on 06-15-2015 9:25 AM
Hi,
I try to enroll iOS device,but it shoots the error Incompatible Enrollment Server.Please contact your administrator.When I activate SSL in the device communication page it says No SSL certificate is associated with this server.SSl and HTTPS cannot be enabled.
I got the SSL certificate signed by GoDaddy and bind with the dns name afaria.mobolutions.com in the IIS ..but still I am not able to activate the SSL .If I replace the IP with https://afaria.mobolutions.com/Afaria/Default.aspx it works fine.
Please help
Thanks and regards
Karthik
Karthik,
iOS never speaks to the Afaria Server directly. As such SSL does not need to be turned on in the device comminucation page for this type of device type. The SSL certificate in device communication has nothing to do with the one bound in IIS. You need to also import it into Afaria to do SSL for Windows Phone/Androids and to allow HTTPS to be enabled there. However I think this is not the issue you are facing. The certificate name must match the address of the server you are attempting to reach. IIS logs will assist from the enrollment server since this is iOS.
The only error I have ever seen with incompatible enrollment server occurs when you are using older code and iOS 7 and a newer client. Please make sure you are on Service Pack 4 or 5 or if an older version you will need the patch for iOS7 and greater. Please see http://service.sap.com/sap/support/notes/1905755
Tracy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Karthik,
Glad to hear we have cleared that. This new one is most likely when trying to attempt to reach the CA. Please look at http://service.sap.com/sap/support/notes/1974028.
Let me know if this helps. If not we will need the time/date of the attempt and the IIS log from the enrollment server.
Tracy
Hi Tracy,
.As per the SAP note,
ans:I have unchecked Use HTTPS on Relay Server connections as I am going without Relay server
Ans:Should we use only Self signed certificate of CA server or can we use GoDaddy certificate.I am not sure I am asking the right question to you.I was advised to go for GoDaddy or third partySSL as Self signed CA wont work properly..Should we have third party SSL for Afaria or self signed certificate
Thanks
Karthik
Karthik,
A portion of the iOS enrollment does use HTTPS. This is an Apple requirement. However that does not mean that the enrollment server piece needs to be https. A godaddy certificate should be fine, this just normally comes up when customers are using Self Signed or a relay. I presume you have installed the certificate into the store on the Enrollment Server machine?
Go into to your enrollment server install folders in the aips\bin folder and run ServerScepTest.exe. On the provisioning server tab, select perform test. Make sure you can receive a cer file back.
Tracy
When i open the utility it says Package server and Provsioning server not installed.
As per SAP note http://service-notes.com/2010115.htm
Ensured I input correct IP's of package server and Enrollment server .Android devices works fine in the same environment,I am not sure if it makes any sense
I have also added the GoDaddy ssl certificates in the certificate Trusted Root Certificate authority of the enrollment server.PFA screenshot of the certificate store
Tracy,
I tried unchecking SCEP also...I will upgade Afaria to SP5 and check if its wokring
Do we have any checklist for iOS enrollment.So I can check if I have done everything correctly.Configuration document will help me if its available.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Karthik,
The update sounds like a good next step. The documentation is here. http://help.sap.com/afaria7sp5/ I recommend the configuring Afaria portion for this but the others may nelp you as well.
Tracy
Hello Karthik,
Thank you for reaching out to SAP Community Network.
Could you please check the server logs for any error messages recorded at this time? If yes, please let us know the message log error details. It would be much more easier to investigate the issue further. Attach the logs if possible.
Kind Regards,
Sushmitha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.