cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with iOS enrollment and Active Directory integration

Former Member
0 Kudos

Hi all,

I have a tenant in my Afaria server(Afaria 7, SP4, hf3) that I want integrate with Active Directory for iOs devices.

I follow this steps:

- I configure the Active Directory parameters (Server->security->Active Directory)

- I re-install de iphoneserver component with "Afaria server managed authentication" option.-

- I create a enrollment policy

When I launch the Afaria agent on the device and enter the enrollment code (Tiny), I receive a message of incorrect enrollment code.

If I reinstall again the iphoneserver without "Use authentication" and try to enroll with the same code, It works and the the device is enrolled (obviously without request credentials).

I don't know why, but when install the iphone server with "use autentication", the iOS enrolmet fails.

The ICU logs are:

- When It fails

May 16 17:46:16 iPad Afaria-SAP[145] <Warning>: [AipsController enrollmentCodeDidFinishWith:]

May 16 17:46:16 iPad Afaria-SAP[145] <Warning>: [AipsController enrollmentCodeDidParse:]

May 16 17:46:16 iPad Afaria-SAP[145] <Warning>: shortenrollmenturl_preference: https://TinyURL.com/XXXXXXXX

May 16 17:46:16 iPad Afaria-SAP[145] <Warning>: [AipsController doEnrollmentSeedDownload]

May 16 17:46:16 iPad Afaria-SAP[145] <Warning>: [AfariaAppDelegate netUser:0x80 busy:1]

May 16 17:46:18 iPad CommCenter[44] <Notice>: com.apple.CommCenter.Prox - Declared system activity to prevent sleep

May 16 17:46:18 iPad Afaria-SAP[145] <Warning>: [AfariaAppDelegate canAuthenticateAgainstProtectionSpace] NSURLAuthenticationMethodServerTrust

May 16 17:46:18 iPad Afaria-SAP[145] <Warning>: [EnrollmentCodeSeedDataDownloader connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0

May 16 17:46:18 iPad Afaria-SAP[145] <Warning>: [AfariaAppDelegate connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0

May 16 17:46:18 iPad Afaria-SAP[145] <Warning>: _serverTrustResolvedWithSuccess, success = 1

May 16 17:46:18 iPad Afaria-SAP[145] <Warning>: resolve NSURLAuthenticationMethodServerTrust -> <NSURLCredential: 0x2b01f0>: (null)

May 16 17:46:18 iPad Afaria-SAP[145] <Warning>: Cert for host tinyurl.com trusted

May 16 17:46:20 iPad Afaria-SAP[145] <Warning>: httpResponse.allHeaderField Dictionary: {

"Cache-Control" = "no-cache";

Connection = "keep-alive";

"Content-Encoding" = gzip;

"Content-Length" = 913;

"Content-Type" = "text/html";

Pragma = "no-cache";

}

May 16 17:46:20 iPad Afaria-SAP[145] <Warning>: connection:didReceiveResponse: http 403

-When It works

May 16 18:38:04 iPad Afaria-SAP[145] <Warning>: [AipsController enrollmentCodeDidFinishWith:]

May 16 18:38:04 iPad Afaria-SAP[145] <Warning>: [AipsController enrollmentCodeDidParse:]

May 16 18:38:04 iPad Afaria-SAP[145] <Warning>: shortenrollmenturl_preference: https://TinyURL.com/XXXXX

May 16 18:38:04 iPad Afaria-SAP[145] <Warning>: [AipsController doEnrollmentSeedDownload]

May 16 18:38:04 iPad Afaria-SAP[145] <Warning>: [AfariaAppDelegate netUser:0x80 busy:1]

May 16 18:38:07 iPad CommCenter[44] <Notice>: com.apple.CommCenter.Prox - Declared system activity to prevent sleep

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: httpResponse.allHeaderField Dictionary: {

"Cache-Control" = private;

Connection = "keep-alive";

"Content-Length" = 1467;

"Content-Type" = "aips/plist+xml";

Date = "Fri, 16 May 2014 16:38:06 GMT";

Server = "Microsoft-IIS/7.5, Microsoft-IIS/7.5";

