Fail enrôlement

Fail enrôlement

Hello everybody


I have a problem to enroll devices under android 10
I have a message that says "failed to connect to the server. SSL negotiation failed.

And i have one message on my server who said me this:

Can you help me please?

  • 29 October 2020
  • SOTI MobiControl
  • 10 Answers
  • 0 Upvote
  • 3 Followers
  • 1.7K Views
    • 10 Answers
    • 0 Upvote
    • 3 Followers

10 Answers

Order By:   Standard | Newest | Votes
Bhav | posted this 02 November 2020

"Your option is to obtain a 2nd Deployment Server License, that'll allow you to utilize WinCE & Android 10 in the same environment. I recommend contacting your Account Manager to go through your this and other options regarding this."

Just got off a discovery call with SOTI and this is exactly what we are doing.

  • 0
  • 0
JCMOD@SOTI | posted this 30 October 2020

Hi Shane,

 

At this point, if the DS/DSE/Client Root CA Certificate Bindings are SHA256 2048 Bits and the previously mentioned options have been actioned, then the next most effective step is to contact SOTI Support. You can either call Technical Support directly via https://www.soti.net/about/contact-us or email through support@soti.net or support.eu@soti.net (EMEA). We'll then provide more tailored assistance for this issue and get it resolved.

 

Please do let us know what the issue was once it is resolved. It may help other SOTI Central users in the future.

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
JCMOD@SOTI | posted this 30 October 2020

Hi Teddy,

 

Your option is to obtain a 2nd Deployment Server License, that'll allow you to utilize WinCE & Android 10 in the same environment. I recommend contacting your Account Manager to go through this and other options.

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Shane O Donovan | posted this 29 October 2020

Hi SOTI Team, 

 

We have SHA2 certificate and Android 10. We also tried everything you mentioned in last message and we are still getting the error. Please advise next steps. 
 
Regards, 
Shane
  • 0
  • 0
teddy | posted this 29 October 2020

Hello,

I confirm that it is indeed a problem of compatibility with the sha1 and android10 and unfortunately I also have windows CE terminals which are incompatible sha256 so i'm blocked.

For the MCAdmin error  press the "Apply" Button is not Fixing this Error Message.

I think this certificate error is related to the fact that I am not forced to stay in SHA1 because of windows CE.

  • 0
  • 0
JCMOD@SOTI | posted this 29 October 2020

Hi Shane,

 

The next step is to check your server protocols and ciphers. Ensure you have TLS 1.2 and a compatible cipher enabled. IISCrypto is a good tool to use. You can press Best Practices and then reboot the server and observe if you still have the issue or not. If you only use Android / Apple then it's safe to do so. If you have WinCE and Android 10, then there are extra steps involved (2nd DS) if you're not already SHA256.

 

To validate the certificates, you check DS/DSE & Client Root CA. Ensure they show as SHA256 and then you also check the key size is 2048 within MMC. In the scenario that you don't have a SHA256 Root CA for Android 10 devices. Then contact SOTI Support for assistance. The process involves generating a new root, then waiting for existing Android devices to check-in in order to learn it (for the trust chain), then switching the bindings. But the process becomes increasingly complex depending on the environment.

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Shane O Donovan | posted this 29 October 2020

Hi SOTI Team, 

 

I am also getting the error "failed to connect to the server. SSL handshake failed" and on version 15.2. Is this is a known bug/issue?

 

We have a SHA2 certificate installed in the Administration Utility and it is present in Personal certificate store yet we still cannot enroll devices. This is really putting us to a halt at the moment so any advice/guidance would be much appreciated. 

 

Regards, 

Shane

  • 0
  • 0
JCMOD@SOTI | posted this 29 October 2020

Hi Marcus,

 

If you have an external certificate within the "Certificates" section on MCAdmin, ensure it's present in MMC under the Personal Certificate store. Then re-open MCAdmin and it'll show as green. It's likely the cert is for the DSE.

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Marcus Breitenthaler | posted this 29 October 2020

Hi Soti Team,

i have the Same Error Message on the Test Server since the Upgrade to Version 15.

To Press the "Apply" Button is not Fixing this Error Message.

  • 0
  • 0
JCMOD@SOTI | posted this 29 October 2020

Hi Teddy,

 

Thank you for posting in SOTI Central.

 

This is likely due to the SHA1 Deprecation on Android 10. See this link for further instruction: https://discussions.soti.net/kb/android-10-sha-1-deprecation/.

 

Regarding the MCAdmin error, if you press Apply and then the error still occurs. It's related to a certificate that isn't a MobiControl issued certificate in your Certificates section, to redeem that error you need to ensure the certificate is in the MMC of the Personal Certificate store.

 

If this resolves your issue, please mark this post as the solution. Also, feel free to reach out if you have any further questions regarding this.

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback