Jump to content

MDC Problem since ERAS Upgrade to 6.5


HSW
 Share

Recommended Posts

Since we have upgrade to 6.5 i cant reactivate our Mobile Device Connector:

HTTPS certificate chain is incomplete. Enrollment is not allowed.  Malfunction ESET Remote Administrator Mobile Device Connector

 

I have reinstallet the MDC but error again, the cert is created from the ERAS Server (over Peer Certificates in the Admin console)

What can i try? I have only some test mobiles in this DB so its no problem to wipe the MDC DB.

  Malfunction ESET Remote Administrator Mobile Device Connector
Link to comment
Share on other sites

  • 2 weeks later...
On 20. 3. 2017 at 9:20 AM, HSW said:

THX :)

Is it working for you now? I have same problem and HTTPS cert. import wasn't helpful for me.

Link to comment
Share on other sites

  • ESET Staff

Hello Miami
just to be sure: 
the certificate that is part of MDC Policy -> you exported it  from ERA -> and imported according to the steps mentioned above.
and than restart the MDC service ? 
 

If the troubleshooting steps above do not solve your problem, collect the logs with ESET Log Collector (according to these steps) and contact ESET Support

Link to comment
Share on other sites

18 hours ago, Oliver said:

Hello Miami
just to be sure: 
the certificate that is part of MDC Policy -> you exported it  from ERA -> and imported according to the steps mentioned above.
and than restart the MDC service ? 
 

If the troubleshooting steps above do not solve your problem, collect the logs with ESET Log Collector (according to these steps) and contact ESET Support

I have used MDM cert. from ERA "Peer certificates".

EDIT:

Problem is probably with the cert. itself. I have used the one created for MDM server, which is wrong.

Edited by Miami
Link to comment
Share on other sites

  • ESET Staff

Certificates generated in ERA 6.3 (IIRC) and older did not contain CA (ie the chain was incomplete in certificate blob)

You may import only ERA CA into machine certificate store on MDM host (description is in link mentioned by oliver) to workaround this issue, it should start working (recheck is done I think every ten minutes)

However in near future (version 7) we will require full certificate chain in https certificate (it was bad decision this was not validated from start)

These changes are done to improve support for Apple devices, and tighen security, so sorry this was not communicated better, however we can't currently auto-solve this for users.

You may also use certificate change functionality added into 6.5 where if You change HTTPS certificate all devices will (based on their communication rate) switch to new certificate and old is eventually discarded.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...