# AAD Mobile Troubleshooting
Background:
* A user is experiencing an "invalid credential" error when attempting to log in to a mobile app using OKTA.
* The same credentials work on other platforms, including the mobile's Safari, except for O365.
* The user is certain that the password entered is correct.
* Logs tell us that the issue may be due to different encoding.
* Capturing the network traffic will help diagnose the problem or provide evidence if escalation is needed.
{% hint style="danger" %}
Important Notes
* Ensure the issue can be reproduced before performing these steps.
* Handle the output file securely as it contains sensitive information.
{% endhint %}
Steps:
1\. Prepare the Network:
\- Connect the iPhone and the computer (used as a proxy) to the same network or subnet/VLAN.
\- Ensure the Fiddler listening port (default is 8888) is not blocked on the computer. Temporarily disable the Windows firewall if necessary.
\
2\. Install and Configure Fiddler on the Computer:
\- Download Fiddler from
\- In Fiddler, go to Tools -> Options -> Connections, and enable “Allow remote computers to connect”.
3. Configure Fiddler for HTTPS Traffic:
* Go to Tools -> Options -> HTTPS, and check “Decrypt HTTPS traffic”. Install and trust the Fiddler Root Certificate on the computer by following the prompts.
4\. Install Certificate Maker Plugin for Fiddler:
\- Download and install the Certificate Maker Plugin from
\- Restart Fiddler to apply changes.
\- Hover over the Online indicator on the Fiddler toolbar to display the computer’s IP addresses.
\- Ensure Fiddler is capturing traffic (indicated in the lower-left corner of Fiddler).
5. Configure the iPhone:
* Connect the iPhone to the same network as the computer via Wi-Fi. Disable 3G/4G connections.
* Verify the iPhone can reach Fiddler by navigating to `http://FiddlerMachineIP:8888` in a browser. This should display the Fiddler Echo Service page.
* Go to Settings -> WLAN -> Select the connected Wi-Fi network -> Configure Proxy -> Manual.
* Enter the IP address of the Fiddler machine in the Server box and the port (usually 8888) in the Port box. Ensure Authentication is off, then save the configuration.
* In a browser on the iPhone, go to `http://.fiddler:8888` and download the FiddlerRoot certificate from the Fiddler Echo Service webpage.
* Open the FiddlerRoot.cer file and install it.
* Go to Settings -> General -> About -> Certificate Trust Settings and manually enable full trust for the FiddlerRoot certificate. Accept the dialog about third-party eavesdropping.
6. Reproduce the Issue:
* On the iPhone, open “Authenticator” and attempt to log in to reproduce the issue.
* Once the issue is reproduced, stop Fiddler capturing by clicking “Capturing” in the lower-left corner of Fiddler.
* Save the captured sessions by clicking File and selecting Save.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.jianny.net/work/azure/aad-mobile-troubleshooting.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.