1. App Store
2. Apple Configurator Your Itunes Store Session Has Expired -
3. Itunes Login

In the System Tray, right-click the time and choose Adjust Date/Time. Click the Internet Time tab, then the Change Settings button. ITunes is balking because your system clock is out of. ITunes HomePod iPod touch. Gift Cards Apple Store Open Menusection-two Close Menusection-two. Find a Store Shop Online Genius Bar. Your session has expired. Apple VPP RESOLUTION A new token can be downloaded from Apple at any time, and provided to MDM. Part 1 - Download the VPP token from Apple list=1: Log into your VPP account at Navigate to the Account Summary screen by clicking the grey button with your account name, in the upper-right corner of the window. Question: Q: iTunes keeps saying 'Your Store Session has expired' More Less Apple Footer This site contains user submitted content, comments and opinions and is for informational purposes only.

With AltStore, you can install game emulators like PPSSPP, DolphiniOS, Provenance and so many more – all without the need to jailbreak your iPhone or iOS devices.

AltStore is the alternative to Apple App Store which enables you to sideload any apps or games to the iPhone and other compatible iOS devices without the needs for jailbreaking. In case this is your first time here, do take a look at the full step by step guide how to install AltStore on iOS here.

For other articles related to AltStore or iOS sideloading, go here.

AltStore and iOS sideloaded apps and games validity are just 7 days

Unless you are using a paid Apple developer account, your installation of AltStore on your iPhone or other iOS devices will only last for 7 days and within 7 days, you have to refresh it, together with all sideloaded apps, to be back to 7 days validity.

Now what if due to some reasons, mostly is because of forgetful, you didn’t manage to refresh it on time? You’ll end up with AltStore and other iOS sideloaded apps and games that’s not responding on your iOS device. Tap the app to open and straight away close.

Here’s I’m going to share with you what to do in case that scenarios are happening.

What to do if sideloaded apps or games are expired, but AltStore isn’t expired

These are the steps on what you need to do.

1) Turn on your computer with AltServer installed. Refer to this guide in case you don’t have AltServer in your computer.

2) Run AltServer by executing the program.

3) Plug your iPhone or iOS device to the computer – recommended via cable. Ensure your iOS device is detected by the computer.

4) On your iOS device, open AltStore, go to “My Apps” tab, and hit the “Refresh” button.

This will take sometime depends on how many apps or games sideloaded to the iOS devices, but after waiting, your sideloaded apps and games should have been back to 7 days validity.

What to do if AltStore is expired?

These are the steps on what you need to do.

1) Turn on your computer with AltServer installed. Refer to this guide in case you don’t have AltServer in your computer.

2) Run AltServer by executing the program.

3) Plug your iPhone or iOS device to the computer – recommended via cable. Ensure your iOS device is detected by the computer.

4) On the computer, with iOS device connected, go to AltServer, then click “Install AltStore” and choose your iOS device.

5) When prompted, key-in your Apple ID and password that your iOS device is using. Then click “Install”.

6) You’ll be prompted, “AltStore already installed on another device”, “Apps installed with AltStore on your other devices will stop working. Are you sure you want to continue?”. Click “OK” to continue with AltStore re-installation.

Don’t be afraid or alarmed with the messages you get on step 6. I have done it myself on my iPhone with expired AltStore and expired PPSSPP, all the save games are intact. You need to wait for a while until the re-installation process completed and all sideloaded apps and games are refreshed.

Bring it all together

Though the AltStore and all iOS sideloaded apps and games have only 7 days validity (with free Apple iOS developer account), but doesn’t mean you have to keep reminding yourself to refresh the apps and games within 7 days, with the methods above, even if you forget after a week, a month, or even a year, you can still refresh both the AltStore and all the iOS sideloaded apps and games without losing the games saves!

Do you have anything you want me to cover on my next article? Write them down on the comment section down below.

