cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Afaria 7 - Self Service Portal issue

former_member226851
Participant

on ‎09-27-2013 12:09 PM

0 Kudos

Hi Everyone,

I've installed Afaria 7 including Self Service Portal, but each time I try to logon on the SSP I get error as attached. Is it fault of Afaria or .NET?

BTW. Is SSP a only way to register device and connect with Afaria? Could anyone describe steps required to connect a device with Afaria?

I'm looking forward for any piece of advice!

Best regards,

Tomasz

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
‎08-28-2014 7:29 AM
0 Kudos

Hi Tomasz,

I am exploring SAP AFARIA as a beginner following this link (https://portal.sapmobilesecure.com/free_trial.php) , I have registered on their  30 day trail version.

I have received activation mail for creating cloud account, but I am not receiving a secondary email related to access of the End-User Self-Service Portal with username password; which is important for registering Device with the SAP AFARIA environment.

Please give me your input on this, So that I could explore it properly.

Thanks

Resham Mittal

Show replies
Show replies
former_member226851
Participant
‎09-30-2013 11:51 AM
0 Kudos

Hi,

thank you all for suggestions. The thing is that I'm starting with Afaria management, and it hasn't work properly yet. Thanks to SAP Mobile Academy - afaria videos I managed to create a enrollment police, then I created an ios group and linked it to this enrollment police. After that I downloaded an afaria client app on my iPad and tried to connect with Afaria using enroll code - but no luck. "Enrollment is incomplete" message occurs each time I try to log in using this code. When I fill fields in afaria settings (IP, PORT, and Virtual Directory - which is aisp) username/password popup appears instead of enrollment code. There are no logs on afaria server about connecting my iPad to it.

Any ideas?

Best regards,

Tomasz

Show replies
Show replies
former_member10452
Employee
Employee
‎09-30-2013 11:54 AM
0 Kudos

Hi Tomasz,

Could you please collect console logs of your iPad collected when you try to enroll. We can get more information from console logs.

Regards,

Abhishek Joshi

Former Member
‎09-30-2013 12:47 PM
0 Kudos

Hi ,

At the time of installation for Iphone component ( Provision server) you had not unchecked the option for windows authentication ( Screen of installation for aips aips2 you will see windows authentication option by default checked you had to unchecked ).

1. Reinstall the component and unchecked the Windows Authentication

2. For "Enrollment is incomplete" error you need to installed the relevant patch check the list below.

Afaria 6.6 Feature Pack 1 Hot Fix 125 for Afaria 6.6 2011_05

Afaria 6.6 Feature Pack 1 Hot Fix 123 for Afaria 6.6 2011_06

Afaria 7 Service Pack 1 Hot Fix 32 for Afaria 7 Service Pack 1

Afaria 7 Service Pack 2 Hot Fix 20 for Afaria 7 Service Pack 2

Afaria 7 Service Pack 3 Hot Fix 4 or Hot Fix 6 for Afaria 7 Service Pack 3

3. Than try creating new Dynamic Group , Policy and enrollment code Link the policy to group.

4. Assuming you had configured CA Server and done with the setting in Afaria console .

5. SSL certificate for relay server ( If no relay server than for Afaria server).

6. All the ports are opened properly. ( 80,443, from relay server and 2195 and 2196 from Afaria server).

former_member226851
Participant
‎09-30-2013 2:17 PM
0 Kudos

Hi,

unfortunately nothing has changed. I've already installed those services packs (I've downloaded them from Sap Marketplace). I've also reinstalled this Enrollment Server component, and unchecked windows authorization. No changes, I still get "Enrollment is incomplete" or "Enrollment failed" when I either try to enroll my iPad or an android device.

Should I set settings on client's device such as IP, PORT, Virtual Directory or not? I use TinyURL for enrollment but when I try to check Long URL it also doesn't work.

@Abhishek Joshi

Where can I found this console logs?

Best regards,

Tomasz

Former Member
‎09-30-2013 2:53 PM
0 Kudos

For Enrollment failed you need to installed the hot fix available in frontline.sybase.com site .

List fo Hotfix need to installed according to your service pack.

Afaria 6.6 Feature Pack 1 Hot Fix 125 for Afaria 6.6 2011_05

Afaria 6.6 Feature Pack 1 Hot Fix 123 for Afaria 6.6 2011_06

Afaria 7 Service Pack 1 Hot Fix 32 for Afaria 7 Service Pack 1

Afaria 7 Service Pack 2 Hot Fix 20 for Afaria 7 Service Pack 2

Afaria 7 Service Pack 3 Hot Fix 4 or Hot Fix 6 for Afaria 7 Service Pack 3

Enrollment incomplete please go to Enrollment policy click on Enrollment code and click inspect and check if the URL is properly it should start with relay server address.


