enrollment (ADE) with enrollment profiles?

Error messages

Profile Installation Failed. A Network Error Has Occurred.

Cause: There's an unspecified problem with iOS/iPadOS on the device.

Resolution

1. To prevent data loss in the following steps (restoring iOS/iPadOS deletes all data on the device), make sure to back up your data.
2. Put the device in recovery mode and then restore it. Make sure that you set it up as a new device. For more information about how to restore iOS/iPadOS devices, see https://support.apple.com/HT201263.
3. Re-enroll the device.

Profile Installation Failed. Connection to the server could not be established.

Cause: Your Intune tenant is configured to only allow corporate-owned devices.

Resolution

1. Sign in to the Azure portal.
2. Select More Services, search for Intune, and then select Intune.
3. Select Device enrollment > Enrollment restrictions.
4. Under Device Type Restrictions, select the restriction that you want to set > Properties > Select platforms > select Allow for iOS, and then click OK.
5. Select Configure platforms, select Allow for personally owned iOS/iPadOS devices, and then click OK.
6. Re-enroll the device.

Cause: You enroll a device that was previously enrolled with a different user account, and the previous user was not appropriately removed from Intune.

Resolution

1. Cancel any current profile installation.
2. Open https://portal.manage.microsoft.com in Safari.
3. Re-enroll the device.

Note

If enrollment still fails, remove cookies in Safari (don't block cookies), then re-enroll the device.

Cause: The device is already enrolled with another MDM provider.

Resolution

1. Open Settings on the iOS/iPadOS device, go to General > Device Management.
2. Remove any existing management profile.
3. Re-enroll the device.

Cause: The user who is trying to enroll the device does not have a Microsoft Intune license.

Resolution

1. Go to the Microsoft 365 Admin Center, and then choose Users > Active Users.
2. Select the user account that you want to assign an Intune user license to, and then choose Product licenses > Edit.
3. Switch the toggle to the On position for the license that you want to assign to this user, and then choose Save.
4. Re-enroll the device.

This Service is not supported. No Enrollment Policy.

Cause: An Apple MDM push certificate isn't configured in Intune, or the certificate is invalid.

Resolution

• If the MDM push certificate isn't configured, follow the steps in Get an Apple MDM push certificate.
• If the MDM push certificate is invalid, follow the steps in Renew Apple MDM push certificate.

Company Portal Temporarily Unavailable. The Company Portal app encountered a problem. If the problem persists, contact your system administrator.

Cause: The Company Portal app is out of date or corrupted. P40dc.

Resolution

1. Remove the Company Portal app from the device.
2. Download and install the Microsoft Intune Company Portal app from App Store.
3. Re-enroll the device.

Note

This error can also occur if the user is attempting to enroll more devices than device enrollment is configured to allow. Follow the resolutions steps for Device Cap Reached below if these steps do not resolve the issue.

Device Cap Reached

Cause: The user tries to enroll more devices than the device enrollment limit.

Resolution

1. In the Microsoft Endpoint Manager admin center, choose Devices > All Devices, and check the number of devices the user has enrolled.

   Note

   You should also have the affected user logon to the Intune user portal and check devices that have enrolled. There may be devices that appear in the Intune user portal but not in the Intune admin portal, such devices also count toward the device enrollment limit.

2. In the Microsoft Endpoint Manager admin center, choose Devices > Enrollment restrictions > check the device enrollment limit. By default, the limit is set to 15.
3. If the number of devices enrolled has reached the limit, remove unnecessary devices, or increase the device enrollment limit. Because every enrolled device consumes an Intune license, we recommend that you always remove unnecessary devices first.
4. Re-enroll the device.

Workplace Join failed

Cause: The Company Portal app is out of date or corrupted.

Resolution

1. Remove the Company Portal app from the device.
2. Download and install the Microsoft Intune Company Portal app from App Store.
3. Re-enroll the device.

User License Type Invalid

Cause: The user who is trying to enroll the device does not have a valid Intune license.

Resolution

1. Go to the Microsoft 365 admin center, and then choose Users > Active Users.
2. Select the affected user account > Product licenses > Edit.
3. Verify that a valid Intune license is assigned to this user.
4. Re-enroll the device.

Apple Configurator Your Itunes Store Session Has Expired Video

User Name Not Recognized. This user account is not authorized to use Microsoft Intune. Contact your system administrator if you think you have received this message in error.

Cause: The user who is trying to enroll the device does not have a valid Intune license.

1. Go to the Microsoft 365 admin center, and then choose Users > Active Users.
2. Select the affected user account, and then choose Product licenses > Edit.
3. Verify that a valid Intune license is assigned to this user.
4. Re-enroll the device.

Profile Installation Failed. The new MDM payload does not match the old payload.

Cause: A management profile is already installed on the device.

Resolution

1. Open Settings on the iOS/iPadOS device > General > Device Management.
2. Tap the existing management profile, and tap Remove Management.
3. Re-enroll the device.

NoEnrollmentPolicy

Cause: The Apple Push Notification Service (APNs) certificate is missing, invalid, or expired.

