cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Afaria 7: iOS profile installation failed

Go to solution
former_member615675
Explorer

on ‎04-09-2013 12:00 PM

0 Kudos

ciao to everybody

i'm having problem to enroll iOS device to my afaria 7.

i have set enrollment server, iOS notification, APSN certificate and seems it works correct but when i try to enroll an iOS device i get "PROFILE INSTALLATION FAILED Profile failed to install". Is there ones could help me?

i get an APNS certificate and when i have complete and exorted cetification request, the APNS certificate is missed from Server Certificate in IIS7. If i try to import the exported certificate i get "Cerficate cannot be used as an SSL server certificate" i not able to use it in https definition on IIS 7.

Is there some ones that could explain if i make mistakes?

thanks in advance

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-16-2013 8:43 PM
0 Kudos

The APNS certificate cannot be used as an SSL certificate.

For SSL, you must either obtain a SSL certificate from a known, trusted Certificate Authority (i.e. Verisign, Entrust, etc.) or you can use your own self-signed CA to generate the SSL certificate.

You are likely receiving the "Profile Failed to Install" error due to the fact that a valid SSL certificate isn't being used for communication to the Afaria Server.

Show replies
Show replies
former_member615675
Explorer
‎04-20-2013 5:27 PM
0 Kudos

thanks for your reply.

now the questions are:

where/how i could obtain this correct certificate?

after i'll get the certificate, where/how i have to set in afaria configuration?

during enrollment server installation i used my self generated FQDN certifiicate and in iOS signing configuration i have used APNS certificate.

thanks in advance

Former Member
‎04-22-2013 2:30 PM
0 Kudos

Did you generate the FQDN certificate to be used for SSL communication? If so, that certificate can be used assuming the device is connecting to the Enrollment server using the FQDN. On the Enrollment Server page in the Afaria Administrator console, did you enter the FQDN or IP Address in the "Server Address" field for the Enrollment Server?

The address you enter must match what you used for the Common Name of the SSL certificate. So if you entered the FQDN as the SSL certificate Common Name, the Enrollment Server address must entered as the FQDN in the Afaria Admin console. Same goes for if you used the IP Address as the Common Name of the certificate. Otherwise, if the iOS device connects and sees a mismatch in what it uses to connect to the server vs what the Common Name of the SSL certificate is, it won't be able to complete the HTTPS connection.

former_member615675
Explorer
‎04-23-2013 1:05 PM
0 Kudos

Thank you for your very helpful reply.

i have set enrollment server as you explain and now some things change.

Infact, error still continue appear "Profile failed to install" but, using iPhone utility description error message explain "An SSL error has occurred and a secure connection to the server cannot be made".

If i try to looking for information about it, seems this issues is due to in incomplete import procedure into Device communication section in Afaria administration (see Knowledgebase Article ID #8582 on Sybase site). Import process ask to insert/indicate certificate file, private key file and server identity file with associated encrypt ket password. If I try export my FQDN certificate using MMC with certificates snap-in addon, i'm not able to complete this process because my afaria server inform me that associated private key is marked as not exportable.
how could i fix this issue? have I create a new certificate for SSL site?

Sorry if i continue to disturb you, but for me you became a big friend.

Former Member
‎04-23-2013 2:23 PM
0 Kudos

The error listed in KB 8582 is not relevant to iOS devices. You don't need to use the import process on the "Device Communication" page for iOS devices. You just need to ensure that the SSL certificate is bound to the HTTPS protocol in IIS Manager for the Default Web Site.

Are you using our Relay Server component to allow your devices to connect to the Enrollment Server?

Can you possibly copy/paste what you see in the iPhone Configuration Utility when you receive the error?

former_member615675
Explorer
‎04-24-2013 1:42 PM
0 Kudos

Hi Jamal,
sorry for my lazy reply and boring you with my issue.

