My iOS Devices are Unable to Check-In to MobiControl
The following occurs when iOS devices are unable to check-in to MobiControl:
- The devices which are unable to check-in to MobiControl should have a large list of installed applications. If the devices that cannot check-in have more than 20 installed applications, then this is most likely the issue described in this article. Move on to next step for further analysis.
- Confirm that the devices that can check-in have a small number of installed applications. This should be lower than 20 applications on the device. If this is confirmed, move on to the next step.
- Try disabling Client certificate validation temporarily by setting Authmode to 999. This setting should only be set temporarilyto confirm if some of the effected devices can now successfully check-in. Once its confirmed that effected devices can now check-in, it can now be concluded that it is the known issue described below. You should revert back the Authmode setting to 0 to enable Client Certificate validation again and follow the solution described below.
- All SOTI MobiControl versions
By default, MobiControl requires client devices to present a valid certificate for authentication before authorizing such devices to check-in. Under certain conditions, the client certificate validation process might start failing and below is an explanation of the underlying root cause and a system configuration change that mitigates this issue:
During iOS device check-in, MobiControl and iOS devices exchange a sequence of messages to first establish the identify of the device, and then share data between one another. In circumstances where an iOS device has a large list of installed applications it is possible that the communication framework that handles the device connection fails to read the complete message and the remaining authentication requests made to the device is lost. This results in the interruption of the iOS device check-in and the temporary failure to communicate with this device.
Due to the known issue in the WCF framework that cannot read beyond a certain size of the HTTP request, a configuration change can be applied on the server to increase the maximum HTTP request size supported by WCF. This configuration change makes sure that the server has enough allocated buffer size to read the entire message that comes from the device to finish the handshake protocol and request a client certificate from the device. Below are the steps to increase this buffer size to SOTI recommended 130Kb.
These steps have been tested in by our internal QA to make sure there is no performance impact on the customers environment.
- Open Registry Editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
- Create new registry; Right click on Parameters and select NEW - > DWORD
- Name: MaxRequestBytes; Value; 00020000 (this value is in hexadecimal)
- Reboot the server