Solved: Enroll Android device to Afaria Server 7 SP3 faile...

Hi everyone!

I am facing some problem when enroll device( Android, iOS) to Afaria server. I have done followwing youtube Link

For Enroll iOS : Afaria 201: Provisioning iOS Devices - YouTube

For Enroll Android : Afaria 202: Provisioning Android Devices - YouTube

But when enter Enrollment code then click sumit, I got message : Enrollment failed

Can someone help me for this problem?

Thanks.

SAP Managed Tags:
Mobile

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (1)

HI,

Provide more information of the server setup and ( Device type ).

Enrollment failed can be due to many reason.

1. Install the hotfix 4, 6, 7 for afariasp3 : ( Any reason for not installing afaria sp4)

2. Internet Connectivity issue on device would be another reason. Make sure the enrollment url should be open from device .

3. Ports and firewall rule ( if the communication ports are been blocked).

4. Re check the device communication setting in afaria console

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Chetan!

Thank for your helping.

I am new member for Afaria management.

Can you let me know what is more information of server setup?

Bellow is some information of server setup

1.Erollment Server

2. Package Server

3. Device communication

can you let me know link download of hotfix 4,6,7? and guide. Thanks.

Hi,

For Hotfix download http://frontline.sybase.com .

Ok What i understood from the screenshot , You are not using relayserver .

The configuration setting okie.

1. You need SSL certificate and Microsoft CA server for IOS device enrollment.

2. SSL certificate and Microsoft CA server is Mandatory for IOS 5 and above.

3. In Device communication Address for communication is https://sp2k10:443

3. Need to open the port from Afaria server to public server 3008 and 3007 if you are using xnet and xnets or you can just open the port 443 for https.

4.Port 2195 and 2196 port open from afaria server to (gateway.push.apple.com and feedback.push.apple.com) for outbound notification.

5. Port 5228-5230 from afaria server to public ip for GCM notification for android.

6. Required Apple certificate for IOS device for outbound notification.

Hope you had completed this step

Hi!

Thanks for your reply.

I don't understand how to SSL certificate and Microsoft CA server for IOS device enrollment and how to open the port from Afaria server to public server 3008 and 3007 and Required Apple certificate for IOS device for outbound notification. Can you explain clearly?

Thanks.

Hi!

I don't register to http://frontline.sybase.com so I don't download this hotfix. Can you help to me download this hotfix please.

The steps to get registered in http://frontline.sybase.com is mentioned in this thread.

Hope that helps.

- Midhun VP

Hi Midhun!

I have done following your guide. but i am facing some problem.

1. I can't see Report a product error of component: MOB-AFA

2. I only see Report a product error of component Services&Support but when select it, will show one message required login to Authentication required. I don't known what to use user and pass? can you let me know clearly. Thanks.

Hi,

You need to register the system first than you can see the option for MOB-AFA

More details you can refer the below discussion link.

MOB-AFA module will be available while you raise a ticket. The username and password you can get it from the Admin who manages the SAP products. SAP Basis team would have this credentials too. Login to SAP market place using this credentials you can find a tab called "report a product error", where you need to select the Afaria server you have and create a message. This process will be very familiar with the basis team in your company. Reach out to them.

- Midhun VP

Hi chetan!

- When I change Device communication Address for communication from xnets://SP2K10:3008 to xnets://SP2K10:443, it show 1 message with content : No SSL certificate is associated with this server. SSL and HTTPS cannot be enabled. I don't know why, can you explain to help me please?

- How Port 2195 and 2196 port open from afaria server to (gateway.push.apple.com and feedback.push.apple.com) for outbound notification?

follow my idea Create inbount port on window firewall?

- How Required Apple certificate for IOS device for outbound notification?

Can you explain clearly please? thanks

HI,

Please check the device communication :

1. xnet: 3007

xnets: 3008

keep : http and https option unchecked.

and in Device address communication:

Define : https://serveradddress:443

2. Port 2195 and 2196 open firewall inbound for IP 17.0.0.0/8

For more details : KB6815 in frontline.sybase.com

3. You will required SSL certificate which need to be install on relayserver and if you are not using relayserver than on afaria server.

4. Required Microsoft CA server ( Enterprise server or Standalone or subordinate server) any one of them.

5. Need to create apple certificate for more detail how to create please refer the KB7779 in frontline.sybase.com.

Hi Chitan!

