on 01-09-2014 10:26 AM
Hello Folks,
We have Afaria 7 SP4 in our landscape. We are able to enroll iOS devices via Relay Server using Self Signed SSL approach. But, we want the devices to connect Load Balancer and Load Balancer would be the first point of contact to the devices.
However, when we enable Load Balancer and try to connect iOS device via Load Balancer, it won't work.The Android devices work perfectly fine with Load Balancer.
As the approach works with Relay Server, the issue exists with the integration between Relay Server and Load Balancer. We ensured to create Self Signed Certificate from the load balancer and signed by the CA. In addition, we also deployed this certificate during enrollment server installation.
Relay Server IP: 185.7.39.75
Load Balancer IP: 185.7.39.213
The error we see in iPCU logs is as follows:
(Error) MC: Connection to https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... failed with error: NSError:
Desc : The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.
US Desc: The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.
Domain : MCHTTPTransactionErrorDomain
Code : 23002
Type : MCFatalError
Params : (
)
Desc : The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.
US Desc: The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.
Domain : MCHTTPTransactionErrorDomain
Code : 23002
Type : MCFatalError
Params : (
)
Desc : The payload mdm-c1d0a1d7889176c25653f3c268a0f8c8b2947056 could not be installed.
Sugg : The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.
US Desc: The payload mdm-c1d0a1d7889176c25653f3c268a0f8c8b2947056 could not be installed.
US Sugg: The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.
Domain : MCInstallationErrorDomain
Code : 4001
Type : MCFatalError
Params : (
"mdm-c1d0a1d7889176c25653f3c268a0f8c8b2947056"
)
...Underlying error:
NSError:
Desc : The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.
US Desc: The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.
Domain : MCHTTPTransactionErrorDomain
Code : 23002
Type : MCFatalError
Params : (
)
NSError:
Desc : The profile Config Payload could not be installed.
Sugg : The payload mdm-c1d0a1d7889176c25653f3c268a0f8c8b2947056 could not be installed.
US Desc: The profile Config Payload could not be installed.
US Sugg: The payload mdm-c1d0a1d7889176c25653f3c268a0f8c8b2947056 could not be installed.
Domain : MCProfileErrorDomain
Code : 1009
Type : MCFatalError
Params : (
"Config Payload"
)
We would be glad if anyone can help us with this issue.
Thank you!
Hi,
Please clarify.
SSL Certificate on load balancer is Self signed certificate or Third party Certificate?.
Point to check .
1. When you create a certificate from Load balancer did you add that certificate in IPHONEserver.?
if not than
1. Install the certificate created from load balancer on Afaria server Certificate Authority personal.
2. Run the IPhone server setup file again
3. At the time of process of installation of iphone server you need to select the certificate for 443 port.
4. Complete the process of installation.
5. Create new enrollment code and test
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Here is the web url of the load balancer:
I will send you the enrollment code url shortly.
This is the enrollment code url that is generated.
This is the MDM enrollment.
Hi,
With the error do you want to continue this problem occur many times thats the reason its always suggest to go with third party ssl certificate.
Anyways what i can see with the Enrollment url it started with IP address and not with the DNS?
the common name of SSL certificate is ip address or FQDN?.
Also the enrollment url is http not https?
User | Count |
---|---|
79 | |
9 | |
9 | |
7 | |
7 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.