Jump to content

Recommended Posts

Posted

Since we have upgrade to 6.5 i cant reactivate our Mobile Device Connector:

HTTPS certificate chain is incomplete. Enrollment is not allowed.  Malfunction ESET Remote Administrator Mobile Device Connector

 

I have reinstallet the MDC but error again, the cert is created from the ERAS Server (over Peer Certificates in the Admin console)

What can i try? I have only some test mobiles in this DB so its no problem to wipe the MDC DB.

  Malfunction ESET Remote Administrator Mobile Device Connector
Posted

THX :)

  • 2 weeks later...
Posted
On 20. 3. 2017 at 9:20 AM, HSW said:

THX :)

Is it working for you now? I have same problem and HTTPS cert. import wasn't helpful for me.

  • ESET Staff
Posted

Hello Miami
just to be sure: 
the certificate that is part of MDC Policy -> you exported it  from ERA -> and imported according to the steps mentioned above.
and than restart the MDC service ? 
 

If the troubleshooting steps above do not solve your problem, collect the logs with ESET Log Collector (according to these steps) and contact ESET Support

Posted (edited)
18 hours ago, Oliver said:

Hello Miami
just to be sure: 
the certificate that is part of MDC Policy -> you exported it  from ERA -> and imported according to the steps mentioned above.
and than restart the MDC service ? 
 

If the troubleshooting steps above do not solve your problem, collect the logs with ESET Log Collector (according to these steps) and contact ESET Support

I have used MDM cert. from ERA "Peer certificates".

EDIT:

Problem is probably with the cert. itself. I have used the one created for MDM server, which is wrong.

Edited by Miami
  • ESET Staff
Posted

Certificates generated in ERA 6.3 (IIRC) and older did not contain CA (ie the chain was incomplete in certificate blob)

You may import only ERA CA into machine certificate store on MDM host (description is in link mentioned by oliver) to workaround this issue, it should start working (recheck is done I think every ten minutes)

However in near future (version 7) we will require full certificate chain in https certificate (it was bad decision this was not validated from start)

These changes are done to improve support for Apple devices, and tighen security, so sorry this was not communicated better, however we can't currently auto-solve this for users.

You may also use certificate change functionality added into 6.5 where if You change HTTPS certificate all devices will (based on their communication rate) switch to new certificate and old is eventually discarded.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...