This post guides you to fix the CNAME Validation Error in Intune. In the MEM admin center (Intune Portal), when you perform a CNAME validation, you might see the following error. CNAME for domain is not configured or configured incorrectly.
You don’t need to worry as the fix for this error is very simple.
Configuring a CNAME in your DNS server saves your users from having to enter the address of the MDM server while enrolling their Windows devices.
To simplify enrollment, you must create a domain name server (DNS) alias (CNAME record type) that redirects enrollment requests to Intune servers.
If no enrollment CNAME record is found, users will be prompted to manually enter the MDM server name, enrollment.manage.microsoft.com.
CNAME Validation Test
If you want to perform a CNAME validation test for your domain, here is how you do it.
- First of all login to Microsoft Endpoint Manager admin center.
- In the left pane click Dashboard. Now in the right pane, click Device Enrollment.
- Under the General, click CNAME Validation.
- You will see CNAME Validation box on right hand side of the screen.
- Enter your domain and click Test.
- If you see CNAME for domain not configured or configured incorrectly, follow the next steps.
How to Fix CNAME Validation Error in Intune Portal
So let’s say you see this error during the CNAME Validation “CNAME for domain not configured or configured incorrectly”.
All you need to do is add or create the below CNAME entries on your DNS server.
- You must create a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com
- And a second CNAME that redirects to enterpriseenrollment-s.manage.microsoft.com.
For example, I will be creating two CNAME entries on my DNS server for the domain prajwal.org. The entries would look like this.
|Type||Hostname||Redirects or Points to|
Some hosting providers require you to specify TTL values which would be 1 hour in this case.
Let’s add the first CNAME resource record which points EnterpriseEnrollment.yourdomain.com to EnterpriseEnrollment-s.manage.microsoft.com
Now let’s add the second CNAME resource record which points EnterpriseRegistration.yourdomain.com to EnterpriseRegistration.windows.net.
Note – Changes to DNS records might take up to 72 hours to propagate. Hence wait until the DNS records propagate.
Finally after configuring the CNAME resource records in your DNS, login to Microsoft Endpoint Manager admin center. Enter the domain here to confirm that it has been configured correctly.