Cause of Enrollment failed can be multiple reason .

1. Internal ip address set in device communication in afaria console .( Should be relay server).

2. All outbound enabler should be properly connected to relay server

3. Any port blocking restrcition from firewall from relay server to device.

4. On device internet connection restriction if you are testing from internal corporate wifi

5. Wrong address in enrollment code

Note:  Please download other relevant hotfix available for your service pack available

former_member10452
Employee
Employee
‎09-30-2013 4:33 PM
0 Kudos

Hi Tomasz,

Connect your iPad to either Mac or Windows machine and open console logs. On windows you would need iphone configuration utility to collect console logs.

Once connected and you get information on console logs, please try to enroll you client and collect the logs.

Regards,

Abhishek Joshi

Former Member
‎10-15-2013 12:19 PM
0 Kudos

Hi Thomasz,

Please  ensure following setttings are done properly on Admin UI for server configuration -

1.  Device communiction.

2.  CA certificate in certificate Authority

3.  Certificates in  IOS notification.

4. Settings on Enrollment server

5. Settings on Package server

Regards,

Nilima Kulkarni

former_member226851
Participant
‎10-15-2013 2:02 PM
0 Kudos

Hi,

I finally managed to create an account on frontline.sybase.com, download all hot fixes and install them. Currently I am able to connect my iPad to Afaria, but I always receive a message that profile is unsigned and it can not be installed on my device. I think that this is due to CA server, which haven't been installed yet.

I was also trying to connect my Android device to Afaria, but the following error occurs:

"You are not assigned to run this policy. Please contact your IT administrator".

btw - this is a bit funny, because I am the IT administrator;)

Best regards,

Tomasz

Former Member
‎10-15-2013 2:08 PM
0 Kudos

Hi,

Its ok with unsigned profile still you can enrolled the device no problem with that , its just few setting you need to do for signed profile.. you can still go with unsigned profile and enroll the ios device

please post the error what you are getting while enrolling.

For android you need to follow the step

1. create a group

2. Create a policy

3. Link the group and policy

4. create a enrollment code .. define the group in enrollment code.

5. enroll the device

Please refresh the group many time because the group is not refreshed you get the the error.

former_member226851
Participant
‎10-15-2013 2:36 PM
0 Kudos

Hi Chetan,

many thanks! An android device is working fine now after I created a new group, a new configuration policy, then I linked them together, and created an enrollment policy, which is used for enroll a device.

On my iOS device I get a following message: " A transaction with the server at http://<server>/aips2/aipService.svc/PostData has failed with the status 406".

Could you advice?

Tomasz

Former Member
‎10-15-2013 2:43 PM
0 Kudos

Error 406 is either you are using the same enrollment code or the device details are still on console or database

In IOS even the device not complete enrolled it registered the device details on afaria console .. remove the details from console create new enrollment code and try again

Former Member
‎10-15-2013 4:51 PM
0 Kudos

Thomasz,

Error 406 comes for CA certificate. Enter CA server details on Certificate Authority page on Server configuration.

Once again check server configuration is done properly.

Regards,

Nilima

former_member226851
Participant
‎10-16-2013 8:38 AM
0 Kudos

Hi,

Is CA server required for iOS devices enrollment? I haven't install it yet, and all settings regarding CA server on Server configuration page are empty. Could that be a reason of the 406 error?

@chetan dalvi - I have removed everything from a device tab, so I think that it is not caused by multiple entries related with a one device. This error still occurs, even thought I have recreated an enrollment code.

Best regards,

Tomasz

former_member10452
Employee
Employee
‎10-16-2013 9:42 AM
0 Kudos

Hi Tomasz,

Yes, CA server is compulsory for iOS devices and required to enroll your devices.

When you enroll your iOS device then CA will issue one cert to your device using Network device enrollment component.

Regards,

Abhishek Joshi

Former Member
‎10-16-2013 9:43 AM
0 Kudos

Tomasz,

Yes, CA certificate and notification certificates details on server configuration are required for ios device enrollment.

Regards,

Nilima

Former Member
‎10-16-2013 9:50 AM
0 Kudos

Yes, CA Certificate is mandatory for IOS device.

Requirement for IOS device

1. CA server .. Enterprise /Subordinate /standalone either one of them.

2. SSL certificate .. IOS5 and above device

3. Apple Root certificate and MDM certificate

4. Ports : 2195 and 2196  for Notifcation

5. Device communication 80 and 443

former_member226851
Participant
‎10-16-2013 12:04 PM
0 Kudos

Hi,

After I had configured a CA server according to the installation guide, I finally managed to install profile and enroll an iOS device on Afaria! Many thanks!

