on 01-29-2015 8:38 AM
Hi,
After hard processes I achive to enroll and load profile on my iOS device.
After enroll and load profile, I see a popup on Afaria screen "Unable to connect"
Maybe thats why, I cant install enterprise apps.
Cant see the problem on forum.
have u an idea?
In IPCU logs I see some warning about that. Here is log:
########################################################################################################
Jan 29 09:45:35 ferudunatakan-iPadi Afaria[2155] <Warning>: [HomeViewController doGeneralRefresh:]
Jan 29 09:45:35 ferudunatakan-iPadi Afaria[2155] <Warning>: doAppListRefresh
Jan 29 09:45:35 ferudunatakan-iPadi Afaria[2155] <Warning>: doAppListRefreshNoPurge
Jan 29 09:45:35 ferudunatakan-iPadi Afaria[2155] <Warning>: UIDevice.getUDID > b36808e63660495c3c93c6fd55ac4f22e21bc666
Jan 29 09:45:35 ferudunatakan-iPadi Afaria[2155] <Warning>: AppListViewControllerProtocol protocol -> resetImageDownloads
Jan 29 09:45:36 ferudunatakan-iPadi Afaria[2155] <Warning>: UIDevice.getUDID > b36808e63660495c3c93c6fd55ac4f22e21bc666
Jan 29 09:45:36 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate.updateAppListRefreshTime: (null)]
Jan 29 09:45:36 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate.updateAppListRefreshTime: 2015-01-29 07:45:36 +0000]
Jan 29 09:45:36 ferudunatakan-iPadi Afaria[2155] <Warning>: doAppListRefreshNoPurge: main thread - calling loadAppList
Jan 29 09:45:36 ferudunatakan-iPadi Afaria[2155] <Warning>: UIDevice.getUDID > b36808e63660495c3c93c6fd55ac4f22e21bc666
Jan 29 09:45:36 ferudunatakan-iPadi Afaria[2155] <Warning>: AppListViewControllerProtocol protocol -> appListLoadStarted
Jan 29 09:45:36 ferudunatakan-iPadi Afaria[2155] <Warning>: loadAppListForServer:"https://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/ps-afaria/ps/ps.svc" "https://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/ps-afaria/ps2/ps.svc" client:b36808e63660495c3c93c6fd55ac4f22e21bc666
Jan 29 09:45:36 ferudunatakan-iPadi Afaria[2155] <Warning>: - url = "https://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/ps-afaria/ps/ps.svc/packages/b36..."
Jan 29 09:45:36 ferudunatakan-iPadi Afaria[2155] <Warning>: [UserIdentityCert.prepareToUseCertAuthentication] user identity cert. invalid CN: (null).
Jan 29 09:45:36 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate netUser:0x2 busy:1]
Jan 29 09:45:38 ferudunatakan-iPadi CommCenter[43] <Notice>: com.apple.CommCenter.Prox - Declared system activity to prevent sleep
Jan 29 09:45:38 ferudunatakan-iPadi Afaria[2155] <Warning>: CFNetwork SSLHandshake failed (-9800)
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: CFNetwork SSLHandshake failed (-9800)
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: CFNetwork SSLHandshake failed (-9800)
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9800)
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: connection:didFailWithError:
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate netUser:0x2 busy:0]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: Connection failed: Error - An SSL error has occurred and a secure connection to the server cannot be made. https://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/ps-afaria/ps/ps.svc/packages/b36...
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: doRequestConnect:
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: Reachability Flag Status: WR t----l- networkStatusForFlags
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [[[AfariaAppDelegate doRequestConnect: doConnect]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AipsController doConnect:]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate.isClientDisabled 0]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate.isClientDisabled 0]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AipsController.doConnect - resetenrollment_preference NO]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AipsController cancelPost]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: Posting inventory
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AipsController setStatusLine:"Verifying device status..."]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate netUser:0x1 busy:0]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate netUser:0x1 busy:1]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: UIDevice.getUDID > b36808e63660495c3c93c6fd55ac4f22e21bc666
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [KeychainWrapper init]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [KeychainWrapper dealloc]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: postToURL:"http://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/es-afaria/aips/aipService.svc/Cli..."
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [UserIdentityCert.prepareToUseCertAuthentication] user identity cert. invalid CN: (null).
