How to distribute IPA via Windows Intune

Question

I'm wondering on how to correctly sign and distribute an IPA via Windows Intune.

I have an in house provisioning profile for a specific bundle/app id and with an iOS distribution certificate. I use this provisioning profile when archiving an IPA file. I sign and package it for enterprise ad hoc deployment. I get the .ipa and .plist files as expected and upload them to Windows Intune. Everything seems fine so far.

When I log into the Windows Intune company portal and choose to install the app it fails. I get the following log statements:

installd[61] <Notice>: 0x255000 MobileInstallationInstall_Server: Installing app [bundle id]
installd[61] <Error>: entitlement 'keychain-access-groups' has value not permitted by provisioning profile '[name of in house distribution profile]'
installd[61] <Error>: 0x255000 verify_signer_identity: MISValidateSignatureAndCopyInfo failed for /var/tmp/install_staging.Mgjx9o/foo_extracted/Payload/[app name].app/[app name]: 0xe8008016
installd[61] <Error>: 0x255000 do_preflight_verification: Could not verify executable at /var/tmp/install_staging.Mgjx9o/foo_extracted/Payload/[app name].app
installd[61] <Error>: 0x255000 install_application: Could not preflight application install
installd[61] <Error>: 0x255000 handle_install_for_ls: API failed

What is the real problem here and how can it be solved?

This is a PhoneGap 3.2.0 app where the app is generated using phonegap build ios. I'm using Xcode 5.0.2 and the device I'm trying to install the app on is running iOS 7.0.4.

Everything within [] in the log is replaced by me.

Answer 1

I managed to distribute the IPA. I tried to run the app on an new iPad device when Xcode first tried to add the device to the iOS dev center account and team.

In the start it said the request for adding the device was pending. Then it started giving me an error message. The first dialog said as follows:

No provisioning profiles matching both the team ID “[team id]” and the bundle identifier “[bundle id]” were found.  Xcode can resolve this issue by downloading a new provisioning profile from the Member Center.

After trying to fix the issue it said:

There was an error generating the team provisioning profile for AppID '[app id]'.  Please try again.  If the problem persists, please contact Apple Developer Program Support. https://developer.apple.com/support

This lead me to double check the team id, which for some reason was incorrect. I searched the disk for both the team id and app id and found the incorrect team id in both the project.pbxproj file and a file named [projectname].xcent.

The later file even had the team id + bundle id in a value for the dictionary key keychain-access-groups which is part of the error message in this question.

I changed the team ids in total three places in those two files and repackaged the app. Suddenly everything was working. :)