There is just a one issue left - Devices (Android as well as iOS) have been enrollment successful on Afaria, and configuration policies with camera restrictions have been applied, but now when I try to change those restrictions on Afaria Server nothing changes on the devices.

Best regards,

Tomasz

former_member10452
Employee
Employee
‎10-16-2013 12:06 PM
0 Kudos

Hi Tomasz,

In order to change policies, you need to unpublish and publish them again then only those will be reflected on devices.

Regards,

Abhishek Joshi

former_member226851
Participant
‎10-16-2013 12:42 PM
0 Kudos

Hi,

I tried this on iOS as well as on an Android device and it doesn't work. I unpublished and published a configuration police again, and no changes. On the android device police's changes applied when I opened an Afaria client and reconnect the device. I thought that it should work automatically on the server side.

On my iPad nothing changes, is still has a installed profile with one (camera) restriction.

Best regards,

Tomasz

Former Member
‎10-16-2013 12:42 PM
0 Kudos

Hi,

You can work on  simple way just Follow this step

1.  When you restrict the camera .. we need to tick the camera disabled option and select Yes

refer the screenshot

2. When you want to revert the policy just keep the camera disabled tick and select no

Note : Direct untick of camera disabled option will not revert your policy .

Try this method

former_member226851
Participant
‎10-16-2013 12:53 PM
0 Kudos

Hi,

I have done everything step-by-step and when I change options for camera restriction, as you described, on the android device nothing change - on the device are still old restrictions applied.

Best Regards,

Tomasz

Former Member
‎10-16-2013 12:58 PM
0 Kudos

HI,

I believe you are testing camera restriction policy on IOS device

1. Just check in Setting .. profile .. config payload.. ( Camera restriction payload visible on device).

Please confirm

former_member226851
Participant
‎10-16-2013 1:01 PM
0 Kudos

Hi,

actually I tried to change camera policy on the android device, but on iOS device it is the same story. Confirm, on iOS in General>Profiles>Config Payload>More Details>Restrictions is "Disables camera" option.

Best regards,

Tomasz

Former Member
‎10-16-2013 1:09 PM
0 Kudos

Hi,

Try this for IOS

1. Unpublished and unlink the current restriction policy of camera

2. create a new policy for restriction keep camera and face time enable

3. link the policy to group

4. select the device from console and Apply policy

Just check 2195 and 2196 port telnet to respective url : gateway.push.apple.com :2195 feedback.push.apple.com 2196

former_member226851
Participant
‎10-16-2013 1:24 PM
0 Kudos

Hi,

I did what you asked me to do, but still nothing, How can I check those ports? When I open them in putty a black window appears and it disappears. When I try to open those urls in web browser they don't work. I haven't configured apple push services - could it be a problem?

Best Regards,

Tomasz

Former Member
‎10-16-2013 1:28 PM
0 Kudos

Hi,

To check the ports open .. Start.. Run.. CMD .. type gateway.push.apple.com 2195  , feedback.push.apple.com 2196

If the ports are open you will get blank screen on cmd

for sending notification from server to device for change policy , notification you will required Apns certificate installed and configure on server.

Please follow the installation step for Apple push certificate and make sure to open those port 2195 and 2196 from afaria server.

former_member226851
Participant
‎10-16-2013 1:52 PM
0 Kudos

Hi,

Ok I checked and those ports are opend (a blank screen in cmd appears after typing above commands). APNS is not configured on Afaria, I'll do it.

What about android devices? If they required GCM Server for notifications, changing policies and so on?

Best regards,

Tomasz

Former Member
‎10-16-2013 2:01 PM
0 Kudos

Hi,

Yeah you need to configured GCM for Android notification and need to open port 5228-5230 for sending policy

vobu
Active Contributor
‎10-17-2013 9:16 AM
0 Kudos

what you might also try is in the Afaria Admin Web UI, go to "Devices".

Select the iOS-/Android-devices you want to re-apply your policies to.

Upon selection, a button in the toolbar appears (downward arrow) - clicking it reapplies your policies to the selected devices.

hth, v.

former_member226851
Participant
‎10-17-2013 10:14 AM
0 Kudos

Hi,

So, I have unlock all required ports, installed and configured GCM server and currently I managed to lock an android device from Afaria Admin UI, and even sent a testing notification. Nevertheless, when I try to select the android device and click "Apply Policies" nothing changes on the device - even more, after that I'm not able to send neither notification nor lock command any more. Then I have to remove device and enroll it once again to start it works. Where could be the issue?

