Hello Peter,

well those are Symbol PDT devices (for warehouse activities) that we want to keep the management and inventory on Afaria. So in order to generate .cab file, I have to create an enrollment policy for this type of devices (with its group and the other things). With scripting you mean the sessions policies?

Regards,

MC

Peter,

Now I have a connection problem, the client shows: Connection to server failed, the session did not complete ... I'm connecting to afaria through relay server and the relay is configured with SSL (i have a public SSL certificate installed there ... bought to geotrust). The RSOEs are running... what might be happening here???

BR,

Mariana

And you're sure these are WM Standard devices ? and not WM Pro ?

Also, have you tried to use this string to connect (no relay server)

xnet://servername:3007

?

If it's a warehouse setup it might be ok to not use SSL and HTTPS. But XNETS can also be used. In general XNET is much faster than HTTP(S) and the server will handle more load.

HTTP for WM devices is "just" XNET over HTTP protocol. The XNET traffic is unpacked at the server   and forwarded to the server's XNET port (3007)

Hi,

The devices are Windows Mobile Pro (the one i'm using for testing is WMPro 5.0). Now I have tried to connect direct (no with RS), and the devices is registering on afaria but through relay the connection is not establish. The error the client throws is: "The connection to the server failed. The session did not complete".

Now I'm using RS because I'm planning to manage device like iOS or Android. So I guess that is the way to go (through relay), and the configuration on the RS is set to work with SSL because that is mandatory for iOS. So If i have to use RS and this is configured with SSL, that is why i'm trying to work with the ssl

I have checked the RSOEs twice and all seems to be working. I have checked the status for the enroll, ps and cas RSOE through the relay page and they are available. The only one is "unavailable" is the afaria rsoe but it is configured with "start the outbound enabler with afaria server" check and  the server is started ... Why might me wrong ???

Best Regards

MC

Do you have 2 different RSOE's set up ? 1 for iOS and 1 for WM/Android (running XNET over HTTP(s)) ?

You can't use the same RSOE for both iOS and XNET clients like Android and WM

The same Relay Server can be used of curse. Can you share the RSOE configs ?

BR

Peter

Hello

Now I have one RSOE set up running HTTPS (although you suggested i'm not using xnet yet). My RSOEs config are:

(extract of rs.config)

[options]

start = no

verbosity = 1

[relay_server]

enable          = yes

host            = RELAYSERVERADDRESS

http_port       = 80

https_port      = 443

description     = Machine #1 in RS farm

[backend_farm]

enable          = yes

id              = afaria

client_security = on

backend_security= on

description     = Afaria Server

[backend_farm]

enable          = yes

id              = afaria_enroll

client_security = on

backend_security= on

description     = Afaria Enrollment Server

[backend_farm]

enable          = yes

id              = afaria_ps

client_security = on

backend_security= on

description     = Afaria Package Server

[backend_farm]

enable          = yes

id              = afaria_cas

client_security = on

backend_security= on

description     = Afaria Certificate Authority Server

[backend_server]

enable   = yes

farm     = afaria

id       = !wx!

mac      = MACADDRESS

token    = t_afaria

[backend_server]

enable   = yes

farm     = afaria_enroll

id       = uee5

mac      = MACADDRESS

token    = t_afaria_enroll

[backend_server]

enable   = yes

farm     = afaria_ps

id       = uee6

mac      = MACADDRESS

token    = t_afaria_ps

[backend_server]

enable   = yes

farm     = afaria_cas

id       = uee7

mac      = MACADDRESS

token    = t_afaria_cas

I'm attaching  a screenshot for the RS configuration within afaria server on AdminUI and the transmitterID on the registry

And what do you have under "Server", Settings, Communications, Device Communications ?

These are my DevComm settings:

Now i have a question, if I have my RS on a DMZ do I have to open on my firewall port 3007 and 3008? I just saw the "XNET is always used" so... now I have that doubt... The address for Device Comm is the relay server address...

BR,

MC

You _can_ open 3007 but since you have a relay server you don't need to.

XNET is always used, but it might be XNET over HTTP where the clients talk http(s) to the relay. the RSOE talks http to both the relay and the backend server and the backend server unpacks the XNET traffic from within the http traffic and sends it back to the backend server (itself)

Have you tried to open the rs url from a device?

https://relayserver/ias_relay_server/client/rs_client.dll

?

Peter

Yeap... the device sees the relay

I dont know what else should I have to do. By the way if i try to enroll directly without RS, the devices register and all works fine...

BR,

MC

I see you're running version 16.0.0.1324

What version are the RSOE's running ?

Also look at this:

, is version 16.0.0.1324 working with XNET ?

Peter

Hi!

The RSOE version are all in 16 (because if there is in different versions they do not "talk" with each other... jejeje ). Also I have tested with RS version 12.x.x... and nothing.... seriously this error is driving me crazy ...

The only thing I have noticed is when  I check the rsoe.config for Afaria's RSOE the https=1 value is not there after -cr command... so.... I think even if it is configured at the AdminUI to work https, because we saw it (remember the screenshot?)... at the config file is not shown... I tried to change it, but I think that value is taken from the database and only takes the parameter of the Relay Server settings from AdminUI. So that means, its behaves as if works with HTTP, when we configure it to work with HTTPS.

After seeing this, and only for testing purpose, I have configured the RSOE to work over HTTP and guess what?, the Relay's log register the connection engaging process between him and the Afaria's RSOE, as it does for the others. When the configuration is set to work HTTPS, the relay does not log whatsoever any connection engaging process between it and Afaria's RSOE, as it not consider the Afaria's RSOE up and running and I guess that is why the "overall availability" status for RS is partial as is shown on the page. However, after all this discovery and besides that might be a potential bug.... the client did not connect over HTTP and shows the same old error : The connection to server failed...... so I rolled back to the way I have started all my configurations with HTTPS

I dont know what else do I have to check & Is possible the https=1 missing on the rsoe.config file could be the problem? if yes... How can I solved?...

My Afaria is AFARIA 7 SP4 Hotfix8... The lastest version available. Please help...

BR,

Mariana

Hi

It's finally working. There is an issue when you set the Afaria Server RSOE with start with the Afaria server check when it's configured with HTTPS. I had to set this RSOE as a Windows service as there are set the others (PS, ENROLL and CA) and start it separated from the server and the enroll finally Works (attached screen). After this the relay server availability status became "Full".

Thank you for all your help!!!!! ...

Best Regards,

Mariana

Super!

I've also noticed that you have a CA and PS RSOE.

Since SP2 of Afaria 7.0 the Afaria server is handling CA traffic as a proxy and you don't need to expose the CA directly anymore.

Also the PS RSOE can share the same RSOE as the ENROLL (since they point to the same backend port and server)

BR

Peter