cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Afaria 7 SP03: profile installation error iOS enrollment.

Go to solution
razarizvi
Explorer

on ‎01-28-2014 3:13 AM

0 Kudos

Hi All -

We have an Afaria 7.0 server with SP03 & 7SP3AfariaFx06_Server & 7SP3AfariaFx19_EUSSP for EUSSP. The Afaria server host also has the CA, Enrollment Server, PS installed on it.

We have confirmed that our iOS devices could get enrolled when on VPN. We have also been able to apply application and configuration policies on those registered devices.

However, when we are connecting via the Relay server 12.0 in the DMZ the profile installation abruptly fails on the final step. The iOS device (6.0) is shown in the devices list on the afaria server but the device does not get the profiles installed.

iOS 6.0 DEVICE (INTERNET) -------> RELAY SERVER (DMZ) -------------------> AFARIA HOST (DB, CA, ES, PS)

The RSOE's are running fine from the Afaria server (registered as a Win service).

I am attaching the RSOE logs, DebugView Log, CA IIS Logs, Relay IIS Logs. - Any hints would be greatly appreciated!

Kind Regards,

Raza.

RSOE ES Log is basically as follows;

I. 2014-01-27 21:19:29. <DnChannel-0000> TripLeft: 2097022018

I. 2014-01-27 21:19:39. <OEHost> starting garbage collection..

I. 2014-01-27 21:19:39. <Backend-0000> Performing session GC for oeIdx: 0

I. 2014-01-27 21:19:39. <Backend-0000> [0] DoSessionGC: Session[0] is in recycle bin

I. 2014-01-27 21:19:39. <Backend-0000> [0] DoSessionGC: Session[1] is in recycle bin

I. 2014-01-27 21:19:39. <Backend-0000> [0] DoSessionGC: Session[2] is in recycle bin

I. 2014-01-27 21:19:39. <Backend-0000> Done session GC for oeIdx: 0

I. 2014-01-27 21:19:45. <UpChannel-0000> PacketRead packet-len: 2

I. 2014-01-27 21:19:45. <UpChannel-0000> PacketRead packet-opcode: 0xf009

I. 2014-01-27 21:19:45. <UpChannel-0000> packet read..

I. 2014-01-27 21:19:45. <UpChannel-0000> successful packet read.. processing it..

I. 2014-01-27 21:19:45. <UpChannel-0000> packet:

I. 2014-01-27 21:19:45. <UpChannel-0000> 0000: 02 00 09 F0                                      ....           

I. 2014-01-27 21:19:45. <UpChannel-0000> RS_UPCHANNEL_NOOP()

I. 2014-01-27 21:20:00. <Main-0000> Liveness is due..

I. 2014-01-27 21:20:00. <DnChannel-0000> TripLeft: 2097022014

I. 2014-01-27 21:20:15. <UpChannel-0000> PacketRead packet-len: 2

I. 2014-01-27 21:20:15. <UpChannel-0000> PacketRead packet-opcode: 0xf009

I. 2014-01-27 21:20:15. <UpChannel-0000> packet read..

I. 2014-01-27 21:20:15. <UpChannel-0000> successful packet read.. processing it..

I. 2014-01-27 21:20:15. <UpChannel-0000> packet:

I. 2014-01-27 21:20:15. <UpChannel-0000> 0000: 02 00 09 F0                                      ....           

I. 2014-01-27 21:20:15. <UpChannel-0000> RS_UPCHANNEL_NOOP()

I. 2014-01-27 21:20:31. <Main-0000> Liveness is due..

I. 2014-01-27 21:20:31. <DnChannel-0000> TripLeft: 2097022010

I. 2014-01-27 21:20:39. <OEHost> starting garbage collection..

I. 2014-01-27 21:20:39. <Backend-0000> Performing session GC for oeIdx: 0

I. 2014-01-27 21:20:39. <Backend-0000> [0] DoSessionGC: Session[0] is in recycle bin

I. 2014-01-27 21:20:39. <Backend-0000> [0] DoSessionGC: Session[1] is in recycle bin

I. 2014-01-27 21:20:39. <Backend-0000> [0] DoSessionGC: Session[2] is in recycle bin

I. 2014-01-27 21:20:39. <Backend-0000> Done session GC for oeIdx: 0

I. 2014-01-27 21:20:45. <UpChannel-0000> PacketRead packet-len: 2

I. 2014-01-27 21:20:45. <UpChannel-0000> PacketRead packet-opcode: 0xf009

I. 2014-01-27 21:20:45. <UpChannel-0000> packet read..

I. 2014-01-27 21:20:45. <UpChannel-0000> successful packet read.. processing it..

