Jump to content

Mirek S.

ESET Staff
  • Content Count

  • Joined

  • Last visited

  • Days Won


Mirek S. last won the day on January 17

Mirek S. had the most liked content!

Profile Information

  • Gender
  • Location
    Czech Rep.

Recent Profile Visitors

2,005 profile views
  1. Hello, We do not officially support user profiles. As for MDM logs, I see only errors on enrollment port (9980) which can be caused by browser terminating traffic or other issues. Important is mdm communication after enrollment - port 9981 (enrollment is essentially just file download over https). If enrollment doesn't work there might be other issue. We might be able to help if we have all the logs required and You are ok with running production server in not officially supported scenario please contact our customer care (with MDM trace severity and EESA application logs)
  2. Hello, Android team is currently investigating this issue with self-signed certificates. If You use self-signed certificates (ESMC generated) please fill ticket with customer care so there is more data regarding this (we will need logs from phone and mdm certificate to speed up the process). Sorry for inconvenience, M.
  3. MDM HTTPS certificate should be created by ESMC server webconsole via Peer certificates > "Mobile Device Connector" wizzard or via 3rd party CAs as mentioned in mobile devices thread. Tomcat referenced certificate is "basic one", used by ESMC server. Due to 3rd party requirements MDM requires more strict certificate(s) to work correctly. HTH, M.
  4. Hello, Enrollment links are sent to EMSC server via Agent installed on same device as MDM is (and both MDM and Agent require correctly set connection to ESMC server). In case You installed MDM multiple times in history You also have to select correct MDM instance in web console. In case previous steps does not help please contact customer care. HTH, M.
  5. > Seems, that this worked. The task is marked as "successfull". But how can I see if it is really active? MDM should be activated when protection state "Not activated" is removed from device it's installed on. In reality MDM activation does not matter "that much" as it only affects module updates and EPNS wake up calls and does not eat license - the same way as ESMC server does. > And I only found that the eramdmcore is only listening on ipv6, netstat shows no process for 9980 on the ipv4. Is that configurable? Please contact customer care. All ports set during setup (by d
  6. Hello, This is due to changes in ESMC since version 6.5 which was last released version of VAH and can be safely ignored. HTH, M.
  7. Hello, We are aware of this issue, please contact support for HF. (SR had to be pushed out due to APNS deprecation in november 2020) Sorry for the inconvenience. M.
  8. Hello, AdminConnector: Connected: false MDM requires Agent is installed on same system HTH, M.
  9. Hello, It seems like You have changed server CA. (that is server certificate validation fails) In such case You must also reconfigure MDM like You did with Agents (via MDM policy). For such change to apply Agent next to MDM must be able to connect to ESMC server. You might need to manually restart MDM after changing CA. HTH, M.
  10. Connection parameters (and other configuration options) are set during installation, so these settings were not changed from initial setup. Once policy is applied it stays in configuration (some of our products have a feature that policy removal restores original settings, MDM does not have this feature). ERA/ESMC will not try to do something behind scenes without user approval, so no worries. Actually we will create improvement for newer versions so some connection settings are taken from Agent as it does not make sense/is misleading to configure this separately.
  11. Hello, First create MDM policy on device which has MDM installed And edit connection list same as You would with Agent HTH, M.
  12. Well, if you're changing subnet and Agents are deployed in a way they contact server via IP adress, You will need to reconfigure both Agents and MDM (as I previously pointed out MDM also has server connection settings in it's policy). If you're using IP address for MDM device endpoint You will loose connectivity from all enrolled devices and will need to re-enroll those. if You're using DNS names and DNS entires are correctly updated (or traffic is forwarded from some other endpoint) in both cases subnet change should work without issues. As for last connection time, I believe s
  13. Hello, I guess we would need logs (in this case those in proxy directory) in trace severity. However as far as I'm aware MDM should not care where server is - MDM only cares about device endpoint which must remain the same - so this is likely connectivity/firewall issue. Some data are sent/received over Agent installed next to MDM. Device data are sent over MDM proxy component (for which connection can be configured in MDM policy. HTH, M.
  14. Hello, The main benefit of ABM is administrators don't need to touch device at all - it's enrolled into MDM during it's first setup (or after factory reset) based on information Administrators configure in ABM portal and MDM policy. From ESET MDM point of view I think we only support Find (in Apple terminology it's lost mode) and supervised restrictions. There is some guide on our side as well. Generally its also possible to setup device into supervised mode by Apple Configurator however we currently don't support this as there was no demand from customers. HTH, M
  15. Hello, For iOS Find device has to be in supervised state, with current implementation it's only possible via ABM program (Apple Business Manager). Some device commands and policies (as marked in policy editor) are only available in such state. HTH, M.
  • Create New...