"X-AspNet-Version" = "4.0.30319";

"X-Powered-By" = "ASP.NET, ASP.NET";

}

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: connection:didReceiveResponse: http 200

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: [AfariaAppDelegate netUser:0x80 busy:0]

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: [AipsController enrollmentCodeSeedDidLoadWith:]

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: AipsController enrollmentCodeSeedDataDidLoadWith [1467] and http:200

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: [EnrollmentProfile parse]

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: Unexpected element name: "UseIdentityCertificate"

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: Unexpected element name: "iOSAndroidEnrollmentUri"

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: >>> EnrollmentProfile <<<

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: PolicyID: {c049cf0c-d680-4d16-be74-c6a79b8720f6}

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: >>> EnrollmentConfigurationParameters <<<

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: ServerAddress: XXXXXXX

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: ServerPort: 80

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: ServerProtocol: http

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: ServerVirtualDirectory: aips

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: EnrollmentVirtualDirectory: aips

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: RelayServerPath: /ias_relay_server/client/rs_client.dll/%cid%

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: RelayServerFarmID: PSserverDes

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: homeSeedingParmameters: s=mobiadmd.interhesa.es;p=80;h=http;v=aips;e=aips;c=PSserverDes;r=/ias_relay_server/client/rs_client.dll/%cid%

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: UserPrompts:[0]

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: Groups:[1]

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: >>> EnrollmentGroup <<<

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: Name: 25

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: MDMEnroll: present and empty

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: >>> EnrollmentAfariaSeed <<<

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: NamingOption: 1

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: ConnectAfterInstall: 1

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: AutoApprove: 1

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: MbdType: 2

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: MbdDnv:

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: MbdPrefix:

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: MbdPromptVar: (null)

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: Domain:

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: IOSAccessPolicy: 130

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: TenantID: i!p8f:1

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: RelayServerPrefix: /ias_relay_server/client/rs_client.dll

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: RelayServerFarmID: FARMIDDes

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: ServerIP: (null)

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: SSPTitle:

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: SSPDescription:

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: SSPURL:

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: EnableCompromised: 0

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: [AipsController parseSeedDataDidSucceed]

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: [AipsController jailbroken]

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: [doDelayedEnrollment]

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: [AfariaAppDelegate netUser:0x80 busy:0]

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: UIDevice.getUDID > 1e1e0f7dd6ca026675486a815c16c78785132e68

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: UIDevice.getUDID > 1e1e0f7dd6ca026675486a815c16c78785132e68

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: [AipsController enrollmentUserPromptsDidFinishWith:]

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: EnrollmentRecordRequiredDataPut > http://XXXXXXXXXX:80/ias_relay_server/client/rs_client.dll/PSserverDes/aips/aipService.svc/Enrollmen...{c049cf0c-d680-4d16-be74-c6a79b8720f6}&ClientType=-8

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: EnrollmentRecordRequiredDataPut >> http://XXXXXXXXXX:80/ias_relay_server/client/rs_client.dll/PSserverDes/aips/aipService.svc/Enrollmen...

May 16 18:38:09 iPad Afaria-SAP[145] <Warning>: [AfariaAppDelegate netUser:0x80 busy:1]

May 16 18:38:10 iPad Afaria-SAP[145] <Warning>: httpResponse.allHeaderField Dictionary: {

"Cache-Control" = private;

Connection = "keep-alive";

"Content-Length" = 514;

"Content-Type" = "aips/plist+xml";

Date = "Fri, 16 May 2014 16:38:07 GMT";

Server = "Microsoft-IIS/7.5, Microsoft-IIS/7.5";

"X-AspNet-Version" = "4.0.30319";

"X-Powered-By" = "ASP.NET, ASP.NET";

}

Could you please help to solve this problem?

Thanks in advance. 

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi,

I looks strange that your

http://XXXXXXXXXX:80/ias_relay_server/client/rs_client.dll/PSserverDes/aips/aipService.svc/Enrollmen...

uses http and not https which is required by iOS

Br

Peter

Former Member
0 Kudos

Hi Peter,

Yes, I know, I didn't install this Afaria.

