maiki 0 Posted September 18, 2018 Share Posted September 18, 2018 Hello Forum, is ESET MDM working with IOS 12 ? Greetings Maik Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted September 18, 2018 ESET Staff Share Posted September 18, 2018 Hello, We use iOS built-in MDM which is backward compatible. So it should. However, I don't recall we had tested this (as it was released recently), so to ensure please raise a support ticket, so our QA engineers can check. We'll be releasing configuration updates later if there are any notable changes, these will be delivered to existing installations via module updates. Link to comment Share on other sites More sharing options...
maiki 0 Posted September 24, 2018 Author Share Posted September 24, 2018 Hello forum, ESET MDM is not compatible with IOS 12. If i try to install the profile, the ipad say "Profilinstallation ist fehlgeschlagen Profil konnte nicht installiert werden. Could somone else please test IOS12 Thanks Maik Link to comment Share on other sites More sharing options...
noorigin 3 Posted September 24, 2018 Share Posted September 24, 2018 (edited) Me too! Just went to enroll a iOS 12 iPhone and get "Profile failed to install" on the phone. So my big fear is, am I about to lose ALL my iPhones in the MDM, as users upgrade to 12? ESET please reply!!! Edited September 24, 2018 by noorigin Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted September 25, 2018 ESET Staff Share Posted September 25, 2018 @maiki & @noorigin Can you please report a specific version of Mobile Device Connector that you are using and also the version of ERA? We have verified it internally, that it´s possible both to enroll / manage mobile phone via ERA 6.5 & ESMC V7.0, so it might be a different problem. Also, if possible, please provide logs from the mobile device connector, from the time you were attempting to enroll the device. I have an iPhone that was managed (connected to my MDM) with iOS 11 & it survived the upgrade to iOS 12 without any issue. Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted September 25, 2018 ESET Staff Share Posted September 25, 2018 Please create support tickets as these issues usually require more information. I'll note we will need log collector logs as we need to check certificate assigned to MDM HTTPS interface. It's also possible we will need Wireshark logs, as devices may simply refuse communication due to TLS stack and on v6.5 we used windows implementation (switched to OpenSSL on v7). We already encountered some issues with windows TLS, namely security patches (or users) disabling some cipher suites or hash algorithms required for Apple devices (and services) to work correctly. Link to comment Share on other sites More sharing options...
noorigin 3 Posted September 25, 2018 Share Posted September 25, 2018 @MichaelJ Where do I find the MDC version? ERA is v6.5.522.0 2018-09-25 19:47:00 E [8044] Uncaught exception: NodSslException, NodSsl function completeHandshake.RecvEncryptedData returned an error (Handshake failed to complete) for peer [::ffff:172.58.168.233]:28351, local [::ffff:10.10.10.20]:9981 2018-09-25 19:48:54 E [8756] Uncaught exception: NodSslException, NodSsl function completeHandshake.RecvEncryptedData returned an error (Handshake failed to complete) for peer [::ffff:172.58.168.233]:58175, local [::ffff:10.10.10.20]:9981 That is a log entry from from trace.log of what i assume is the error considering the timestamp (I tried again today) @LegacyConnectorSupport Ticket was created. How do I "log collector logs"? Link to comment Share on other sites More sharing options...
maiki 0 Posted September 27, 2018 Author Share Posted September 27, 2018 On 9/25/2018 at 10:22 AM, MichalJ said: @maiki & @noorigin Can you please report a specific version of Mobile Device Connector that you are using and also the version of ERA? We have verified it internally, that it´s possible both to enroll / manage mobile phone via ERA 6.5 & ESMC V7.0, so it might be a different problem. Also, if possible, please provide logs from the mobile device connector, from the time you were attempting to enroll the device. I have an iPhone that was managed (connected to my MDM) with iOS 11 & it survived the upgrade to iOS 12 without any issue. Hello MichalJ we have Server 7.0.451.0 and MDC 7.0.413.0. How can i see the logfiles from the MDC Appliance ? Thanks Maik Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted September 27, 2018 ESET Staff Share Posted September 27, 2018 The best would be to enable webmin interface, and then locate the logs within the corresponding directory. Logs locations are described here: https://help.eset.com/esmc_deploy_va/70/en-US/?va_troubleshooting.html Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted October 5, 2018 ESET Staff Share Posted October 5, 2018 (edited) Hello, Apple changed security requirements for iOS 12. However what would most customers be affected with is certificate signature algorithm requirements (server certificates with SHA1 signature are no longer accepted) With ESMC (when advanced security is turned on) You can create such a certificate and then run a certificate change process on MDC. HTH. Edited October 5, 2018 by LegacyConnectorSupport Link to comment Share on other sites More sharing options...