Alternatively, find more interesting topics on JILAXZONE:

JILAXZONE – Jon’s Interesting Life & Amazing eXperience ZONE.

Hi, thanks for reading my article. Since you are here and if you find this article is good and helping you in anyway, help me to spread the words by sharing this article to your family, friends, acquaintances so the benefits do not just stop at you, they will also get the same goodness and benefit from it.

Thank you!

Live to Share. Share to Live. This blog is my life-long term project, for me to share my experiences and knowledge to the world which hopefully can be fruitful to those who read them and in the end hoping to become my life-long (passive) income.

My apologies. If you see ads appearing on this site and getting annoyed or disturb by them. As much as I want to share everything for free, unfortunately the domain and hosting used to host all these articles are not free. That’s the reason I need the ads running to offset the cost. While I won’t force you to see the ads, but it will be great and helpful if you are willing to turn off the ad-blocker while seeing this site.

This article helps Intune administrators understand and troubleshoot problems when enrolling iOS/iPadOS devices in Intune.

Prerequisites

Before you start troubleshooting, it's important to collect some basic information. This information can help you better understand the problem and reduce the time to find a resolution.

Collect the following information about the problem:

• What is the exact error message?
• Where do you see the error message?
• When did the problem start? Has enrollment ever worked?
• What platform (Android, iOS/iPadOS, Windows) has the problem?
• How many users are affected? Are all users affected or just some?
• How many devices are affected? Are all devices affected or just some?
• What is the MDM authority?
• How is enrollment being performed? Is it 'Bring your own device' (BYOD) or Apple Automated Device Enrollment (ADE) with enrollment profiles?

Error messages

Profile Installation Failed. A Network Error Has Occurred.

Cause: There's an unspecified problem with iOS/iPadOS on the device.

Resolution

1. To prevent data loss in the following steps (restoring iOS/iPadOS deletes all data on the device), make sure to back up your data.
2. Put the device in recovery mode and then restore it. Make sure that you set it up as a new device. For more information about how to restore iOS/iPadOS devices, see https://support.apple.com/HT201263.
3. Re-enroll the device.

Profile Installation Failed. Connection to the server could not be established.

Cause: Your Intune tenant is configured to only allow corporate-owned devices.

Resolution

1. Sign in to the Azure portal.
2. Select More Services, search for Intune, and then select Intune.
3. Select Device enrollment > Enrollment restrictions.
4. Under Device Type Restrictions, select the restriction that you want to set > Properties > Select platforms > select Allow for iOS, and then click OK.
5. Select Configure platforms, select Allow for personally owned iOS/iPadOS devices, and then click OK.
6. Re-enroll the device.

Cause: You enroll a device that was previously enrolled with a different user account, and the previous user was not appropriately removed from Intune.

Resolution

1. Cancel any current profile installation.
2. Open https://portal.manage.microsoft.com in Safari.
3. Re-enroll the device.

Note

If enrollment still fails, remove cookies in Safari (don't block cookies), then re-enroll the device.

Cause: The device is already enrolled with another MDM provider.

Resolution

1. Open Settings on the iOS/iPadOS device, go to General > Device Management.
2. Remove any existing management profile.
3. Re-enroll the device.

Cause: The user who is trying to enroll the device does not have a Microsoft Intune license.

Resolution

1. Go to the Microsoft 365 Admin Center, and then choose Users > Active Users.
2. Select the user account that you want to assign an Intune user license to, and then choose Product licenses > Edit.
3. Switch the toggle to the On position for the license that you want to assign to this user, and then choose Save.
4. Re-enroll the device.

This Service is not supported. No Enrollment Policy.

Cause: An Apple MDM push certificate isn't configured in Intune, or the certificate is invalid.

Resolution

• If the MDM push certificate isn't configured, follow the steps in Get an Apple MDM push certificate.
• If the MDM push certificate is invalid, follow the steps in Renew Apple MDM push certificate.