But the strange is that It works when the iphoneserver is configurated without "Use authentication".

Could use "use authentication" method with http ios connections?

Regards

Javier

Former Member
0 Kudos

Hi Peter,

I have change the enrollment configuration to use https, and same result:

Without "Afaria server managed authentication" it works

May 21 18:58:59 iPad CommCenter[44] <Notice>: com.apple.CommCenter.Prox - system activity completed

May 21 18:59:19 iPad Afaria-SAP[122] <Warning>: [AipsController enrollmentCodeDidFinishWith:]

May 21 18:59:19 iPad Afaria-SAP[122] <Warning>: [AipsController enrollmentCodeDidParse:]

May 21 18:59:19 iPad Afaria-SAP[122] <Warning>: shortenrollmenturl_preference: https://TinyURL.com/k4g2dcv

May 21 18:59:19 iPad Afaria-SAP[122] <Warning>: [AipsController doEnrollmentSeedDownload]

May 21 18:59:19 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate netUser:0x80 busy:1]

May 21 18:59:20 iPad locationd[53] <Notice>: NETWORK: query, cells, 1, 0, 0, 0, wifis, 0

May 21 18:59:22 iPad CommCenter[44] <Notice>: com.apple.CommCenter.Prox - Declared system activity to prevent sleep

May 21 18:59:22 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate canAuthenticateAgainstProtectionSpace] NSURLAuthenticationMethodServerTrust

May 21 18:59:22 iPad Afaria-SAP[122] <Warning>: [EnrollmentCodeSeedDataDownloader connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0

May 21 18:59:22 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0

May 21 18:59:22 iPad Afaria-SAP[122] <Warning>: _serverTrustResolvedWithSuccess, success = 1

May 21 18:59:22 iPad Afaria-SAP[122] <Warning>: resolve NSURLAuthenticationMethodServerTrust -> <NSURLCredential: 0x39f6d0>: (null)

May 21 18:59:22 iPad Afaria-SAP[122] <Warning>: Cert for host ***************.es trusted

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: httpResponse.allHeaderField Dictionary: {

"Cache-Control" = private;

Connection = "Keep-Alive";

"Content-Length" = 1470;

"Content-Type" = "aips/plist+xml";

Date = "Wed, 21 May 2014 16:59:22 GMT";

Server = "Microsoft-IIS/7.5, Microsoft-IIS/7.5";

"X-AspNet-Version" = "4.0.30319";

"X-Powered-By" = "ASP.NET, ASP.NET";

}

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: connection:didReceiveResponse: http 200

