Jump to content

Mirek S.

ESET Staff
  • Content Count

  • Joined

  • Last visited

  • Days Won


Mirek S. last won the day on January 17 2020

Mirek S. had the most liked content!

Profile Information

  • Gender
  • Location
    Czech Rep.

Recent Profile Visitors

2,149 profile views
  1. The state could persist due to "currently used" certificate, essentially worst error is reported which might not be best idea for these cases. If You try to request configuration from MDM You should be able to see if there is issue with new certificate. New certificate should be applied on MDM HTTPS interface when all devices install new trust (newly applied certificate root CA). This process is required as we support self-signed certificates and process for using already trusted 3rd party certificates never got in (yet) as most customer use self signed certificates from console. Since ne
  2. As an explanation why this protection state happens. * Apple decided to follow CA/B rules for browsers (which is quite good for security reasons) * We (ESET) have existing userbase and as we honor our customers previous installations and configurations have to work for some time. * Prefered action for this protecion state is to actually create new certificate either via webconsole or via 3rd party CA and setting it to MDM. Disabling notification via policy is there just for extreme reasons, like our implementation issues etc... * Since EP 8.0 some parts of validation are en
  3. @Christian Stück Nothing is in stone yet, but it's the direction ESET is currently pushing forward. In any case if this happens there would be transitional period and a way to move devices from EP to EPC. @ChrisC I will update this thread once we are able to test and figure out how it should work. However it will likely require release. The ASM issue is different as device is already in Apple remote profile (ASM/ABM sync part is similar) - MDM knows it's serial number so it allows enrollment.
  4. Thanks, We will definitely checks this. Seems like information on our side is outdated and Apple now supports adding devices not purchased via ABM/ASM into ABM/ASM. This actually helps us as well as we have multiple devices not purchased via ABM not usable for ABM testing...
  5. Currently no, And as we now have cloud MDM, there is not much of chance this will ever happen with on premises version.
  6. Hello, I believe this is different case, can You elaborate a bit why You need to run Apple Configurator 2 on devices (for supervised mode) ? Also as far as I know it's impossible to add devices not bough via ABM into ABM. M.
  7. Hello, We currently do not support ASM, only ABM is supported. IIRC main reason was EP is device centric while ASM is user centric but I might be wrong on that one. M.
  8. Hello and sorry for late response. You actually have two issues there, 1. License fails to activate. 2. APNS fails to verify peer (Apple Push Notification Server) certificate so it refuses connection. Please contact support we will need more logs to identify reasons for this behaviour. Sorry for inconvenience, M.
  9. Hello, 1. ESET PROTECT 8 was tested with iPadOS Beta 14 without any issues. I will contact our documentation team about issue in docs. One issue with Apple devices we discovered they don't work well with IP based setups, so only DNS hostnames are officially supported. 2. 3rd party (implicitly trusted and preinstalled within device certificate store) certificate is always prefered for both Apple and Android. Self-signed certificates generated in EP are essentially a historical leftover as nowdays everyone can generate DNS certificate for free from Let's encrypt and possibly oth
  10. Hello, We do not officially support user profiles. As for MDM logs, I see only errors on enrollment port (9980) which can be caused by browser terminating traffic or other issues. Important is mdm communication after enrollment - port 9981 (enrollment is essentially just file download over https). If enrollment doesn't work there might be other issue. We might be able to help if we have all the logs required and You are ok with running production server in not officially supported scenario please contact our customer care (with MDM trace severity and EESA application logs)
  11. Hello, Android team is currently investigating this issue with self-signed certificates. If You use self-signed certificates (ESMC generated) please fill ticket with customer care so there is more data regarding this (we will need logs from phone and mdm certificate to speed up the process). Sorry for inconvenience, M.
  12. MDM HTTPS certificate should be created by ESMC server webconsole via Peer certificates > "Mobile Device Connector" wizzard or via 3rd party CAs as mentioned in mobile devices thread. Tomcat referenced certificate is "basic one", used by ESMC server. Due to 3rd party requirements MDM requires more strict certificate(s) to work correctly. HTH, M.
  13. Hello, Enrollment links are sent to EMSC server via Agent installed on same device as MDM is (and both MDM and Agent require correctly set connection to ESMC server). In case You installed MDM multiple times in history You also have to select correct MDM instance in web console. In case previous steps does not help please contact customer care. HTH, M.
  14. > Seems, that this worked. The task is marked as "successfull". But how can I see if it is really active? MDM should be activated when protection state "Not activated" is removed from device it's installed on. In reality MDM activation does not matter "that much" as it only affects module updates and EPNS wake up calls and does not eat license - the same way as ESMC server does. > And I only found that the eramdmcore is only listening on ipv6, netstat shows no process for 9980 on the ipv4. Is that configurable? Please contact customer care. All ports set during setup (by d
  15. Hello, This is due to changes in ESMC since version 6.5 which was last released version of VAH and can be safely ignored. HTH, M.
  • Create New...