Jump to content

Mirek S.

ESET Staff
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Mirek S.

  1. Hello, "2019-06-28 10:57:16 W [14036] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent." This means MDM does not have configured (or configuration failed to apply) APNS certificate. Ensure you have policy assigned to MDM and it's actually applied. You can check via Configuration -> Get on device on which MDM is installed. "AdminConnector: Connected: true" means connection between managing Agent and MDM works (it's the chanel policy is delivered over). If this is correct change something in policy (log level etc..). Agent sadly does not attempt to send policy multiple times, so it's possilble failed delivery attempt caused this state. If you can't figure out why policy isn't applied please contact support instead, we can't request relevant log files over forum. Please also check You meet HTTPS certificate requirements, they differ for Android and iOS. https://help.eset.com/esmc_install/70/en-US/mobile.html https://help.eset.com/esmc_install/70/en-US/?certificate_mdm_https_requirements.html https://support.eset.com/kb6368/#CreateMDMCert https://help.eset.com/esmc_install/70/en-US/?mobile_connector_installation_windows.html HTH, M.
  2. Hello, Those requirements are there mainly because iOS devices as we use built-in iOS. What iOS devices accept as trusted differs per iOS version and we described _most_ restrictive rules which should work always. (There are other requirements like RSA2048+, SHA256+ etc... for iOS described elsewhere in documentation) So in the end Your certificate may work (it will definitely work for Android devices), however when Apple brings some update to their trust validation it might stop working. HTH, M.
  3. Hello, MultiAgent(s) trace log verbosity is determined by MDMCore trace log verbosity. It's also possible support directed You to create traceAll file which overrides this configuration (so just delete it) As a sidenote (and possibly solution) there was issue with ScanLog processing which produces periodically multiple errors inside MultiAgent logs, this is fixed in service release - AFAIK this was released into repository so You can upgrade via component upgrade task. HTH.
  4. Hello, It's possible CloudFlare incorrectly caches some parts of configuration editor and returns out-of-date data causing this. Please create HAR log @PavelP mentioned it might help us determine whether issue is with CloudFlare or webconsole itself. Ideal would be to have tomcat access log paired with this log to determine which requests made it to server and which did not. Thanks.
  5. Hello, We checked multiple browsers to identify which one produces this error (seems like you posted chrome error), However for future reference (and potentional improvement) can you please answer following? browser(s) (in case of IE ideally export security settings for security zone console is in) - you already said you tried multiple, however platform/browser still matters for reproduction. webconsole behind reverse proxy/application firewall ESET (or other) product with TLS filtering enabled installed on computer connecting to console Any "uncommon" setup you can think of This issue can arise in case _some_ https requests on same site (in this case as Pavel said seems like js script) is blocked from download. Which in case of TLS (to my knowledge) requires MITM interception (product/WAF/RP/actual attack) or extremely restrictive browser rules. Thanks, M.
  6. Hello, Please create support ticket for this. Currently this is not well handled issue as installation after pressing cancel actually removes relevant log files (startup of Agent which fails due to which logs which should identify cause of failure are erased - too many witches) When message box is open - i.e. don't cancel it until logs are collected (failed to start) please run eset log collector and provide those to support, it should help us to determine cause of this issue in future. HTH
  7. "Error during policy application on device" means device declined configuration profile for some reason - there is sadly no standard way how this is reported in ESMC, nor does Apple tell us anything specific. What you posted actually points out there is issue with UUID generation inside conversion between our and Apple format. We will have to check conversion into configuration profile - it's possible there were some changes which broke this functionality on newer iOS or with Your use-case. Please test this without using user attributes (just put in real values and apply on phone instead), to check if issue persists. We will need iOS version, exported policy, used user attributes (if there are for example special characters...), MDM version and configuration module version on MDM. Please create support ticket (and tell Your distributor to directly forward it to MDM team as there is most likely nothing they can do), or post here (secrets in attachment, only eset stuff can see those) Bad news is this is probably bug, good news is we can probably fix it faster than standard ESMC release cycles as most code related to this functionality is in updateable module. As a side note, we did not manage to reproduce the issue. So to check we will need above specified.
  8. Hello, V4-V5 producs are managed by so-called Legacy Connector (component of Agent). This component does on-behalf-of licensing for these products - if activation succeeds products are configured with license and/or update username/password whichever is applicable for such product. I'm actually unsure if it's still possible to manually set update username/password without those being overwritten by Agent. (This really is on per-product basis and what their product team decide - to expose update parameters in product policy or not) Please upload Agent log (error line should contain "EcpCommunicator") in trace severity (or create support ticket). It's possible something blocks communication with eset licensing servers (edf.eset.com:443) or there is other issue. Offline license file is not supported for on-behalf-of activation as format changed between V5 and V6 line. HTH
  9. Hello, The "Name" (in my example a0) is essentially just identification for You (so put there whatever makes sense to You). Assume You wanted multiple exchange or VPN (etc...) configurations, You would need to address them in policy editor somehow. I also think (unsure would have to check code), iOS configuration profile is filled only if all attributes specified in policy editor are non-empty. Imagine user = set of attributes. user1 = { exchange { mydomain { email = "my@email.com" login = "me" } myshadowdomain { email = "othermy@email.com" login = "otherme" } } } Such attributes are then available in policy editor in a slightly different format of exchange_email/mydomain or exchange_email/myshadowdomain. (Where mydomain and myshadowdomain are Name). This is not only for multiple configurations, but also as MSP support where multiple companies are managed in one ESMC. TBH seeing this I'm unsure why we did it this way as both hierarchical "exchange/mydomain/email" or flat list makes more sense. HTH
  10. Hello, The attributes are configured in the synchronization task. Then each device needs to have a user assigned. Such variables are then replaced in configuration delivered into the phone. If a user is not assigned or attribute synchronized (or defined manually) block of configuration (exchange mailbox etc...) is actually removed from the device configuration profile. Meaning that attributes synchronized as Are available in policy as Which synchronized attribute should map to what really depends on Your AD schema. HTH
  11. Hello, Per-chance is device supervised? (This is not officially supported, but can be done even without ABM/DEP) You may attempt to run Antitheft task "Turn off lost mode" it should work (that is reset internal flags which cause lost mode reported) However IIRC there was an issue with this task in the official release (which is fixed in upcoming service release). You might want to contact support for an unofficial hotfix. HTH
  • Create New...