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [KeychainWrapper init]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [KeychainWrapper dealloc]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: UIDevice.getUDID > b36808e63660495c3c93c6fd55ac4f22e21bc666
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [KeychainWrapper init]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [KeychainWrapper dealloc]
Jan 29 09:45:39ferudunatakan-iPadi Afaria[2155] <Warning>: startPost
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: AppListViewControllerProtocol protocol -> appListDidFailToLoad
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: doSearch
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate issueAppListDidFailToLoadAlert]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [DataSender connection:didReceiveResponse:]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: httpResponse.allHeaderField Dictionary: {
"Cache-Control" = private;
"Content-Length" = 361;
"Content-Type" = "text/xml";
Date = "Thu, 29 Jan 2015 07:45:16 GMT";
Server = "Microsoft-IIS/7.5, Microsoft-IIS/7.5";
"X-AspNet-Version" = "4.0.30319";
"X-Powered-By" = "ASP.NET, ASP.NET";
}
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: connection:didReceiveResponse: http 200
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [DataSender connection:didReceiveData:]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [DataSender connectionDidFinishLoading:]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: HTTP code: 200, Received 361 bytes of data
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AipsController updateLastConnection]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AipsController setStatusLine:"Verification complete"]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate netUser:0x1 busy:0]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [DataSender processResponse]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [KeychainWrapper init]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didStartElement:root
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didStartElement:ClientSeedInfo
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didStartElement:PackageServerAddress
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didEndElement:PackageServerAddress
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didStartElement:PackageServerVirtDir
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didEndElement:PackageServerVirtDir
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didStartElement:PackageServerAuthVirtDir
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didEndElement:PackageServerAuthVirtDir
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didStartElement:DeviceUDID
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didEndElement:DeviceUDID
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didEndElement:ClientSeedInfo
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didStartElement:TEMSettings
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didEndElement:TEMSettings
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: parser:didEndElement:root
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: didParsePackageServerAddress:"https://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/ps-afaria" virtDir:"ps" authVirtDir:"ps2" UDID:"b36808e63660495c3c93c6fd55ac4f22e21bc666" WiFiMAC:"(null)"
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: [KeychainWrapper dealloc]
Jan 29 09:45:39 ferudunatakan-iPadi Afaria[2155] <Warning>: >>> UIDevice.setUDID > b36808e63660495c3c93c6fd55ac4f22e21bc666 initial value.<<<
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: [HomeViewController doInitialRefresh:]
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: doAppListRefresh
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: doAppListRefreshNoPurge
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: UIDevice.getUDID > b36808e63660495c3c93c6fd55ac4f22e21bc666
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>:NitroDesk URL = http://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/es-afaria/aips/aipService.svc/Get...
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate netUser:0x10 busy:0]
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate netUser:0x1000 busy:1]
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: handlePackageServerInfo:
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: handlePackageServerInfo: address="https://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/ps-afaria" virtDir="ps" authVirtDir="ps2"
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: seedPS: ConnectionParams server="ars.yasar.com.tr" port="5007" protocol="https" farmID="ps-afaria" urlPrefix="/ias_relay_server/client/rs_client.dll/%cid%" virtualDirectory="ps" authVirtualDirectory="ps2"
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: NitroDesk didRecieveData
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: NitroDeskDownloader.connectionDidFinishLoading start.
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate netUser:0x1000 busy:0]
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: nitro desk xml <NitroDesk>
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: NitroDeskXML didStartDocument
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: NitroDeskXML didStartElement: NitroDesk
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: NitroDesk XMLParser error: The operation couldnt be completed. (NSXMLParserErrorDomain error 5.)
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: Failed to parser NitroDeskXML
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: [AipsController NitroDeskDidFailToLoad]
Jan 29 09:45:40 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate issueAppListDidFailToLoadAlert2]
Jan 29 09:45:44 ferudunatakan-iPadi Afaria[2155] <Warning>: [AfariaAppDelegate alertView:<AFAlertWrapper: 0x14e186c0; baseClass = UIAlertView; frame = (0 0; 0 0); opaque = NO; layer = <CALayer: 0x14e1d730>> didDismissWithButtonIndex:0]
Jan 29 09:45:44 ferudunatakan-iPadi Afaria[2155] <Warning>: appListDidFailToLoadAlert dismissed with button 0
Jan 29 09:45:53 ferudunatakan-iPadi CommCenter[43] <Notice>: com.apple.CommCenter.Prox - system activity completed
Which address you get internal server error?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I remove port 5007 binding on Afaria servers.
I remove port 80 binding on Relay servers.