I. 2014-01-27 21:20:45. <UpChannel-0000> packet:

I. 2014-01-27 21:20:45. <UpChannel-0000> 0000: 02 00 09 F0                                      ....           

I. 2014-01-27 21:20:45. <UpChannel-0000> RS_UPCHANNEL_NOOP()

I. 2014-01-27 21:21:02. <Main-0000> Liveness is due..

I. 2014-01-27 21:21:02. <DnChannel-0000> TripLeft: 2097022006

I. 2014-01-27 21:21:15. <UpChannel-0000> PacketRead packet-len: 2

I. 2014-01-27 21:21:15. <UpChannel-0000> PacketRead packet-opcode: 0xf009

I. 2014-01-27 21:21:15. <UpChannel-0000> packet read..

I. 2014-01-27 21:21:15. <UpChannel-0000> successful packet read.. processing it..

I. 2014-01-27 21:21:15. <UpChannel-0000> packet:

I. 2014-01-27 21:21:15. <UpChannel-0000> 0000: 02 00 09 F0                                      ....           

I. 2014-01-27 21:21:15. <UpChannel-0000> RS_UPCHANNEL_NOOP()

I. 2014-01-27 21:21:33. <Main-0000> Liveness is due..

I. 2014-01-27 21:21:33. <DnChannel-0000> TripLeft: 2097022002

I. 2014-01-27 21:21:39. <OEHost> starting garbage collection..

I. 2014-01-27 21:21:39. <Backend-0000> Performing session GC for oeIdx: 0

I. 2014-01-27 21:21:39. <Backend-0000> [0] DoSessionGC: Session[0] is in recycle bin

I. 2014-01-27 21:21:39. <Backend-0000> [0] DoSessionGC: Session[1] is in recycle bin

I. 2014-01-27 21:21:39. <Backend-0000> [0] DoSessionGC: Session[2] is in recycle bin

I. 2014-01-27 21:21:39. <Backend-0000> Done session GC for oeIdx: 0

I. 2014-01-27 21:21:45. <UpChannel-0000> PacketRead packet-len: 2

I. 2014-01-27 21:21:45. <UpChannel-0000> PacketRead packet-opcode: 0xf009

I. 2014-01-27 21:21:45. <UpChannel-0000> packet read..

I. 2014-01-27 21:21:45. <UpChannel-0000> successful packet read.. processing it..

I. 2014-01-27 21:21:45. <UpChannel-0000> packet:

I. 2014-01-27 21:21:45. <UpChannel-0000> 0000: 02 00 09 F0                                      ....           

I. 2014-01-27 21:21:45. <UpChannel-0000> RS_UPCHANNEL_NOOP()

I. 2014-01-27 21:22:04. <Main-0000> Liveness is due..

I. 2014-01-27 21:22:04. <DnChannel-0000> TripLeft: 2097021998

I. 2014-01-27 21:22:15. <UpChannel-0000> PacketRead packet-len: 2

I. 2014-01-27 21:22:15. <UpChannel-0000> PacketRead packet-opcode: 0xf009

I. 2014-01-27 21:22:15. <UpChannel-0000> packet read..

I. 2014-01-27 21:22:15. <UpChannel-0000> successful packet read.. processing it..

I. 2014-01-27 21:22:15. <UpChannel-0000> packet:

I. 2014-01-27 21:22:15. <UpChannel-0000> 0000: 02 00 09 F0                                      ....           

I. 2014-01-27 21:22:15. <UpChannel-0000> RS_UPCHANNEL_NOOP()

I. 2014-01-27 21:22:35. <Main-0000> Liveness is due..

I. 2014-01-27 21:22:35. <DnChannel-0000> TripLeft: 2097021994

I. 2014-01-27 21:22:39. <OEHost> starting garbage collection..

I. 2014-01-27 21:22:39. <Backend-0000> Performing session GC for oeIdx: 0

I. 2014-01-27 21:22:39. <Backend-0000> [0] DoSessionGC: Session[0] is in recycle bin

I. 2014-01-27 21:22:39. <Backend-0000> [0] DoSessionGC: Session[1] is in recycle bin

I. 2014-01-27 21:22:39. <Backend-0000> [0] DoSessionGC: Session[2] is in recycle bin

I. 2014-01-27 21:22:39. <Backend-0000> Done session GC for oeIdx: 0

I. 2014-01-27 21:22:45. <UpChannel-0000> PacketRead packet-len: 2

I. 2014-01-27 21:22:45. <UpChannel-0000> PacketRead packet-opcode: 0xf009

I. 2014-01-27 21:22:45. <UpChannel-0000> packet read..

I. 2014-01-27 21:22:45. <UpChannel-0000> successful packet read.. processing it..

I. 2014-01-27 21:22:45. <UpChannel-0000> packet:

I. 2014-01-27 21:22:45. <UpChannel-0000> 0000: 02 00 09 F0                                      ....           