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: httpResponse.didReceiveData Data <3c3f786d 6c207665 7273696f 6e3d2231 2e302220 656e636f 64696e67 3d227574 662d3822 3f3e0a3c 53656564 44617461 20506f6c 69637949 443d227b 63303439 63663063 2d643638 302d3464 31362d62 6537342d 63366137 39623837 32306636 7d223e0a 093c436f 6e666967 75726174 696f6e3e 0a09093c 53657276 65724164 64726573 733e6d6f 62696164 6d642e69 6e746572 68657361 2e65733c 2f536572 76657241 64647265 73733e0a 09093c53 65727665 72506f72 743e3434 333c2f53 65727665 72506f72 743e0a09 093c5072 6f746f63 6f6c3e68 74747073 3c2f5072 6f746f63 6f6c3e0a 09093c56 69727475 616c4469 723e6169 70733c2f 56697274 75616c44 69723e0a 09093c45 6e726f6c 6c566972 7475616c 4469723e 61697073 3c2f456e 726f6c6c 56697274 75616c44 69723e0a 09093c52 656c6179 53657276 65725061 74683e2f 6961735f 72656c61 795f7365 72766572 2f636c69 656e742f 72735f63 6c69656e 742e646c 6c2f2563 6964253c 2f52656c 61795365 72766572 50617468 3e0a0909 3c466172 6d49443e 50537365 72766572 4465733c 2f466172 6d49443e 0a093c2f 436f6e66 69677572 6174696f 6e3e0a09 3c557365 7250726f 6d70743e 3c2f5573 65725072 6f6d7074 3e0a093c 53657276 65723e0a 09093c47 726f7570 41737369 676e3e0a 0909093c 47726f75 703e3235 3c2f4772 6f75703e 0a09093c 2f47726f 75704173 7369676e 3e0a0909 3c4d444d 456e726f 6c6c202f 3e0a093c 2f536572 7665723e 0a093c41 66617269 61536565 64446174 613e0a09 093c7573 654e616d 696e674f 7074696f 6e733e31 3c2f7573 654e616d 696e674f 7074696f 6e733e0a 09093c63 6f6e6e65 63744166 74657249 6e737461 6c6c3e22 31223c2f 636f6e6e 65637441 66746572 496e7374 616c6c3e 0a09093c 6175746f 41707072 6f76653e 2231223c 2f617574 6f417070 726f7665 3e0a0909 3c557365 4964656e 74697479 43657274 69666963 6174653e 2230223c 2f557365 4964656e 74697479 43657274 69666963 6174653e 0a09093c 6d626454 7970653e 2232223c 2f6d6264 54797065 3e0a0909 3c6d6264 446e763e 22223c2f 6d626444 6e763e0a 09093c6d 62645072 65666978 3e22223c 2f6d6264 50726566 69783e0a 09093c44 6f6d6169 6e3e2222 3c2f446f 6d61696e 3e0a0909 3c494f53 41636365 7373506f 6c696379 3e313330 3c2f494f 53416363 65737350 6f6c6963 793e0a09 093c656e 61626c65 436f6d70 726f6d69 7365643e 2230223c 2f656e61 626c6543 6f6d7072 6f6d6973 65643e0a 09093c53 53505469 746c653e 22223c2f 53535054 69746c65 3e0a0909 3c535350 44657363 72697074 696f6e3e 22223c2f 53535044 65736372 69707469 6f6e3e0a 09093c53 53505552 4c3e2222 3c2f5353 5055524c 3e0a0909 3c74656e 616e7449 443e2269 21703866 3a31223c 2f74656e 616e7449 443e0a09 093c7265 6c617953 65727665 72507265 6669783e 2f696173 5f72656c 61795f73 65727665 722f636c 69656e74 2f72735f 636c6965 6e742e64 6c6c3c2f 72656c61 79536572 76657250 72656669 783e0a09 093c7265 6c617953 65727665 72466172 6d49443e 4641524d 49444465 733c2f72 656c6179 53657276 65724661 726d4944 3e0a0909 3c457874 72614461 7461313e 4b51556c 4e773377 72627252 5a77552f 2b474967 434e3851 434e413d 3c2f4578 74726144 61746131 3e0a0909 3c694f53 416e6472 6f696445 6e726f6c 6c6d656e 74557269 3e687474 70733a2f 2f6d6f62 6961646d 642e696e 74657268 6573612e 65732f69 61735f72 656c6179 5f736572 7665722f 636c6965 6e742f72 735f636c 69656e74 2e646c6c 2f505373 65727665 72446573 2f616970 732f6169 70536572 76696365 2e737663 2f3c2f69 4f53416e 64726f69 64456e72 6f6c6c6d 656e7455 72693e0a 09093c52 65676973 74657265 64557365 724e616d 653e3c2f 52656769 73746572 65645573 65724e61 6d653e0a 093c2f41 66617269 61536565 64446174 613e0a3c 2f536565 64446174 613e>

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate netUser:0x80 busy:0]

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: [AipsController enrollmentCodeSeedDidLoadWith:]

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: AipsController enrollmentCodeSeedDataDidLoadWith [1470] and http:200

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: [EnrollmentProfile parse]

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: Unexpected element name: "UseIdentityCertificate"

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: Unexpected element name: "iOSAndroidEnrollmentUri"

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: >>> EnrollmentProfile <<<

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: PolicyID: {c049cf0c-d680-4d16-be74-c6a79b8720f6}

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: >>> EnrollmentConfigurationParameters <<<

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: ServerAddress: ***************.es

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: ServerPort: 443

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: ServerProtocol: https

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: ServerVirtualDirectory: aips

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: EnrollmentVirtualDirectory: aips

