on 09-27-2013 12:09 PM
Hi Everyone,
I've installed Afaria 7 including Self Service Portal, but each time I try to logon on the SSP I get error as attached. Is it fault of Afaria or .NET?
BTW. Is SSP a only way to register device and connect with Afaria? Could anyone describe steps required to connect a device with Afaria?
I'm looking forward for any piece of advice!
Best regards,
Tomasz
Hi Tomasz,
I am exploring SAP AFARIA as a beginner following this link (https://portal.sapmobilesecure.com/free_trial.php) , I have registered on their 30 day trail version.
I have received activation mail for creating cloud account, but I am not receiving a secondary email related to access of the End-User Self-Service Portal with username password; which is important for registering Device with the SAP AFARIA environment.
Please give me your input on this, So that I could explore it properly.
Thanks
Resham Mittal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
thank you all for suggestions. The thing is that I'm starting with Afaria management, and it hasn't work properly yet. Thanks to SAP Mobile Academy - afaria videos I managed to create a enrollment police, then I created an ios group and linked it to this enrollment police. After that I downloaded an afaria client app on my iPad and tried to connect with Afaria using enroll code - but no luck. "Enrollment is incomplete" message occurs each time I try to log in using this code. When I fill fields in afaria settings (IP, PORT, and Virtual Directory - which is aisp) username/password popup appears instead of enrollment code. There are no logs on afaria server about connecting my iPad to it.
Any ideas?
Best regards,
Tomasz
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi ,
At the time of installation for Iphone component ( Provision server) you had not unchecked the option for windows authentication ( Screen of installation for aips aips2 you will see windows authentication option by default checked you had to unchecked ).
1. Reinstall the component and unchecked the Windows Authentication
2. For "Enrollment is incomplete" error you need to installed the relevant patch check the list below.
Afaria 6.6 Feature Pack 1 Hot Fix 125 for Afaria 6.6 2011_05
Afaria 6.6 Feature Pack 1 Hot Fix 123 for Afaria 6.6 2011_06
Afaria 7 Service Pack 1 Hot Fix 32 for Afaria 7 Service Pack 1
Afaria 7 Service Pack 2 Hot Fix 20 for Afaria 7 Service Pack 2
Afaria 7 Service Pack 3 Hot Fix 4 or Hot Fix 6 for Afaria 7 Service Pack 3
3. Than try creating new Dynamic Group , Policy and enrollment code Link the policy to group.
4. Assuming you had configured CA Server and done with the setting in Afaria console .
5. SSL certificate for relay server ( If no relay server than for Afaria server).
6. All the ports are opened properly. ( 80,443, from relay server and 2195 and 2196 from Afaria server).
Hi,
unfortunately nothing has changed. I've already installed those services packs (I've downloaded them from Sap Marketplace). I've also reinstalled this Enrollment Server component, and unchecked windows authorization. No changes, I still get "Enrollment is incomplete" or "Enrollment failed" when I either try to enroll my iPad or an android device.
Should I set settings on client's device such as IP, PORT, Virtual Directory or not? I use TinyURL for enrollment but when I try to check Long URL it also doesn't work.
@Abhishek Joshi
Where can I found this console logs?
Best regards,
Tomasz
For Enrollment failed you need to installed the hot fix available in frontline.sybase.com site .
List fo Hotfix need to installed according to your service pack.
Afaria 6.6 Feature Pack 1 Hot Fix 125 for Afaria 6.6 2011_05
Afaria 6.6 Feature Pack 1 Hot Fix 123 for Afaria 6.6 2011_06
Afaria 7 Service Pack 1 Hot Fix 32 for Afaria 7 Service Pack 1
Afaria 7 Service Pack 2 Hot Fix 20 for Afaria 7 Service Pack 2
Afaria 7 Service Pack 3 Hot Fix 4 or Hot Fix 6 for Afaria 7 Service Pack 3
Enrollment incomplete please go to Enrollment policy click on Enrollment code and click inspect and check if the URL is properly it should start with relay server address.
Cause of Enrollment failed can be multiple reason .
