HSW 9 Posted March 17, 2017 Posted March 17, 2017 Since we have upgrade to 6.5 i cant reactivate our Mobile Device Connector: HTTPS certificate chain is incomplete. Enrollment is not allowed. Malfunction ESET Remote Administrator Mobile Device Connector I have reinstallet the MDC but error again, the cert is created from the ERAS Server (over Peer Certificates in the Admin console) What can i try? I have only some test mobiles in this DB so its no problem to wipe the MDC DB. Malfunction ESET Remote Administrator Mobile Device Connector
ESET Staff Oliver 9 Posted March 17, 2017 ESET Staff Posted March 17, 2017 Hello, You need to import your HTTPS certificate into the certificate store on the MDM host device according to these steps : http://help.eset.com/era_install/65/en-US/index.html?certificate_mdm_https.htm
Miami 4 Posted March 30, 2017 Posted March 30, 2017 On 20. 3. 2017 at 9:20 AM, HSW said: THX Is it working for you now? I have same problem and HTTPS cert. import wasn't helpful for me.
ESET Staff Oliver 9 Posted March 30, 2017 ESET Staff Posted March 30, 2017 Hello Miami just to be sure: the certificate that is part of MDC Policy -> you exported it from ERA -> and imported according to the steps mentioned above. and than restart the MDC service ? If the troubleshooting steps above do not solve your problem, collect the logs with ESET Log Collector (according to these steps) and contact ESET Support.
Miami 4 Posted March 30, 2017 Posted March 30, 2017 (edited) 18 hours ago, Oliver said: Hello Miami just to be sure: the certificate that is part of MDC Policy -> you exported it from ERA -> and imported according to the steps mentioned above. and than restart the MDC service ? If the troubleshooting steps above do not solve your problem, collect the logs with ESET Log Collector (according to these steps) and contact ESET Support. I have used MDM cert. from ERA "Peer certificates". EDIT: Problem is probably with the cert. itself. I have used the one created for MDM server, which is wrong. Edited March 31, 2017 by Miami
ESET Staff Mirek S. 18 Posted March 31, 2017 ESET Staff Posted March 31, 2017 Certificates generated in ERA 6.3 (IIRC) and older did not contain CA (ie the chain was incomplete in certificate blob) You may import only ERA CA into machine certificate store on MDM host (description is in link mentioned by oliver) to workaround this issue, it should start working (recheck is done I think every ten minutes) However in near future (version 7) we will require full certificate chain in https certificate (it was bad decision this was not validated from start) These changes are done to improve support for Apple devices, and tighen security, so sorry this was not communicated better, however we can't currently auto-solve this for users. You may also use certificate change functionality added into 6.5 where if You change HTTPS certificate all devices will (based on their communication rate) switch to new certificate and old is eventually discarded.
Recommended Posts