Best regards,

Tomasz

Former Member
‎10-17-2013 10:24 AM
0 Kudos

Hi,

The device was already registered before you configured the GCM details.

The already  enrolled Afaria client installed on device don't content the GCM details on the client.

Fresher enrollment will have all the details of CGM on client

Follow this step.

1. Remove the existing device from Afaria console

2. Create new enrollment code and remember to tick the option of GCM  Project id .. Initial enrollment don't contain the GCM project id.that was a reason for GCM was not working. refer the screenshot.

3. Enroll the device again.

4. For IOS remove the config payload clear the server details setting on device for Afaria client .

5. Remove the device details from Afaria server .

6. Re enroll the IOS device while enrolling it will install the MDM payload which will be required for notification.

Try this

former_member226851
Participant
‎10-17-2013 10:32 AM
0 Kudos

Hi,

thank you for response. Sorry, I didn't mention that I configured everything using instructions from this website: http://scn.sap.com/docs/DOC-44871

So, this configuration has been already done by me. This is strange that I am able to send notifications and lock a device, but after I tried to apply police everything stops working.

Best regards,

Tomasz

Former Member
‎10-17-2013 10:38 AM
0 Kudos

Sorry but can be more clear .

All policy stops working.. Please confirm the device model also .. AES , AES2

former_member226851
Participant
‎10-17-2013 10:52 AM
0 Kudos

Hi,

By writing "everything stops working" I meant that I couldn't send any more neither  notifications nor lock device command, after I had clicked "apply policy". Before I clicked "apply policy" button, notifications and lock device command had worked fine.

I'am currently testing the GT-P5100 device with Android 4.1.2. with WiFi security WPA2 PSK.

Best regards,

Tomasz

Former Member
‎10-17-2013 11:41 AM
0 Kudos

Just to understand the GCM id process created from Afaria server or from another server.

Please also confirm in Afaria client on device Setting area can you see the GCM id

former_member226851
Participant
‎10-17-2013 11:52 AM
0 Kudos

I created step-by-step GCM id proccess as decribed here http://scn.sap.com/docs/DOC-44871 . On the device settings a Server GCM Project Id field is filled with correct GCM project ID.

Best Regards,

Tomasz

Former Member
‎10-17-2013 11:59 AM
0 Kudos

Just need to confirm the process for GCM Id creation done from Afaria server or from different server.

Also please confirm the Configuration policy created for Android ... Device communication if you had set the manual parameters removed all the details and keep it blank disbale the SEED DATA option.

Remove the Device from console and re enrolled.

former_member10452
Employee
Employee
‎10-17-2013 12:27 PM
0 Kudos

Hi Tomasz,

This is expected behaviour because you enrolled the device before providing GCM details/configuration on the server hence when Android device enrolled, server didnt capture/shared GCM details with device.

When ever you do changes in GCM/APNS settings, you would need to re-enroll your device.

Regards,

Abhishek Joshi

former_member226851
Participant
‎10-17-2013 12:46 PM
0 Kudos

Many many thanks! After I removed each policy and group, and then I recreated them without selecting SEED DATA a communication with the android device works!:)

Now it is a time for iOS device..;) I'll write results soon.

Best regards,

Tomasz

former_member10452
Employee
Employee
‎09-30-2013 9:51 AM
0 Kudos

Hi Tomasz,

If it worked previously then please try step mentioned below.

Modify the domain policy to either allow NTLM authentication traffic for all or

create exceptions for the necessary machines.

It may be necessary to enable NTLM auditing in your domain policy to see where

the blocks are occurring in order to add the necessary exceptions. This can be

done by enabling the following domain policies:

Regards,

Abhishek Joshi

Show replies
Show replies
Former Member
‎09-28-2013 8:39 AM
0 Kudos

Hi ,

Download the latest hotfix and install for Afaria 7 sp3

Change the Virtual directory name. (Create new virtual directory on IIS).

SSP is not mandatory for enrolling the device.

Show replies
Show replies
prathik
Participant
‎09-27-2013 12:38 PM
0 Kudos

Hi Tomasz,

                 Self service portal is not mandatory for enrolling devices.

For any device (ios,android etc) You need to open the Afaria Admin portal.

- create a enrollment policy relevent to the operating system

- assign it to a group

-  then download the afaria client on your phone

- enter the enrollment code

- your server details will be fetched on the client; in case you have a relay server installed even those details will be fetched .

Anyway, you can refer the SAP Afaria academy EMM videos here for any help where there is detailed explaination for enrolling devices for different OS in Afaria > http://www.youtube.com/playlist?list=PLc6mBxoHzYUYTZhVGGR5yp0bcnofSzKfb

Regards,

Prathik

Show replies
Show replies
Ask a Question