Company Portal Temporarily Unavailable. The Company Portal app encountered a problem. If the problem persists, contact your system administrator.

Cause: The Company Portal app is out of date or corrupted.

Resolution

1. Remove the Company Portal app from the device.
2. Download and install the Microsoft Intune Company Portal app from App Store.
3. Re-enroll the device.

Note

This error can also occur if the user is attempting to enroll more devices than device enrollment is configured to allow. Follow the resolutions steps for Device Cap Reached below if these steps do not resolve the issue.

Device Cap Reached

Cause: The user tries to enroll more devices than the device enrollment limit.

Resolution

1. In the Microsoft Endpoint Manager admin center, choose Devices > All Devices, and check the number of devices the user has enrolled.

   Note

   You should also have the affected user logon to the Intune user portal and check devices that have enrolled. There may be devices that appear in the Intune user portal but not in the Intune admin portal, such devices also count toward the device enrollment limit.

2. In the Microsoft Endpoint Manager admin center, choose Devices > Enrollment restrictions > check the device enrollment limit. By default, the limit is set to 15.
3. If the number of devices enrolled has reached the limit, remove unnecessary devices, or increase the device enrollment limit. Because every enrolled device consumes an Intune license, we recommend that you always remove unnecessary devices first.
4. Re-enroll the device.

Workplace Join failed

Cause: The Company Portal app is out of date or corrupted.

App Store

Resolution

Apple Configurator Your Itunes Store Session Has Expired -

1. Remove the Company Portal app from the device.
2. Download and install the Microsoft Intune Company Portal app from App Store.
3. Re-enroll the device.

User License Type Invalid

Cause: The user who is trying to enroll the device does not have a valid Intune license.

Resolution

1. Go to the Microsoft 365 admin center, and then choose Users > Active Users.
2. Select the affected user account > Product licenses > Edit.
3. Verify that a valid Intune license is assigned to this user.
4. Re-enroll the device.

User Name Not Recognized. This user account is not authorized to use Microsoft Intune. Contact your system administrator if you think you have received this message in error.

Cause: The user who is trying to enroll the device does not have a valid Intune license.

1. Go to the Microsoft 365 admin center, and then choose Users > Active Users.
2. Select the affected user account, and then choose Product licenses > Edit.
3. Verify that a valid Intune license is assigned to this user.
4. Re-enroll the device.

Profile Installation Failed. The new MDM payload does not match the old payload.

Cause: A management profile is already installed on the device.

Resolution

1. Open Settings on the iOS/iPadOS device > General > Device Management.
2. Tap the existing management profile, and tap Remove Management.
3. Re-enroll the device.

NoEnrollmentPolicy

Cause: The Apple Push Notification Service (APNs) certificate is missing, invalid, or expired.

Resolution

Verify that a valid APNs certificate is added to Intune. For more information, see Set up iOS/iPadOS enrollment.

AccountNotOnboarded

Cause: There's a problem with the Apple Push Notification service (APNs) certificate configured in Intune.

Resolution

Renew the APNs certificate, and then re-enroll the device.

Important

Make sure that you renew the APNs certificate. Don't replace the APNs certificate. If you replace the certificate, you have to re-enroll all iOS/iPadOS devices in Intune.

• To renew the APNs certificate in Intune standalone, see Renew Apple MDM push certificate.
• To renew the APNs certificate in Microsoft 365, see Create an APNs Certificate for iOS/iPadOS devices.

XPC_TYPE_ERROR Connection invalid

When you turn on a ADE-managed device that is assigned an enrollment profile, enrollment fails, and you receive the following error message:

Cause: There's a connection issue between the device and the Apple ADE service.

Resolution

Fix the connection issue, or use a different network connection to enroll the device. You may also have to contact Apple if the issue persists.

The configuration for your iPhone/iPad could not be downloaded from <Company Name>: Invalid Profile.

Cause: The enrollment is blocked by a device type restriction.