I. 2014-01-27 21:22:45. <UpChannel-0000> RS_UPCHANNEL_NOOP()

I. 2014-01-27 21:23:06. <Main-0000> Liveness is due..

I. 2014-01-27 21:23:06. <DnChannel-0000> TripLeft: 2097021990

Message was edited by: Raza Rizvi

AfariaDebugView_SCN.txt.zip
RelayIIS_SCN.txt.zip
AfariaIIS_SCN.txt.zip
Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-28-2014 5:10 AM
0 Kudos

Hi,

As mention everything work fine while working on Intra zone

Make sure the following points while working on Relay server environment.

1. Rs config need to be properly configured

2. Outbound enabler should be properly configured and communicating with relay server

3. Ports between relay server and public ip should be open ( 80,443).

4. port between afaria server and relay server should be open (Telnet and ping enabled).

5. SSL certificate need to be configured on relay server

6. SSL certificated should be browse at the time of installation of IPHONESERVER package.

7. On Afaria console make sure to configure proper setting of CA , Enrollment server.

8. Relay server setting on console should be disable.

9. check the tiny url path.

Show replies
Show replies
razarizvi
Explorer
‎01-30-2014 5:30 PM
0 Kudos

Thanks for your inputs Chetan. yes we were able to provision iOS devices while on VPN (intranet)

1. Rs config need to be properly configured

          Yes, I have configured this and dont see any error in logs.

2. Outbound enabler should be properly configured and communicating with relay server

          Yes, I have configured 3 rsoe's one for Afaria farm, Enrollment Server & Package server - all are able to successfully connect to Relay server.

3. Ports between relay server and public ip should be open ( 80,443).

          I have confirmed this by logging in from internet. Network team as confirmed this as well.

4. port between afaria server and relay server should be open (Telnet and ping enabled).

          I have checked via telnet and ping both sides are good.

5. SSL certificate need to be configured on relay server

          The SSL certificate tied to the Relay server port 443 is the one issued by the CA (installed on Afaria host)

6. SSL certificated should be browse at the time of installation of IPHONESERVER package.

          I have imported this certificate on the Afaria server IIS server certificates page. During the execution of iPhoneserversetup.exe the same certificate is being tied during the "Specify SSL Certificate" page.

7. On Afaria console make sure to configure proper setting of CA , Enrollment server.

          CA is configured and is passing the test connection. Enrollment server is setup with Relay server http connection.


8. Relay server setting on console should be disable.

          I have confirmed this and it has been disabled.


9. check the tiny url path.

          The tinyurl test is SUCCESSFULL

Any other inputs are much appreciated!

-Raza.

Former Member
‎01-31-2014 6:14 AM
0 Kudos

Hi,

If its working on intranet it should work for internet also.

Make sure the ports are properly open from relay to public.

On firewall disable the scanner if any blocking for that port

SSL certificate properly configured

Change the server address from local to relay server in enrollment server setting

razarizvi
Explorer
‎02-06-2014 2:09 PM
0 Kudos

Hello Chetan,

We debugged thru the whole process and found that our SSL certificate attached to the relay server didnt have a "Subject Alternative Name" assigned... after we enabled that and regenerated the enrollment code, this issue got fixed.

Thanks for your valuable suggestions!

Kind Regards,
Raza.

Answers (0)

Ask a Question