1. Internal ip address set in device communication in afaria console .( Should be relay server).
2. All outbound enabler should be properly connected to relay server
3. Any port blocking restrcition from firewall from relay server to device.
4. On device internet connection restriction if you are testing from internal corporate wifi
5. Wrong address in enrollment code
Note: Please download other relevant hotfix available for your service pack available
Hi Tomasz,
Connect your iPad to either Mac or Windows machine and open console logs. On windows you would need iphone configuration utility to collect console logs.
Once connected and you get information on console logs, please try to enroll you client and collect the logs.
Regards,
Abhishek Joshi
Hi,
I finally managed to create an account on frontline.sybase.com, download all hot fixes and install them. Currently I am able to connect my iPad to Afaria, but I always receive a message that profile is unsigned and it can not be installed on my device. I think that this is due to CA server, which haven't been installed yet.
I was also trying to connect my Android device to Afaria, but the following error occurs:
"You are not assigned to run this policy. Please contact your IT administrator".
btw - this is a bit funny, because I am the IT administrator;)
Best regards,
Tomasz
Hi,
Its ok with unsigned profile still you can enrolled the device no problem with that , its just few setting you need to do for signed profile.. you can still go with unsigned profile and enroll the ios device
please post the error what you are getting while enrolling.
For android you need to follow the step
1. create a group
2. Create a policy
3. Link the group and policy
4. create a enrollment code .. define the group in enrollment code.
5. enroll the device
Please refresh the group many time because the group is not refreshed you get the the error.
Hi Chetan,
many thanks! An android device is working fine now after I created a new group, a new configuration policy, then I linked them together, and created an enrollment policy, which is used for enroll a device.
On my iOS device I get a following message: " A transaction with the server at http://<server>/aips2/aipService.svc/PostData has failed with the status 406".
Could you advice?
Tomasz
Hi,
Is CA server required for iOS devices enrollment? I haven't install it yet, and all settings regarding CA server on Server configuration page are empty. Could that be a reason of the 406 error?
@chetan dalvi - I have removed everything from a device tab, so I think that it is not caused by multiple entries related with a one device. This error still occurs, even thought I have recreated an enrollment code.
Best regards,
Tomasz
Yes, CA Certificate is mandatory for IOS device.
Requirement for IOS device
1. CA server .. Enterprise /Subordinate /standalone either one of them.
2. SSL certificate .. IOS5 and above device
3. Apple Root certificate and MDM certificate
4. Ports : 2195 and 2196 for Notifcation
5. Device communication 80 and 443
Hi,
After I had configured a CA server according to the installation guide, I finally managed to install profile and enroll an iOS device on Afaria! Many thanks!
There is just a one issue left - Devices (Android as well as iOS) have been enrollment successful on Afaria, and configuration policies with camera restrictions have been applied, but now when I try to change those restrictions on Afaria Server nothing changes on the devices.
Best regards,
Tomasz
Hi,
I tried this on iOS as well as on an Android device and it doesn't work. I unpublished and published a configuration police again, and no changes. On the android device police's changes applied when I opened an Afaria client and reconnect the device. I thought that it should work automatically on the server side.
On my iPad nothing changes, is still has a installed profile with one (camera) restriction.
Best regards,
Tomasz
Hi,
You can work on simple way just Follow this step
1. When you restrict the camera .. we need to tick the camera disabled option and select Yes
refer the screenshot
2. When you want to revert the policy just keep the camera disabled tick and select no
Note : Direct untick of camera disabled option will not revert your policy .
Try this method
Hi,
Try this for IOS
1. Unpublished and unlink the current restriction policy of camera
2. create a new policy for restriction keep camera and face time enable
3. link the policy to group
4. select the device from console and Apply policy
Just check 2195 and 2196 port telnet to respective url : gateway.push.apple.com :2195 feedback.push.apple.com 2196
Hi,
I did what you asked me to do, but still nothing, How can I check those ports? When I open them in putty a black window appears and it disappears. When I try to open those urls in web browser they don't work. I haven't configured apple push services - could it be a problem?