Resolution

1. Sign in to the Microsoft Endpoint Manager admin center > Devices > Enroll devices > Enrollment restrictions.
2. Under Device type restrictions, select All Users > Properties.
3. Select Edit next to the Platform settings.
4. On the Edit restriction page, select Allow for iOS/iPadOS and proceed to the Review + save page, then select Save.

Sync token errors between Intune and ADE (DEP)

This section includes token sync errors with:

• Apple Business Manager (ABM)
• Apple School Manager (ASM)

Expired or invalid token

Cause: The token may be expired, revoked, or malformed.

Resolution

Expired tokens can be renewed, Invalid token will need to have a new token created in Intune.

Note

The new token can be used on an existing MDM Server in Apple Business Manager/Apple School Manager (ABM/ASM), via the Edit option, MDM Server settings, Upload public key.

Access denied

Cause: Intune can't talk to Apple anymore. For example, Intune has been removed from the MDM server list in ABM/ASM. The token has possibly expired.

Resolution

• Verify whether your token has expired, and if a new token was created.
• Check to see if Intune is in the MDM server list.

Terms and conditions not accepted

Cause: New terms and conditions (T&C) need to be accepted in ABM/ASM.

Resolution

Accept the new T&C in Apple ABM/ASM Portal.

Note

This must be done by a user with the Administrator role in ABM/ASM.

Internal server error

Resolution

Contact Microsoft support, as additional logs are needed.

Invalid support phone number

Cause: The support phone number is invalid.

Resolution

Edit the support phone number for your profiles.

Invalid configuration profile name

Cause: The configuration profile name is either invalid, empty, or too long.

Resolution

Edit the name of the profile.

Invalid cursor

Cause: The cursor was rejected by Apple or not found.

Resolution

Contact support so they can retry to sync from Intune's side.

Cursor expired

Cause: The cursor is expired on Intune's side.

Resolution

Contact the Intune support team. They can retry syncing from the Intune service.

Required cursor

Cause: The cursor was not initially set by Intune during the sync.

Resolution

Contact support so they can fix the sync from Intune's side to return the cursor.

Apple profile not found

Cause: There are a variety of reasons why a profile is not found.

Resolution

Create a new profile, and assign the profile to devices.

Itunes Login

Invalid department entry

Cause: The department field entry is invalid.

Resolution

Edit the department field for your profiles.

Other issues

ADE enrollment doesn't start

When you turn on a ADE-managed device that is assigned an enrollment profile, the Intune enrollment process isn't initiated.

Cause: The enrollment profile is created before the ADE token is uploaded to Intune.

Resolution

1. Edit the enrollment profile. You can make any change to the profile. The purpose is to update the modification time of the profile.
2. Synchronize ADE-managed devices: In the Microsoft Endpoint Manager admin center, choose Devices > iOS > iOS enrollment > Enrollment program tokens > choose a token > Sync now. A sync request is sent to Apple.

ADE enrollment stuck at user login

When you turn on a ADE-managed device that is assigned an enrollment profile, the initial setup sticks after you enter credentials.

Cause: Multi-Factor authentication (MFA) is enabled. Currently MFA doesn't work during enrollment on ADE devices.

Resolution

Disable MFA, and then re-enroll the device.

Authentication doesn’t redirect to the government cloud

Government users signing in from another device are redirected to the public cloud for authentication rather than the government cloud.

Cause: Azure AD does not yet support redirecting to the government cloud when signing in from another device.

Resolution

Use the iOS Company Portal Cloud setting in the Settings app to redirect government users’ authentication towards the government cloud. By default, the Cloud setting is set to Automatic and Company Portal directs authentication towards the cloud that is automatically detected by the device (such as Public or Government). Government users who are signing in from another device will need to manually select the government cloud for authentication.

Open the Settings app and select Company Portal. In the Company Portal settings, select Cloud. Set the Cloud to Government.

Next steps