noorigin 3 Posted October 5, 2018 Share Posted October 5, 2018 So does that mean we need to upgrade ERA to ESMC and enable advanced security? Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted October 5, 2018 ESET Staff Share Posted October 5, 2018 No, it's just one of the ways how to generate a valid certificate which will be trusted by iOS 12. (and based on your logs you meet other preconditions) Your other options are * create certificate manually (however it must be either self-signed or signed by ERA CA in MDC versions prior to 7) * purchase a certificate from an official authority which is trusted by iOS implicitly. 1) Please also ensure when You about to set this certificate to MDC it contains root CA. In version 7 we require this as we no longer use system dependant TLS layer (so You save yourself some work when upgrading) 1) https://support.apple.com/en-us/HT204132 Link to comment Share on other sites More sharing options...
noorigin 3 Posted October 9, 2018 Share Posted October 9, 2018 (edited) On 10/5/2018 at 10:12 AM, LegacyConnectorSupport said: * create certificate manually (however it must be either self-signed or signed by ERA CA in MDC versions prior to 7) The current certificate was created in ERA and ERA CA is the issuer. Would just recreating it work? Edited October 9, 2018 by noorigin Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted October 10, 2018 ESET Staff Share Posted October 10, 2018 (edited) ERA 6.5 AFAIK has the ability to create sha256 signed certificates. (but You will need to enable advanced security) In the end safest bet when it comes to iOS devices is purchasing a trusted issuer certificate as trust is pre-installed on the device. 99% iOS enrollment issues are due to not established trust between MDM and device, then it's just about finding out which criterium was not met. We'll be putting up KB with pre-requisites as there are more of them, I will post a link here when it's complete. Edited October 10, 2018 by LegacyConnectorSupport Invalid information. Link to comment Share on other sites More sharing options...
maiki 0 Posted October 15, 2018 Author Share Posted October 15, 2018 On 10/5/2018 at 2:54 PM, LegacyConnectorSupport said: Hello, Apple changed security requirements for iOS 12. However what would most customers be affected with is certificate signature algorithm requirements (server certificates with SHA1 signature are no longer accepted) With ESMC (when advanced security is turned on) You can create such a certificate and then run a certificate change process on MDC. HTH. Hello Forum, i have created a new Certifikate with advanced security is turned on, but on IOS 12 it is not working anymore. What could we do... Thanks Maik Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted October 15, 2018 ESET Staff Share Posted October 15, 2018 Can You PM me your MDM site if it's visible to the world? There are other pre-requisites (PFS cipher suites in 6.X this depends on OS/openssl version, etc...) Link to comment Share on other sites More sharing options...
noorigin 3 Posted October 15, 2018 Share Posted October 15, 2018 Same here as Maiki, enabled advanced security, created new CA and certs, still no dice....PM for address to mdm site sent Link to comment Share on other sites More sharing options...
maiki 0 Posted October 16, 2018 Author Share Posted October 16, 2018 After creating a new CA ( with security enabled) and reploy the MDM Appliance. It is working for me. Link to comment Share on other sites More sharing options...
noorigin 3 Posted October 19, 2018 Share Posted October 19, 2018 We'll be putting up KB with pre-requisites as there are more of them, I will post a link here when it's complete. On 10/10/2018 at 4:19 AM, Mirek S. said: We'll be putting up KB with pre-requisites as there are more of them, I will post a link here when it's complete. Is there an ETA on when the KB will be released? Our issue is still not resolved. Link to comment Share on other sites More sharing options...
ESET Staff Oliver 9 Posted October 22, 2018 ESET Staff Share Posted October 22, 2018 Hello, the content is available at https://help.eset.com/esmc_install/70/en-US/?mobile.html Link to comment Share on other sites More sharing options...
Recommended Posts