My afaria configuration doesn't use relay server at the moment.
in attach of mine you could find what i see using iPhone console utility:

Apr 23 19:36:49 iPad profiled[5752] <Notice>: (Note ) MC: Issued certificate received.
Apr 23 19:36:54 iPad profiled[5752] <Notice>: (Error) MC: Connection to https://afariasrv.afaria.local:8443/aips2/aipService.svc/TokenCheckin failed with error: NSError:
Desc   : An SSL error has occurred and a secure connection to the server cannot be made.
Domain : NSURLErrorDomain
Code   : -1200
Type   : MCFatalError
Apr 23 19:36:54 iPad profiled[5752] <Notice>: (Error) MDM: Cannot Authenticate. Error: NSError:
Desc   : An SSL error has occurred and a secure connection to the server cannot be made.
Domain : NSURLErrorDomain
Code   : -1200
Type   : MCFatalError
Apr 23 19:36:54 iPad profiled[5752] <Notice>: (Error) MC: Cannot install MDM mdm-8ea9691c7fb0afb261256ce3d8595d6a72925e6e. Error: NSError:
Desc   : The payload mdm-8ea9691c7fb0afb261256ce3d8595d6a72925e6e could not be installed.
Sugg   : An SSL error has occurred and a secure connection to the server cannot be made.
US Desc: The payload mdm-8ea9691c7fb0afb261256ce3d8595d6a72925e6e could not be installed.
Domain : MCInstallationErrorDomain
Code   : 4001
Type   : MCFatalError
Params : (
"mdm-8ea9691c7fb0afb261256ce3d8595d6a72925e6e"
)
...Underlying error:
NSError:
Desc   : An SSL error has occurred and a secure connection to the server cannot be made.
Domain : NSURLErrorDomain
Code   : -1200
Type   : MCFatalError

Many thanks for every efforts you do for me.

Former Member
‎04-24-2013 3:21 PM
0 Kudos

Based on this link: https://afariasrv.afaria.local:8443/aips2/aipService.svc/TokenCheckin, I see that the address the device uses to connect to the Enrollment Server is "afariasrv.afaria.local". For the SSL certificate that you generated for the Enrollment Server, did you enter the Common Name as "afariasrv.afaria.local"?

Did you obtain you SSL certificate from a known, trusted CA (i.e. Verisign, GeoTrust, etc.) or did you use your own internal CA to generate a self-signed certificate?

If it is a self-signed certificate, you must ensure that you have imported the Root certificate from your CA Server in the "Trusted Root Certificate Authorities" store on the Enrollment Server machine. Additionally, during the Enrollment Server setup, you must specify the SSL certificate on the "Specify SSL certificate" page of the installation wizard. This will allow Afaria to provide the iOS device with the CA server's Root certificate so the device can complete the SSL connection.

You can review KB 7706 (on the Sybase site) as a reference.

Answers (1)

Answers (1)

Former Member
‎04-23-2013 2:26 PM
0 Kudos

I think you need to import the root ca certificate of your Afaria CA.

Kind regards,

Robin

Show replies
Show replies
former_member615675
Explorer
‎04-24-2013 1:45 PM
0 Kudos

Thanks for your reply Robin,

but could you explain how i have to import the root CA certificate into my Afaria CA?

my root CA certificate is in the same machine where Afaria CA server is working.

sorry if i boring you, but i'm not able to understand how i have to do your suggest

Former Member
‎01-30-2014 11:37 PM
0 Kudos

Hi Loris

I have the same issue, I try to enroll an iOS device i get "profile installation failed". Did you solved the problem?

Regards

Former Member
‎01-31-2014 4:57 AM
0 Kudos

Hi,

Make sure to browse the certificate at the time of installation of IPhoneserver setup.

You can also install the certificate on device directly for testing purpose.

former_member581822
Member
‎02-26-2014 11:58 PM
0 Kudos

I'm also having the same problem.  It appears as though this has not yet been resolved?


Can anyone please advise if there is solution to this problem?

Cheers

Ask a Question