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: RelayServerPath: /ias_relay_server/client/rs_client.dll/%cid%

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: RelayServerFarmID: PSserverDes

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: homeSeedingParmameters: s=***************.es;p=443;h=https;v=aips;e=aips;c=PSserverDes;r=/ias_relay_server/client/rs_client.dll/%cid%

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: UserPrompts:[0]

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: Groups:[1]

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: >>> EnrollmentGroup <<<

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: Name: 25

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: MDMEnroll: present and empty

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: >>> EnrollmentAfariaSeed <<<

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: NamingOption: 1

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: ConnectAfterInstall: 1

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: AutoApprove: 1

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: MbdType: 2

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: MbdDnv:

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: MbdPrefix:

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: MbdPromptVar: (null)

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: Domain:

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: IOSAccessPolicy: 130

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: TenantID: i!p8f:1

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: RelayServerPrefix: /ias_relay_server/client/rs_client.dll

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: RelayServerFarmID: FARMIDDes

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: ServerIP: (null)

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: SSPTitle:

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: SSPDescription:

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: SSPURL:

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: EnableCompromised: 0

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: [AipsController parseSeedDataDidSucceed]

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: [AipsController jailbroken]

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: [doDelayedEnrollment]

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate netUser:0x80 busy:0]

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: [AipsController enrollmentUserPromptsDidFinishWith:]

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: EnrollmentRecordRequiredDataPut > https://***************.es:443/ias_relay_server/client/rs_client.dll/PSserverDes/aips/aipService.svc...{c049cf0c-d680-4d16-be74-c6a79b8720f6}&ClientType=-8

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: EnrollmentRecordRequiredDataPut >> https://***************.es:443/ias_relay_server/client/rs_client.dll/PSserverDes/aips/aipService.svc...

May 21 18:59:23 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate netUser:0x80 busy:1]

May 21 18:59:24 iPad Afaria-SAP[122] <Warning>: httpResponse.allHeaderField Dictionary: {

"Cache-Control" = private;

Connection = "Keep-Alive";

"Content-Length" = 511;

"Content-Type" = "aips/plist+xml";

Date = "Wed, 21 May 2014 16:59:22 GMT";

Server = "Microsoft-IIS/7.5, Microsoft-IIS/7.5";

"X-AspNet-Version" = "4.0.30319";

"X-Powered-By" = "ASP.NET, ASP.NET";

With "Afaria server managed authentication" it fails

May 21 18:43:55 iPad Afaria-SAP[122] <Warning>: [AipsController enrollmentCodeDidFinishWith:]

May 21 18:43:55 iPad Afaria-SAP[122] <Warning>: [AipsController enrollmentCodeDidParse:]

May 21 18:43:55 iPad Afaria-SAP[122] <Warning>: shortenrollmenturl_preference: https://TinyURL.com/k4g2dcv

May 21 18:43:55 iPad Afaria-SAP[122] <Warning>: [AipsController doEnrollmentSeedDownload]

May 21 18:43:55 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate netUser:0x80 busy:1]

May 21 18:43:57 iPad CommCenter[44] <Notice>: com.apple.CommCenter.Prox - Declared system activity to prevent sleep

May 21 18:43:57 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate canAuthenticateAgainstProtectionSpace] NSURLAuthenticationMethodServerTrust

May 21 18:43:57 iPad Afaria-SAP[122] <Warning>: [EnrollmentCodeSeedDataDownloader connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0

May 21 18:43:57 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0

May 21 18:43:57 iPad Afaria-SAP[122] <Warning>: _serverTrustResolvedWithSuccess, success = 1

May 21 18:43:57 iPad Afaria-SAP[122] <Warning>: resolve NSURLAuthenticationMethodServerTrust -> <NSURLCredential: 0x3a0930>: (null)

May 21 18:43:57 iPad Afaria-SAP[122] <Warning>: Cert for host tinyurl.com trusted

May 21 18:43:59 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate canAuthenticateAgainstProtectionSpace] NSURLAuthenticationMethodServerTrust

May 21 18:43:59 iPad Afaria-SAP[122] <Warning>: [EnrollmentCodeSeedDataDownloader connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0