I untill cannot enroll adroid device to Afaria server. Bellow is some information of server, can you check to help me please.

1. Device communication

2 Access controller server

3. Relay server

4 Enrollment server

Hi,

You are not using relay server and connecting direct communication to the server .

Please find the below changes need to do .

For 443 Port

1. Screenshot 1

Change the xnets://sp2k10:443 to https://sp2k10:443

if you want to use xnets communication you need to define xnets://sp2k10:3008

2. Screenshot 2

unchecked the use relay server option

3. Screenshot 3

Unchecked the start outbound enabler with the afaria service

4. Screenshot 4

Enrollment Server

Setting OK

Once completed the changes restart the afaria server services.

For 443 SSL certificate need to be there on afaria server.

Port 3008, 443 , 5228 should be open from the server for external public

Regards

Chetan

Hi!

I don't understand how For 443 SSL certificate need to be there on afaria server and Port 3008, 443 , 5228 should be open from the server for external public. Can you explain clearly please?

Hi,

For communicating 443 port you will required SSL certificate .

In case you are just using android device you can go with port 80 also which don't required SSL certificate.

in that case the changes you need to work on port 80 /http below changes need to do :

Screenshot 1.

xnet:3007

xnets , http , https option unchecked

in device address communication you can define http://sp2k10:80 or xnet://sp2k10:3007

Screenshot 2 and 3 setting will be the same which i had mention above.

screenshot 4

enrollment server setting

unchecked https enrollment server connection.

Ports details:

Xnets:3008 ( if you are using xnets port to communicate with device you need to open this port directly from server)

https:443 ( if you are using https port to communicate with device you need to open this port directly from server)

Note : You can use any of the one protocol xnets or https for communication , hence you need to open either 3008 or 443 port whichever protocol you are using.

Port 5228-5230 : for GCM sending notification on device from server you will required this port to open

Hi!

Thanks for your reply.

I will try follow your guide. If have any question, I hope your support. Thanks.

Hi! I am so sad!

I still enroll android device to Afaria server. I don't know why .

I changed from 443 to port 80 but when enroll still get message : Enrollment failded

Help me!

Hi,

Enrolled failed :

1. Please provide me the screenshot of Enrollment page along with ( General and Summary)

2. Try open the direct url from the device .. You can find the url from the enrollment code (click on INSPECT).

3. Device communication page screenshot.

Hi!

Below is Screenshot of

1. Enrollment page

3. Device communication page

2 Long url is

https://10.86.108.55/aips/aipService.svc/GetEnrollmentSeedData?ID={7aa8ae1d-4a6c-4610-b08f-986d56200...

don't direct url from device, it show message

I change 10.86.108.55 by sp2k10.fishcm.com.vn but still get same error.

Hi ,

The problem is with the enrollment code the url which you posted started with https://10.86.108.55/aips.

And as discussed you are using the port 80 that is http

you need to check the setting.

Device communication xnet://sp2k10:3007 << you had mention xnet protocol here instead of http://sp2k10:80

Also make sure to unchecked https option in enrollment setting of afaria.

While creating enrollment code make sure in general you mention the http://sp2k10:80

Hi!

Long Url was generated when i create policy enrollment, don't manual. How While creating enrollment code make sure in general you mention the http://sp2k10:80?

Hi,

You need to make sure 3 setting for the your query.

1. Device address communication will be : http://sp2k10:80

2. Enrollment setting in afaria setting area : unchecked https

3. when you create enrollment code make sure in general you need to specify the communication address http://sp2k10:80

Hi!

http://10.86.108.55/aips/aipService.svc.....

I don't know how to make sure in general you need to specify the communication address. Explain clearly please.

When create enrollment code using tiny url will generate Long url with format

Enrollment code: while creating enrollment code keep this address and check the GCM project id option

Device Communication Address : Xnet:3007 and unchecked xnets , http , https

Enrollment setting uncheck for https

Uncheck access

Hi!

Thanks. I am ill so i don't reply for you. I will try following your guide

Answers (0)

Ask a Question

Top Q&A Solution Author

User

Count

Enroll Android device to Afaria Server 7 SP3 failed

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Re: SQL query is not written completely in framewo...

SQL query is not written completely in framework.t...

Copy from the property of one dimension to the mem...

Set SAC standard Filter (Filter Panel) to display ...

Re: CAP odata-v2-adapter: batch request is not sup...