All RSOE's are up.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
By the way I remove port 80 from binding on Relay Servers' IIS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Perfect. Now can Enroll and load profile.
On device Settings I can see:
Package server : ars.yasar.com.tr and port 443
Enrollment Server: ars.yasar.com.tr and port 443
But
Still Cant deploy Enterprise App and send message even I have custom signed APNS cert
I get IPH3011: İOS[12025] , IPH3011 : iOS[12024] and IPH6021 errors and Afaria Client shows popup : Unable to Connect.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
How can I get and help to observe ym sistem completely? Should I open a ticket?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Tevfik,
You certainly can open an incident with support. That will allow support to connect to you and your system, if you have set up the Citrix go to assist. I would recommend getting this set up prior to opening the incident. Http://service.sap.com/sap/support/notes/2026090 is the article to follow to set this up.
Tracy
I dont know what happen, But now cant enroll device!
Really strange. I really ned a clear describe document about certificate, SSL and Afaria things.
I am Security admin specially firewall. But this afaria things make me feel like inadequate.
I always write here again and again. Realy tiring.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Tevfik,
Afaria can be complex to set up. Have you read the actual Afaria setup documents? Generally between those and using the support.sap.com website, most common situations can be resolved.
The setup documents are here. SAP Afaria 7 SP5 On Premise – SAP Help Portal Page
Now as for enrollment, if it was all working and just stopped, check your relay logs to see if anything has stopped and needs to be restarted. Beyond that check your services for Afaria.
As for the certificates, basically what we have here is the SSL cert to secure communications. This is not the signing cert, the APNS cert etc. This is the certificate that basically tells the client it is okay to talk to Afaria.
As I recall you have a public certificate for this. You will need to make sure that has been installed into the relay server.
In IIS you need to open up the default web site. Click on ias_relay_server. Is the port listed under the browse application on the right side 443? Then click back on default web site. Is the port there the same? Click bindings on the right side. Select HTTPS. There is an SSL certificate at the bottom. You can view it here. It will show when it expires and the name of the cert. If you do not have an https under here, hit add, set the port, and then bind the SSL cert you are using to sign the connection.
Please let me know if you have any questions.
I can bind my signed wildcard certificate for port 443.
And my certificate expires 3/31/2015
but my relay server address is https://ars.yasar.com.tr:5007
i use 5007 for http.
Is this problem?
Tevfik,
It is fine to use 443 for HTTPS. The issue is that you have the 5007 Http port in the address for the HTTPS connection. Can you send me a screenshot of the server > configuration > component > package server page please? I can get your relay to show me status on Relay Server Status. It is partial by the way. One of your OEs isn't currently up. However I do get an error trying to get your package servers to respond. It is because you have two HTTP defined in IIS. On both relay servers, remove the HTTP with port 80. If you are going to use 5007, you will only want the one defined.
Tracy
And it might help if I linked the HTTPS response from the relay.. Relay Server Status
Here is package server screenshot
And when I try with port 443
https://ars.yasar.com.tr:443/ias_relay_server/client/rs_client.dll/
I see Patrial, then Full
But if I try https and port 5007, SSL error
Tevfik,
AFARIARELAYPNB is the one showing partial. Your other one is full and good. Check the logs on that one.
So first, in IIS in those bindings remove that second HTTP set to 80 and iis reset.
this will fix the error you get when trying to hit the package server from the outside.
https://ars.yasar.com.tr/ias_relay_server/client/rs_client.dll/ps-afaria/ps/ps.svc/help
On the page we screenshotted, (server>configuration> component> packages sever. Just change the server address to ars.yasar.com.tr
No port needed since you are using the default 443 for HTTPS. Then reenroll the device and make sure the address the device displays is https://ars.yasar.com.tr/ ...
where I have to look at? Relay or Afaria server to check certificates?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Tevfik,
This would be on the Relay server. Check the Certificate store and ensure your SSL cert that is bound to the IIS virtual directory for your relay (ias_relay_server) is not expired. Also in the IIS, make sure it is attached to the website itself and is on your HTTPS port.
As Andreas mentioned you cannot browse to https://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/ but you can to http://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/
This means it is just an SSL issue out on the relay.
Hello,
i tried to browse to https://ars.yasar.com.tr:5007/ias_relay_server/client/rs_client.dll/ which should show your Relay Server Overview, but i got ssl_error_rx_record_too_long.
So it seems you have a Problem with either your root certificate or the ssl binding at your relay server.
The common problem is your ssl certifcate has expired.
Regards
Andreas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.