May 21 18:43:59 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0

May 21 18:43:59 iPad Afaria-SAP[122] <Warning>: _serverTrustResolvedWithSuccess, success = 1

May 21 18:43:59 iPad Afaria-SAP[122] <Warning>: resolve NSURLAuthenticationMethodServerTrust -> <NSURLCredential: 0x39ad80>: (null)

May 21 18:43:59 iPad Afaria-SAP[122] <Warning>: Cert for host mobiadmd.interhesa.es trusted

May 21 18:44:00 iPad Afaria-SAP[122] <Warning>: httpResponse.allHeaderField Dictionary: {

"Cache-Control" = "no-cache";

Connection = close;

"Content-Length" = 2024;

"Content-Type" = "text/html";

Pragma = "no-cache";

}

May 21 18:44:00 iPad Afaria-SAP[122] <Warning>: connection:didReceiveResponse: http 403

May 21 18:44:00 iPad Afaria-SAP[122] <Warning>: httpResponse.didReceiveData Data <3c21444f 43545950 45204854 4d4c2050 55424c49 4320222d 2f2f5733 432f2f44 54442048 544d4c20 342e3020 5472616e 73697469 6f6e616c 2f2f454e 223e0d0a 3c48544d 4c206469 723d6c74 723e3c48 4541443e 3c544954 4c453e54 68652070 61676520 63616e6e 6f742062 65206469 73706c61 7965643c 2f544954 4c453e0d 0a3c5354 594c4520 69643d4c 5f646566 61756c74 725f313e 413a6c69 6e6b207b 0d0a0946 4f4e543a 20387074 2f313170 74207665 7264616e 613b2043 4f4c4f52 3a202366 66303030 300d0a7d 0d0a413a 76697369 74656420 7b0d0a09 464f4e54 3a203870 742f3131 70742076 65726461 6e613b20 434f4c4f 523a2023 34653465 34650d0a 7d0d0a3c 2f535459 4c453e0d 0a0d0a3c 4d455441 20636f6e 74656e74 3d4e4f49 4e444558 206e616d 653d524f 424f5453 3e0d0a3c 4d455441 20687474 702d6571 7569763d 436f6e74 656e742d 54797065 20636f6e 74656e74 3d227465 78742d68 746d6c3b 20636861 72736574 3d555446 2d38223e 0d0a0d0a 3c4d4554 4120636f 6e74656e 743d224d 5348544d 4c20352e 35302e34 3532322e 31383030 22206e61 6d653d47 454e4552 41544f52 3e3c2f48 4541443e 0d0a3c42 4f445920 6267436f 6c6f723d 23666666 6666663e 0d0a3c54 41424c45 2063656c 6c537061 63696e67 3d352063 656c6c50 61646469 6e673d33 20776964 74683d34 31303e0d 0a20203c 54424f44 593e0d0a 20203c54 523e0d0a 20202020 3c544420 76416c69 676e3d63 656e7465 7220616c 69676e3d 6c656674 20776964 74683d33 36303e0d 0a202020 2020203c 48312069 643d4c5f 64656661 756c7472 5f322073 74796c65 3d22464f 4e543a20 31337074 2f313570 74207665 7264616e 613b2043 4f4c4f52 3a202330 30303030 30223e3c 49442069 643d4c5f 64656661 756c7472 5f333e3c 212d2d50 726f626c 656d2d2d 3e546865 20706167 65206361 6e6e6f74 20626520 64697370 6c617965 640d0a3c 2f49443e 3c2f4831 3e3c2f54 443e3c2f 54523e0d 0a20203c 54523e0d 0a202020 203c5444 20776964 74683d34 30302063 6f6c5370 616e3d32 3e3c464f 4e542069 643d4c5f 64656661 756c7472 5f340d0a 20202020 20207374 796c653d 22464f4e 543a2038 70742f31 31707420 76657264 616e613b 20434f4c 4f523a20 23303030 30303022 3e3c4944 2069643d 4c5f6465 6661756c 74725f35 3e3c423e 4578706c 616e6174 696f6e3a 203c2f42 3e546865 72652069 73206120 70726f62 6c656d20 77697468 20746865 20706167 6520796f 75206172 65207472 79696e67 20746f20 72656163 6820616e 64206974 2063616e 6e6f7420 62652064 6973706c 61796564 2e3c2f49 443e3c2f 464f4e54 3e3c2f54 443e3c2f 54523e0d 0a20203c 54523e0d 0a202020 203c5444 20776964 74683d34 30302063 6f6c5370 616e3d32 3e3c464f 4e542069 643d4c5f 64656661 756c7472 5f36200d 0a202020 20202073 74796c65 3d22464f 4e543a20 3870742f 31317074 20766572 64616e61 3b20434f 4c4f523a 20233030 30303030 223e0d0a 20202020 20203c48 5220636f 6c6f723d 23633063 30633020 6e6f5368 6164653e 0d0a0d0a 20202020 20203c50 2069643d 4c5f6465 6661756c 74725f37 3e3c423e 54727920 74686520 666f6c6c 6f77696e 673a3c2f 423e3c2f 503e0d0a 20202020 20203c55 4c3e0d0a 20202020 20202020 3c4c4920 69643d4c 5f646566 61756c74 725f383e 3c423e52 65667265 73682070 6167653a 3c2f423e 20536561 72636820 666f7220 74686520 70616765 20616761 696e2062 7920636c 69636b69 6e672074 68652052 65667265 73682062 7574746f 6e2e2054 68652074 696d656f 7574206d 61792068 61766520 6f636375 72726564 20647565 20746f20 496e7465 726e6574 20636f6e 67657374 696f6e2e 0d0a3c4c 49206964 3d4c5f64 65666175 6c74725f 393e3c42 3e436865 636b2073 70656c6c 696e673a 3c2f423e 20436865 636b2074 68617420 796f7520 74797065 64207468 65205765 62207061 67652061 64647265 73732063 6f727265 63746c79 2e205468 65206164 64726573 73206d61 79206861 76652062 65656e20 6d697374 79706564 2e0d0a3c 4c492069 643d4c5f 64656661 756c7472 5f31303e 3c423e41 63636573 73206672 6f6d2061 206c696e 6b3a3c2f 423e2049 66207468 65726520 69732061 206c696e 6b20746f 20746865 20706167 6520796f 75206172 65206c6f 6f6b696e 6720666f 722c2074 72792061 63636573 73696e67 20746865 20706167 65206672 6f6d2074 68617420 6c696e6b 2e0d0a0d 0a202020 2020203c 2f554c3e 0d0a2020 20202020 3c485220 636f6c6f 723d2363 30633063 30206e6f 53686164 653e0d0a 0d0a2020 20202020 3c502069 643d4c5f 64656661 756c7472 5f31313e 54656368 6e696361 6c20496e 666f726d 6174696f 6e202866 6f722073 7570706f 72742070 6572736f 6e6e656c 293c2f50 3e0d0a2020202020 203c554c 3e0d0a20 20202020 2020203c 4c492069 643d4c5f 64656661 756c7472 5f31323e 4572726f 7220436f 64653a20 34303320 466f7262 69646465 6e2e2054 68652073 65727665 72206465 6e696564 20746865 20737065 63696669 65642055 6e69666f 726d2052 65736f75 72636520 4c6f6361 746f7220 2855524c 292e2043 6f6e7461 63742074 68652073 65727665 72206164 6d696e69 73747261 746f722e 20283132 32303229 0d0a0d0a 20202020 20202020 3c2f554c 3e3c2f46 4f4e543e 3c2f5444 3e3c2f54 523e3c2f 54424f44 593e3c2f 5441424c 453e3c2f 424f4459 3e3c2f48 544d4c3e 0d0a0d0a>

May 21 18:44:00 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate netUser:0x80 busy:0]

May 21 18:44:00 iPad Afaria-SAP[122] <Warning>: [AipsController enrollmentCodeSeedDidLoadWith:]

May 21 18:44:00 iPad Afaria-SAP[122] <Warning>: AipsController enrollmentCodeSeedDataDidLoadWith [2024] and http:403

