cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enrollment Error - Failed to acquire key: No data received from server: 204

Go to solution
Former Member

on ‎01-08-2014 9:31 AM

0 Kudos

Hello Gurus,

We have setup Afaria 7 SP3 and performed basic configuration required for device enrollment.

We are encountering below error while doing Android device enrollment

- Failed to acquire key: No Data received from server: 204

Corresponding to above error, there is an error in IIS log entry with 204 HTTP error

yyyy-mm-dd hh:mm:ss xx.xxx.x.xx POST /aips/aipService.svc/package/cert/generateKey 2 - 80 - xx.xx.xxx.x Afaria+Android+Client 204 0 0 140

Any pointers for this issue resolution will be helpful.

Thanks,

Mayank

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-17-2014 3:51 AM
0 Kudos

Hello Guys,

Thanks for your responses.

The issue was with windows local security policy for encryption. This policy was restricting AIPS service to generate the key. Disable the policy and enrollment works.

Regards,

Mayank

Show replies
Show replies
Former Member
‎03-19-2014 9:41 AM
0 Kudos

Hi Mayank

We are experiencing a similar issue after security updates ran on the server our Enrollment code is not working. Can you explain which policies you had to change?

Regards

Vivek_Das
Explorer
‎04-29-2014 3:47 PM
0 Kudos

Hi Mayank,

We are also facing the issue. Can you be more specific on the resolution please?

What are the windows local security policy for encryption?? How to disable them??

Regards

Vivek Das

andreas_kuhn
Advisor
Advisor
‎05-14-2014 3:22 PM
0 Kudos

Hi Mayank,

about which exact local policy do you talk ? Could you be a bit more specific please?

Thanks a lot.

Andreas

Answers (3)

Answers (3)

Former Member
‎05-15-2014 7:17 AM
0 Kudos

Hi,

We are getting the same error in one of the Android device rest all are working fine.

We tried enrolling the device in two different Afaria servers, even then the error persists. We are getting multiple entries of the device when we try to enrol the device.

Please find error screenshot.

We suspect error in client.

Any help is appreciated.

Show replies
Show replies
Former Member
‎05-16-2014 11:58 AM
0 Kudos

Hi,

In the device user has installed an AppLock application. When we try to disable the device administrator rights for Afaria client it prompts for password.

When we re-enroll we get multiple entries of the device in unapproved state.

Former Member
‎05-15-2014 2:50 AM
0 Kudos

Hello All,

Please disable below OS level security policy on the server. You will encounter this error then.

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

Regards,

Mayank

Show replies
Show replies
Former Member
‎01-08-2014 9:55 AM
0 Kudos

Hi,

Any reason for not installing Afaria 7 SP4 version.

With Afaria 7SP3 you need to install all the relevant Hotfix available in frontline.sybase.com.

For your error.

Please provide more details on design ? do you have relay server or without relay server.

What process you followed after completing the Afaria 7 setup.

Please check the following

1 . All ports are open between device and server.

2. GCM configuration done and port open for GCM

3. Device communication setting properly configured in afaria console setting area.

4. Enrollment and package server setting properly configured in afaria console setting area.

5. Groups and policy properly created and linked.

6. while creating enrollment code the Enrollment url is correct ( you can check by doing INSPECT).

Show replies
Show replies
Former Member
‎01-08-2014 10:09 AM
0 Kudos

Hello Chetan,

Thanks for your response.

Same issue occurs in SP4 version as well. We have re-installed Afaria to SP3 version as of now.

More details on the setup:

No relay server configure at the moment.

MS SQL Database is installed on different server.

Afaria, API, Admin, Enrollment & PS are installed on same host. Afaria Port is configured to 81 and rest of the configuration mentioned in points 1 to 6 are validated & verified.

- All ports are checked & opened

- GCM configuration is in place

- device communication is configured to host:81 and seed data can be seen in android client during enrollment request

- Enrollment & Package server hosts are configured in respective configuration page

- Group, Session & Enrollment policy is created

- Enrollment code is validated, TinyURL is configured for enrollment code generation and is properly resolved at android device

Below is the SESSION.LOG from android client

- Connecting to HTTP://host.sap.local:81

- Connected to host.sap.loca:81

- Failed to acquire key: No Data received from server: 204

- The Server refused to accept a connection from this client due to security restrictions.

- Failed at dd/mm/yyyy hh:mm PM

Please let me know if you need any further information

Thanks,

Mayank

Former Member
‎01-08-2014 10:23 AM
0 Kudos

Hi,

Upgrade of Afaria 7 SP4 is from Afaria7 sp3 or Afaria 7 sp2.

For Afaria7SP3 you need to install all the hotfix patch , i will recommended you to upgrade to afaria7 sp4 from afaria sp3

I will suggest you to install afaria 7 sp3 with all the component and than install Afaria 7 sp4.

Please check the url : http://localhost/aips2/aipService.svc/help

It should indicate the XML .

For Testing purpose you can test with the following setting:

1 . In Device communication unchecked all the protocol and select XNET : 3007 .

2. Device communication path will be xnet://ipaddress:3007

3. in enrollment server unchecked HTTPS : and mention the Ip address instead of hostname

4. for portal package unchecked https

5. Create new enrollment code and make sure in general area of enrollment code the communication should be xnet://ip:3007.

6 . Make sure the group and policy are linked.

7. If Session manager create unpublished the policy of session manager.

8. INSPECT the url of enrollment code it should start from xnet://ip:3007/

9. Connect the device to corporate WIFI connection which have access to your afaria server ip address.

Test the above process

Former Member
‎01-15-2014 3:18 AM
0 Kudos

Hello Chetan

For enrolment process, is GCM needed ? If GCM is not configured or not working properly, will enrolment process still work?

Regards

Nazri

Former Member
‎01-15-2014 6:35 AM
0 Kudos

GCM is required to send the notification on device , however it is required part of enrollment process .

Former Member
‎01-15-2014 9:10 AM
0 Kudos

Which part of the enrolment process makes use of GCM ?

D_Olderdissen
Advisor
Advisor
‎02-07-2014 10:27 AM
0 Kudos

As you are working without the relay server, but most of our documents and guides include the RS in their architecture, I would recommend to revisit your setup.

Make sure your ports in the configuration and settings are correct. With the RS, all incoming traffic is directed onto the RS with one single port. That is no longer true is you work without the RS. So this will have significant impact how you configure everything.

  • Afaria client traffic is going against the Afaria server (port 81, host.sap.local)
  • Portal Package and iOS provisioning server are listening on the IIS port. As you set the Afaria server to port 81, I would guess IIS is on port 80. Make sure your Afaria configuration of those modules really is pointing to this port. And the Android will also connect to the iOS enrolment server and the portal package server 🙂
  • The Afaria Client-Server communication naturally needs to be set HTTP, port 81 if your client is using the Afaria Server URL: HTTP://host.sap.local:81.
    • In Chetan post, he suggests to set the Afaria client communication to the defaults, XNET Port 3007. That is worth a try and you set the Afaria Server ports in the same menu. Before you do that, I would make sure you configuration has enabled HTTP on port 81.

Under the line, it will help if you write down all the Afaria components, and their ports they are listing on. Then write down all the settings you have in the Afaria config that touch ports and URLs. This will help you to map out the networking part and will make issues much more transparent.

Ask a Question