Best Regards,
Tomasz
Hi,
To check the ports open .. Start.. Run.. CMD .. type gateway.push.apple.com 2195 , feedback.push.apple.com 2196
If the ports are open you will get blank screen on cmd
for sending notification from server to device for change policy , notification you will required Apns certificate installed and configure on server.
Please follow the installation step for Apple push certificate and make sure to open those port 2195 and 2196 from afaria server.
Hi,
So, I have unlock all required ports, installed and configured GCM server and currently I managed to lock an android device from Afaria Admin UI, and even sent a testing notification. Nevertheless, when I try to select the android device and click "Apply Policies" nothing changes on the device - even more, after that I'm not able to send neither notification nor lock command any more. Then I have to remove device and enroll it once again to start it works. Where could be the issue?
Best regards,
Tomasz
Hi,
The device was already registered before you configured the GCM details.
The already enrolled Afaria client installed on device don't content the GCM details on the client.
Fresher enrollment will have all the details of CGM on client
Follow this step.
1. Remove the existing device from Afaria console
2. Create new enrollment code and remember to tick the option of GCM Project id .. Initial enrollment don't contain the GCM project id.that was a reason for GCM was not working. refer the screenshot.
3. Enroll the device again.
4. For IOS remove the config payload clear the server details setting on device for Afaria client .
5. Remove the device details from Afaria server .
6. Re enroll the IOS device while enrolling it will install the MDM payload which will be required for notification.
Try this
Hi,
thank you for response. Sorry, I didn't mention that I configured everything using instructions from this website: http://scn.sap.com/docs/DOC-44871
So, this configuration has been already done by me. This is strange that I am able to send notifications and lock a device, but after I tried to apply police everything stops working.
Best regards,
Tomasz
Hi,
By writing "everything stops working" I meant that I couldn't send any more neither notifications nor lock device command, after I had clicked "apply policy". Before I clicked "apply policy" button, notifications and lock device command had worked fine.
I'am currently testing the GT-P5100 device with Android 4.1.2. with WiFi security WPA2 PSK.
Best regards,
Tomasz
I created step-by-step GCM id proccess as decribed here http://scn.sap.com/docs/DOC-44871 . On the device settings a Server GCM Project Id field is filled with correct GCM project ID.
Best Regards,
Tomasz
Just need to confirm the process for GCM Id creation done from Afaria server or from different server.
Also please confirm the Configuration policy created for Android ... Device communication if you had set the manual parameters removed all the details and keep it blank disbale the SEED DATA option.
Remove the Device from console and re enrolled.
Hi Tomasz,
This is expected behaviour because you enrolled the device before providing GCM details/configuration on the server hence when Android device enrolled, server didnt capture/shared GCM details with device.
When ever you do changes in GCM/APNS settings, you would need to re-enroll your device.
Regards,
Abhishek Joshi
Hi Tomasz,
If it worked previously then please try step mentioned below.
Modify the domain policy to either allow NTLM authentication traffic for all or
create exceptions for the necessary machines.
It may be necessary to enable NTLM auditing in your domain policy to see where
the blocks are occurring in order to add the necessary exceptions. This can be
done by enabling the following domain policies:
Regards,
Abhishek Joshi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi ,
Download the latest hotfix and install for Afaria 7 sp3
Change the Virtual directory name. (Create new virtual directory on IIS).
SSP is not mandatory for enrolling the device.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tomasz,
Self service portal is not mandatory for enrolling devices.
For any device (ios,android etc) You need to open the Afaria Admin portal.
- create a enrollment policy relevent to the operating system
- assign it to a group
- then download the afaria client on your phone
- enter the enrollment code
- your server details will be fetched on the client; in case you have a relay server installed even those details will be fetched .
Anyway, you can refer the SAP Afaria academy EMM videos here for any help where there is detailed explaination for enrolling devices for different OS in Afaria > http://www.youtube.com/playlist?list=PLc6mBxoHzYUYTZhVGGR5yp0bcnofSzKfb
Regards,
Prathik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.