cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IPH6018: Incompatible Enrollment Code - for Android Enrollment

Former Member

on ‎02-25-2016 10:43 AM

0 Kudos

Hi

We have a strange problem at one customer... if we try to enroll a Android Device the enrollment fails. In the Afaria LOG we see the following Message:

We also see this Message (and are unable to enroll a android device) if we try to use the Google Short Code for enrollment.

We have checked the SSL Certificat of Relay Server and this is OK... Also we are able to enroll iOS and Windows Phone Devices on the same server... does anyone have an Idea how we can solve this problem?

Regards

Gianni

PS: We have a Afaria 7 SP9 installation.....

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎02-26-2016 8:04 AM
0 Kudos

Hi Mandy

OK, today we have make some tests without the SSL Cert. And over HTTP we are able to enroll Android Devices...

Then we have search the different between our installation and the installation from customer... (we have both a SLL Cert from the same Vendor)....

The only different that we have found

Our certificat is newer and comes with a SHA-256 encryption. On customers side, they have a Old certificate with SHA-1 encryption... can it be possible, that Android devices have problem with SHA1?

Regards

Gianni

Show replies
Show replies
Former Member
‎02-26-2016 3:53 PM
0 Kudos

Hi Gianni,

I’m not finding anything that suggests that Android does not support connecting via SSL to a server using a SHA-1 SSL certificate. It could be, however, that even though both of your SSL certs are from the same vendor, they may have different root and intermediate CA certificates. The device may not have the root and intermediate certificates auto-installed for the customer’s certificate, and so it may not trust the SSL certificate being presented by the customer’s Relay Server.

To test, open the customer’s SSL certificate on a computer > Click the Certification Path tab > Double click on the root certificate > Navigate to the Details tab of the cert > Look at the thumbprint. Do this same process for the intermediate certificate(s) in the certification path as well. Compare these thumbprints to the root and intermediate certificates for your SHA-256 certification path. If there is a difference, between your and the customer’s root or intermediate certs, then manually install the customer’s root and intermediate certs on the Android device (in the Trusted Root store). Then attempt to connect to the server via HTTPS.

Best,

Mandy

Former Member
‎02-26-2016 3:56 AM
0 Kudos

Hi Mandy

Thanks for your answer... i will test this with customer today and provide the results asap...

Regards

Gianni

Show replies
Show replies
Former Member
‎02-25-2016 11:20 AM
0 Kudos

Dear Gianni,

Please take a look at this SCN doc Android Troubleshooting Guide (Enrollment) - SAP Mobility - SCN Wiki and the support notes http://service.sap.com/sap/support/notes/2181372


This may help you to resolve the issue.


Kind Regards,

Sushmitha

Show replies
Show replies
Former Member
‎02-25-2016 11:54 AM
0 Kudos

Hi Sushmitha

Thanks for your answer.. i have found this KB too... we have checked your certificate and this is OK...

Any other ideas?

Regards

Gianni

tracy_barkley
Employee
Employee
‎02-25-2016 1:54 PM
0 Kudos

Gianni,

Are you using the same enrollment code from the iOS enrollment policy?  That code looks like it is intended for another device type?  Can we just confirm that the policy the code is coming from is strictly an android enrollment policy? 

Tracy

Former Member
‎02-25-2016 2:46 PM
0 Kudos

Hi Tracy

No, we use differten code for Android and iOS... and the code that we using is definitely from a Android Enrollment Policy 🙂

Regards

Gianni

tracy_barkley
Employee
Employee
‎02-25-2016 3:46 PM
0 Kudos

Gianni,

I figured it was, but I had to ask.  I would try deleting the code and generating a new one and see if that clears the issue.  If that doesn't work or has already been tried I would make sure the url being passed (appears in the enrollment policy)  has the correct format for androids.  It should end in a -10.

Tracy

Former Member
‎02-25-2016 4:17 PM
0 Kudos

Tracy

Unfortunately we have all already tried. And the Link behinde the code also looks good...

Regards

Gianni

Former Member
‎02-25-2016 6:47 PM
0 Kudos

Hi Gianni,


A couple of things here—

  1. Please check http://service.sap.com/sap/support/notes/2212527
    Is your short enrollment code in this form—"gJE6KQy"—or this one—"ghttps://goo.gl/JE6KQy"?
  2. As a test, please disable HTTPS on the enrollment server (Afaria Admin > Server > Configuration > Component > Enrollment Server > Uncheck “enable HTTPS”). Additionally, on your Device Communications page, make the Server Address at the bottom use HTTP rather than HTTPS if it currently specifies HTTPS. If you changed the Device Communications page in the previous step, then you’ll need to edit your Android enrollment policy > General > Click the “Reset to Default” link. Then attempt to enroll the Android device. Depending on the results, this will help us identify whether or not there happens to be an issue with how Android is handling SSL communications with your Relay Server.
  3. What is the behavior on the device-side when this error is generated in the server log? Do you receive a corresponding error in the Afaria client when you attempt to enroll?


Thanks,

Mandy Spivey
SAP Product Support

Ask a Question