cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Afaria SP4 Enrollment problem

Go to solution
Former Member

on ‎12-06-2013 11:17 AM

0 Kudos

Hi,

im using Afaria single server setup with relay server in dmz. Only port 443 is open from afaria srv to relay, adn from relay to internet. On relay srv i have go daddy cert, same cert is imported in afaria server personal store. Communication from afaria to relay is going over https, port 443, and for that communication i am using self signed cert.

Im reciveing following error when im enrolling Android or IOS devices:

1. Enrollment fail on andorid device

2. Invalid Enrolmet code on IOS device

Device are passing relay server and in iis log on Afaria server i have same error for both devices.:

::1 GET /aips/aipService.svc/GetEnrollmentSeedData ID=%7Ba34befa3-3e7a-4a55-a7c6-a233ac719e21%7D&ClientType=-10 443 - ::1 Afaria+Android+Client 500 0 64 9

::1 GET /aips/aipService.svc/GetEnrollmentSeedData ID=%7Be0cd57e4-d414-4770-bc7e-36980a13ff55%7D&ClientType=-8 443 - ::1 Afaria+iPhone+Client 500 0 64 8

Same moment the following error is showing in windows event log :

Log Name:      System

Source:        Schannel

Date:          12/6/2013 11:40:34 AM

Event ID:      36888

Task Category: None

Level:         Error

Keywords:     

User:          SYSTEM

Computer:      SrvMdMAfaria.mydomain.com

Description:

The following fatal alert was generated: 20. The internal error state is 960.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />

    <EventID>36888</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8000000000000000</Keywords>

    <TimeCreated SystemTime="2013-12-06T10:40:34.520082100Z" />

    <EventRecordID>8956</EventRecordID>

    <Correlation />

    <Execution ProcessID="528" ThreadID="572" />

    <Channel>System</Channel>

    <Computer>SrvMdMAfaria.mydomain.com</Computer>

    <Security UserID="S-1-5-18" />

  </System>

  <EventData>

    <Data Name="AlertDesc">20</Data>

    <Data Name="ErrorState">960</Data>

  </EventData>

</Event>

In Browser on Afaria server if i go to https://127.0.0.1/ /aips/aipService.svc/GetEnrollmentSeedData ID=%7Be0cd57e4-d414-4770-bc7e-36980a13ff55%7D&ClientType=-8

i receive following error (picture):

Any advice?

Thanks,

Vuk

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-06-2013 1:40 PM
0 Kudos

Hi,

Can you provide more details .

Please try below step

1.For Afaria 7 sp4 you need to install vcredist_x64 and vcredist_x86 Microsoft visual c++ 2012 redistrubute and .NEt 4.5 . you can get the setup file in the afaria setup folder (Redistributables).

2. Please mention the https = 1  and certificate parameter in outbound enabler

3. Also allow the define the https port in rs.config of relay server.

Please try and revert back .

Show replies
Show replies
Former Member
‎12-06-2013 2:47 PM
0 Kudos

Hi,

1. I install vcredisrx64 and vcredist_x86, and .net 4.5, i could not  install sp4 with out it.

2. U can check my rsoe config is attached

3. rs config is attached to

I input cert in rsoe_aips.config, and am geting same error. when enrolling device.

Check rsoe_aips_log.txt and look for ffffffffffffffffff. Its short log from like 1 min connection, i get ffff on in rsoe_log to

Thanks in advance

Vuk

rs.txt.zip
aips_rsoe_log.txt.zip
rsoe.txt.zip
Former Member
‎12-06-2013 4:09 PM
0 Kudos

Hi,

Can you provide the rs logs and outbound enabler logs for rsoe and aips_rsoe

Answers (1)

Answers (1)

Former Member
‎12-06-2013 1:38 PM
0 Kudos

your test url should be:

https://127.0.0.1/aips/aipService.svc/GetEnrollmentSeedData?ID=%7Be0cd57e4-d414-4770-bc7e-36980a13ff...

notice the missing space between ip-address and "aips" and also the ? between SeedData and ID...

You can get more help in solving the SChannel error 36888 here:

https://www.google.com/search?q=schannel+error+36888&rlz=1C1CHKZ_enDK437DK437&oq=schannel+error+3688...

Show replies
Show replies
Former Member
‎12-06-2013 6:54 PM
0 Kudos

Link i made from iis log, so space culd be my mistake. i will check it, and will replay back. But still stay error in iis 500 0 64, and schanel error in same time

Ask a Question