Need help with prelogin Intune deployment
Hello, I need to understand how to get prelogin to work for my environment so users can sign in when off of the network. We are deploying devices from intune using the enrollment status page. S...
Forum Discussion
I've found that once the Cato Client is installed, if I restart the CatoNetworksVPNService it will move to the limited connectivity phase which is what I need for Line of Sight to the DC. Now I just need to figure out how to make sure Cato is installed and the service gets restarted before the Offline Domain Join portion of autopilot times out.
Hi,
You're deploying the Cato Registry keys using an Intune Platform Script. Since platform scripts run before the application deployment phase, you should be good there.
Just to verify:
- The Registry Path: HKLM:\SOFTWARE\CatoNetworksVPN
- PreLogin (DWORD) with value of 1
- Subdomain (String) with your subdomain (without .via.catonetworks.com)
Then install the Cato client via Intune. If your architecture is correct, the Cato client should start and automatically create a connection using a device certificate. Autopilot will then perform the actual domain join during the device configuration phase.
Few questions:
- Have you uploaded the root cert of your CA to the Cato portal? (Access / Client Access / Signing Certificates)
- Have you configured the allowed destinations (IPs, IP ranges or hosts)? (Access / Client Access / Pre Login). You should have at least the IPs of the domain controller(s) for your domain in there, your CA and possibly KMS Server.
- Do you use SCEP / NDES to deliver the device certificate to the client? The client needs a signed device certificate to authenticate and connect.