Resolution

Verify that a valid APNs certificate is added to Intune. For more information, see Set up iOS/iPadOS enrollment.

AccountNotOnboarded

Cause: There's a problem with the Apple Push Notification service (APNs) certificate configured in Intune.

Resolution

Renew the APNs certificate, and then re-enroll the device.

Important

Make sure that you renew the APNs certificate. Don't replace the APNs certificate. If you replace the certificate, you have to re-enroll all iOS/iPadOS devices in Intune.

• To renew the APNs certificate in Intune standalone, see Renew Apple MDM push certificate.
• To renew the APNs certificate in Microsoft 365, see Create an APNs Certificate for iOS/iPadOS devices.

XPC_TYPE_ERROR Connection invalid

When you turn on a ADE-managed device that is assigned an enrollment profile, enrollment fails, and you receive the following error message:

Cause: There's a connection issue between the device and the Apple ADE service.

Resolution

Fix the connection issue, or use a different network connection to enroll the device. You may also have to contact Apple if the issue persists.

The configuration for your iPhone/iPad could not be downloaded from : Invalid Profile.

Cause: The enrollment is blocked by a device type restriction.

Resolution

1. Sign in to the Microsoft Endpoint Manager admin center > Devices > Enroll devices > Enrollment restrictions.
2. Under Device type restrictions, select All Users > Properties.
3. Select Edit next to the Platform settings.
4. On the Edit restriction page, select Allow for iOS/iPadOS and proceed to the Review + save page, then select Save.

Sync token errors between Intune and ADE (DEP)

This section includes token sync errors with:

• Apple Business Manager (ABM)
• Apple School Manager (ASM)

Expired or invalid token

Cause: The token may be expired, revoked, or malformed.

Resolution

Expired tokens can be renewed, Invalid token will need to have a new token created in Intune.

Note

The new token can be used on an existing MDM Server in Apple Business Manager/Apple School Manager (ABM/ASM), via the Edit option, MDM Server settings, Upload public key.

Access denied

Cause: Intune can't talk to Apple anymore. For example, Intune has been removed from the MDM server list in ABM/ASM. The token has possibly expired.

Resolution

• Verify whether your token has expired, and if a new token was created.
• Check to see if Intune is in the MDM server list.

Terms and conditions not accepted

Cause: New terms and conditions (T&C) need to be accepted in ABM/ASM.

Resolution

Accept the new T&C in Apple ABM/ASM Portal.

Note

This must be done by a user with the Administrator role in ABM/ASM.

Internal server error

Resolution

Contact Microsoft support, as additional logs are needed.

Invalid support phone number

Cause: The support phone number is invalid.

Resolution

Edit the support phone number for your profiles.

Invalid configuration profile name

Cause: The configuration profile name is either invalid, empty, or too long.

Resolution

Edit the name of the profile.

Invalid cursor

Itunes Download

Cause: The cursor was rejected by Apple or not found.

Resolution

Contact support so they can retry to sync from Intune's side.

Cursor expired

Cause: The cursor is expired on Intune's side.

Resolution

Contact the Intune support team. They can retry syncing from the Intune service.

Required cursor

Cause: The cursor was not initially set by Intune during the sync.

Resolution

Contact support so they can fix the sync from Intune's side to return the cursor.

Apple profile not found

Cause: There are a variety of reasons why a profile is not found.

Resolution

Create a new profile, and assign the profile to devices.

Invalid department entry

Cause: The department field entry is invalid.

Resolution

Edit the department field for your profiles.

Other issues

ADE enrollment doesn't start

When you turn on a ADE-managed device that is assigned an enrollment profile, the Intune enrollment process isn't initiated.

Cause: The enrollment profile is created before the ADE token is uploaded to Intune.

Resolution

1. Edit the enrollment profile. You can make any change to the profile. The purpose is to update the modification time of the profile.
2. Synchronize ADE-managed devices: In the Microsoft Endpoint Manager admin center, choose Devices > iOS > iOS enrollment > Enrollment program tokens > choose a token > Sync now. A sync request is sent to Apple.

ADE enrollment stuck at user login

When you turn on a ADE-managed device that is assigned an enrollment profile, the initial setup sticks after you enter credentials.

Cause: Multi-Factor authentication (MFA) is enabled. Currently MFA doesn't work during enrollment on ADE devices.

Resolution

Disable MFA, and then re-enroll the device.

Authentication doesn't redirect to the government cloud

Government users signing in from another device are redirected to the public cloud for authentication rather than the government cloud.

Itunes Store Music

Cause: Azure AD does not yet support redirecting to the government cloud when signing in from another device.

Resolution

Itunes App Store

Use the iOS Company Portal Cloud setting in the Settings app to redirect government users' authentication towards the government cloud. By default, the Cloud setting is set to Automatic and Company Portal directs authentication towards the cloud that is automatically detected by the device (such as Public or Government). Government users who are signing in from another device will need to manually select the government cloud for authentication.

Itunes Store Download

Open the Settings app and select Company Portal. In the Company Portal settings, select Cloud. Set the Cloud to Government.

Apple Configurator Your Itunes Store Session Has Expired -

Next steps