May 21 18:44:00 iPad Afaria-SAP[122] <Warning>: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML dir=ltr><HEAD><TITLE>The page cannot be displayed</TITLE>

<STYLE id=L_defaultr_1>A:link {

FONT: 8pt/11pt verdana; COLOR: #ff0000

}

A:visited {

FONT: 8pt/11pt verdana; COLOR: #4e4e4e

}

</STYLE>

<META content=NOINDEX name=ROBOTS>

<META http-equiv=Content-Type content="text-html; charset=UTF-8">

<META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>

<BODY bgColor=#ffffff>

<TABLE cellSpacing=5 cellPadding=3 width=410>

<TBODY>

<TR>

<TD vAlign=center align=left width=360>

<H1 id=L_defaultr_2 style="FONT: 13pt/15pt verdana; COLOR: #000000"><ID id=L_defaultr_3><!--Problem-->The page cannot be displayed

</ID></H1></TD></TR>

<TR>

<TD width=400 colSpan=2><FONT id=L_defaultr_4

style="FONT: 8pt/11pt verdana; COLOR: #000000"><ID id=L_defaultr_5><B>Explanation: </B>There is a problem with the page you are trying to reach and it cannot be displayed.</ID></FONT></TD></TR>

<TR>

<TD width=400 colSpan=2><FONT id=L_defaultr_6

style="FONT: 8pt/11pt verdana; COLOR: #000000">

<HR color=#c0c0c0 noShade>

<P id=L_defaultr_7><B>Try the following:</B></P>

<UL>

<LI id=L_defaultr_8><B>Refresh page:</B> Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.

<LI id=L_defaultr_9><B>Check spelling:</B> Check that you typed the Web page address correctly. The address may have been mistyped.

<LI id=L_defaultr_10><B>Access from a link:</B> If there is a link to the page you are looking for, try accessing the page from that link.

</UL>

<HR color=#c0c0c0 noShade>

<P id=L_defaultr_11>Technical Information (for support personnel)</P>

<UL>

<LI id=L_defaultr_12>Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

</UL></FONT></TD></TR></TBODY></TABLE></BODY></HTML>

http: 403

May 21 18:44:00 iPad Afaria-SAP[122] <Warning>: enrollmentFinishedWithFailure

May 21 18:44:00 iPad backboardd[29] <Error>: HID: The 'Rate Controlled' connection 'Afaria-SAP' access to protected services is denied.

May 21 18:44:00 iPad Afaria-SAP[122] <Warning>: [AfariaAppDelegate netUser:0x80 busy:0]

May 21 18:44:06 iPad CommCenter[44] <Notice>: com.apple.CommCenter.Prox - system activity completed

Do you have any idea?

Thanks!!

former_member201782
Participant
0 Kudos

Hello Javier,

Looking at the log when trying to enroll with Active Directory enabled it is giving Http 403 error, which is Access denied error.

This is a permissions issue.

Make sure that all Afaria ports are open and Afaria folders have administrative privileges.

While enrolling check the network traffic and see where it is getting blocked.

Recently we faced this 403 error, while we were using same Relay server for SUP and Afaria. And some policy settings were enabled specific to SUP server thats why Afaria enrollment was failing (403 error).

Our issue was solved after setting up a dedicated Relay server for Afaria and make sure that required ports are open and have enough permissions.

Thanks,

Srikanth

Former Member
0 Kudos

Hi Srikanth,

Thanks for your answer, I'm going to check all those points

BR,

Javier

Former Member
0 Kudos

Hi! Srikanth,

Problem solved!!!

I have to changed the "Authentication Delegation" on the IAS server:

After change It, iOS device can access and install the MDM profile and finish the enrollment.


Thaks for your hepl!!!

BR


Javier


former_member201782
Participant
0 Kudos

Hello Javier,

Great ! Good to know that problem has been solved.

You can mark this post as Answered.

Thanks,

Srikanth

Former Member
0 Kudos

Anyone help me?

0 Kudos

Hi Javier,

I will see if I can get an Afaria savvy person to look it over.

Regards, Mike

SAP Customer Experience Group - CEG

Former Member
0 Kudos

Hi Mike,

Thanks in advance.

Regards,

Javier