cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Incompatible Enrollment Server.Please contact your administrator

Go to solution
Former Member

on ‎06-15-2015 9:25 AM

0 Kudos

Hi,

I try to enroll iOS device,but it shoots  the error Incompatible Enrollment Server.Please contact your administrator.When I activate SSL  in the device communication page it says No SSL certificate is associated with this server.SSl and HTTPS cannot be enabled.

I got the SSL certificate signed by GoDaddy and bind with the dns name afaria.mobolutions.com in the IIS ..but still I am not able to activate the SSL .If I replace the IP with https://afaria.mobolutions.com/Afaria/Default.aspx it works fine.

Please help

Thanks and regards

Karthik

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

tracy_barkley
Employee
Employee
‎06-15-2015 12:34 PM
0 Kudos

Karthik,

iOS never speaks to the Afaria Server directly.  As such SSL does not need to be turned on in the device comminucation page for this type of device type.   The SSL certificate in device communication has nothing to do with the one bound in IIS.  You need to also import it into Afaria to do SSL for Windows Phone/Androids and to allow HTTPS to be enabled there.  However I think this is not the issue you are facing.    The certificate name must match the address of the server you are attempting to reach.  IIS logs will assist from the enrollment server since this is iOS. 

The only error I have ever seen with incompatible enrollment server occurs when you are using older code and iOS 7 and a newer client.   Please make sure you are on Service Pack 4 or 5 or if an older version you will need the patch for iOS7 and greater.  Please see http://service.sap.com/sap/support/notes/1905755

Tracy

Show replies
Show replies
Former Member
‎06-15-2015 1:17 PM
0 Kudos

Hi Tracy,

Thanks for the Reply

Environent: Afaria 7 Service Pack 3 Hot Fix 7 (applied after ur advice)

iOS 8

No Relay server.But ports open

After applying the hot-fix now it says Enrollment is incomplete.Refresh to try again .Device not getting enrolled.

tracy_barkley
Employee
Employee
‎06-15-2015 2:10 PM
0 Kudos

Karthik,

Glad to hear we have cleared that.  This new one is most likely when trying to attempt to reach the CA.  Please look at http://service.sap.com/sap/support/notes/1974028
Let me know if this helps.  If not we will need the time/date of the attempt and the IIS log from the enrollment server.

Tracy

Former Member
‎06-16-2015 7:55 AM
0 Kudos

Hi Tracy,



  1. Use HTTPS connection  is mandatory for iOS device enrollment?

.As per the SAP note,

  • Either install the self-signed SSL Root Certificate onto the iOS device prior to the enrollment process or disable the "Use HTTPS on Relay Server connections" option.

ans:I have unchecked Use HTTPS on Relay Server connections  as I am going without Relay server

  • The self-signed SSL Root Certificate must be imported into the trusted root certificate store of the machine on which the iPhone enrollment server is installed, so that it can be sent to the device during the enrollment process.

Ans:Should we use only Self signed certificate of CA server or can we  use GoDaddy certificate.I am not sure I am asking the right question to you.I was advised to go for GoDaddy or third partySSL   as Self signed CA wont work properly..Should we have third party SSL  for Afaria or self signed certificate

Thanks

Karthik

tracy_barkley
Employee
Employee
‎06-16-2015 12:13 PM
0 Kudos

Karthik,

A portion of the iOS enrollment does use HTTPS.  This is an Apple requirement. However that does not mean that the enrollment server piece needs to be https.   A godaddy certificate should be fine, this just normally comes up when customers are using Self Signed or a relay.  I presume you have installed the certificate into the store on the Enrollment Server machine?

Go into to your enrollment server install folders in the aips\bin folder and run ServerScepTest.exe.  On the provisioning server tab, select perform test.  Make sure you can receive a cer file back.

Tracy

Former Member
‎06-16-2015 1:04 PM
0 Kudos

When i open the utility it says Package server and Provsioning server not installed.


As per SAP note http://service-notes.com/2010115.htm


Ensured I input correct IP's  of package server and Enrollment server  .Android devices works fine in the same environment,I am not sure if it makes any sense

I have also added the GoDaddy  ssl certificates in the certificate Trusted Root Certificate authority of the enrollment server.PFA screenshot of the certificate store

tracy_barkley
Employee
Employee
‎06-16-2015 1:13 PM
0 Kudos

Karthik,

In that case go to server, configuration, server and then click on certificate authority.  Android does not require one, but the iOS does.  Do you have one defined here?

Tracy

Former Member
‎06-16-2015 2:08 PM
0 Kudos

Tracy

Yes....But just enabled SCEP challenge..ran the connection test..It says Passed..Still not able to run the scep test...Attached  screenshot  of the same

tracy_barkley
Employee
Employee
‎06-17-2015 12:26 PM
0 Kudos

Karthik,

The server scep test utility is more or less what the test button is there.  It sounds like something is misbehaving somehow, but you are on a very old version of code so it is difficult to tell.  Try unchecking the Scep challenge portion here, and re-enroll.

Tracy

Answers (2)

Answers (2)

Former Member
‎06-19-2015 5:39 AM
0 Kudos

Tracy,

I tried unchecking SCEP also...I  will upgade Afaria to SP5  and check if its wokring

Do we have any checklist for iOS enrollment.So I can check if I have done everything correctly.Configuration document will help me if its available.

Show replies
Show replies
tracy_barkley
Employee
Employee
‎06-19-2015 12:01 PM
0 Kudos

Karthik,

The update sounds like a good next step.  The documentation is here.  http://help.sap.com/afaria7sp5/   I recommend  the configuring Afaria portion for this but the others may nelp you as well.

Tracy

Former Member
‎06-15-2015 11:25 AM
0 Kudos

Hello Karthik,

Thank you for reaching out to SAP Community Network.

Could you please check the server logs for any error messages recorded at this time? If yes, please let us know the message log error details. It would be much more easier to investigate the issue further. Attach the logs if possible.

Kind Regards,

Sushmitha


Show replies
Show replies
Former Member
‎06-15-2015 12:12 PM
0 Kudos

Hi Sushmitha,

Its not showing any log entry.Should HTTPS be enabled for iOS devices...

Ask a Question