TonyatGTL 0 Posted September 29, 2016 Posted September 29, 2016 Hello, Despite having followed the KB time and time again I keep hitting a hard stop whenever I try to enroll iPhones into the ERA MDM. Basically, I get the error message I've attached to this message every time an iPhone (the one in the screenshot is a simulator but we've tried with real devices as well, same difference) connects to MDMCore for enrollment. I have followed the KB, I've verified that the certificates match, I've obtained the right APNS cert from Apple yet I keep getting the same error. This is the MDMCore trace (edited for IPs) ------- start log 2016-09-29 10:06:36 I [1] MDMCore version: 6.4.252.02016-09-29 10:06:36 I [1] Running MDMCore...2016-09-29 10:06:36 I [1] Database type: MSSQL2016-09-29 10:06:36 I [1] Loading ESET modules from C:\ProgramData\ESET\RemoteAdministrator\MDMCore\Modules\2016-09-29 10:06:52 I [1] CE2 module initialization2016-09-29 10:06:59 I [1] Config: server connection: "localhost", port 22222016-09-29 10:06:59 I [1] Config: host: "HOST.DOMAIN.local", port 9981, enrollment port 99802016-09-29 10:06:59 I [1] HTTPS certificate CN: HOST.DOMAIN.local *** (yes, it matches the one on the line above)2016-09-29 10:06:59 I [1] Setting log level from CE to warning2016-09-29 10:06:59 W [1] Cannot parse APNS cert, iOS enrollment and push notifications will not work2016-09-29 10:07:00 W [1] AdminConnector not added to Storage. EnrollmentTokenPoolLog for reenrollment not sent.2016-09-29 10:07:04 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:07:04 I [1] Logging to directory C:\ProgramData\ESET\RemoteAdministrator\MDMCore\Logs\Proxy/2016-09-29 10:07:05 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:07:05 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:07:06 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:07:10 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:07:13 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:07:18 E [8] Uncaught exception: Connection reset by peer,2016-09-29 10:07:35 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:11:01 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:11:03 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:11:04 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:11:04 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-09-29 10:12:04 E [5] Error while updating ConfEng: Perform Update: UpdPerformUpdate failed with error: 41222016-09-29 10:12:17 W [5] Exception in APNS feedback check: "Net Exception" (NodSsl returned an error 206. Peer 17.188.135.152:2196, local 192.168.X.Y:49427). Aborting feedback processing.2016-09-29 10:12:17 E [5] Uncaught exception: Net Exception, NodSsl returned an error 206. Peer 17.188.135.152:2196, local 192.168.X.Y:49427------- end log Any clue as to why it does that? The certificate, CRL, private key, everything was done according to the manual and I've even requested a new APNS key but it does the same thing. I've contacted our reseller for support but it's been a few days and no answer so I thought I'd try here. Thanks Tony
ESET Staff madmaxoft 3 Posted October 7, 2016 ESET Staff Posted October 7, 2016 (edited) Hello, we've just updated the KB on the APNS certificate to clearly say which file goes where, have a look (step 9) and just make sure that it's what you've been doing - basically the file downloaded from the Apple portal needs to go into the APNS certificate field, and the private key downloaded from the webconsole goes to the APNS private key field). hxxp://support.eset.com/kb5771/#MDMSignedAPNCert I can see one additional problem in the log, not sure if it was due to your editing. The hostname given to MDM needs to be resolvable from the device. If you want your MDM to work on devices that leave your company network, that means the hostname needs to be publicly accessible. The one you're using, "xxx.yyy.local", is unlikely to be accessible from the outside internet. Let me know if any of this helps. Mattes Edited October 7, 2016 by madmaxoft
TonyatGTL 0 Posted October 17, 2016 Author Posted October 17, 2016 (edited) Hello, Thanks for your reply. The certificates are applied in the way you explained in your documents (it was like that even before but to be sure I reapplied the certificates making sure which is which) and the device is currently on the corporate network, DNS name resolution is OK, VPN is always on and and in fact Android phones on the exact same network running ESET Mobile Security for Android work perfectly so it's not an infrastructural thing (at least not between the phone and the server). Last log: 2016-10-17 14:31:41 I [1] MDMCore version: 6.4.252.02016-10-17 14:31:41 I [1] Running MDMCore...2016-10-17 14:31:41 I [1] Database type: MSSQL2016-10-17 14:31:41 I [1] Loading ESET modules from C:\ProgramData\ESET\RemoteAdministrator\MDMCore\Modules\2016-10-17 14:31:56 I [1] CE2 module initialization2016-10-17 14:31:56 I [1] Config: server connection: "localhost", port 22222016-10-17 14:31:56 I [1] Config: host: "HOST.domain.local", port 9981, enrollment port 99802016-10-17 14:31:56 I [1] HTTPS certificate CN: HOST.domain.local /* edited out due to security policy */2016-10-17 14:31:56 I [1] Setting log level from CE to warning2016-10-17 14:31:56 W [1] Cannot parse APNS cert, iOS enrollment and push notifications will not work2016-10-17 14:31:56 W [1] AdminConnector not added to Storage. EnrollmentTokenPoolLog for reenrollment not sent.2016-10-17 14:31:56 I [1] Logging to directory C:\ProgramData\ESET\RemoteAdministrator\MDMCore\Logs\Proxy/2016-10-17 14:31:58 W [8] Enrollment from iOS requested but no APNS certificate provided. Enrollment profile not sent.2016-10-17 14:36:59 E [5] Error while updating ConfEng: Perform Update: UpdPerformUpdate failed with error: 41222016-10-17 14:37:13 W [5] Exception in APNS feedback check: "Net Exception" (NodSsl returned an error 206. Peer 17.188.161.14:2196, local 192.168.x.xxx:64379). Aborting feedback processing.2016-10-17 14:37:13 E [5] Uncaught exception: Net Exception, NodSsl returned an error 206. Peer 17.188.161.14:2196, local 192.168.x.xxx:64379 It looks to me that at right at startup the APNS certificate can't be parsed for some reason. I've tried 4 different certificates, all valid. I've opened a support case and provided logs, hope I'll get to the bottom of this. Thanks Edited October 17, 2016 by TonyatGTL
Recommended Posts