Issue with enrolling iOS 14.2 Device

Issue with enrolling iOS 14.2 Device

Hello, I created an agent for enrolling an iOS device and I'm able to complete the first step when I go to the add device URL. But when I try to install the profile I keep getting a message that the profile installation failed and underneath it says the server certificate is invalid? 

3 Answers

Order By:   Standard | Newest | Votes
Raymond Chan | posted this 21 January 2021

I don't exactly know what you meant by creating your agent for enrolling iOS device.  

 

Regarding problem related to certificate, could you please provide more details:

 

1. Is your MobiControl server on-premises or cloud-based?

 

2. What are the version and build numbers of your MobiControl server?  Was it upgraded from earlier version(s)? If so, which version(s?

 

3. What are the bit length of the key and algorithm used for your MobiControl root certificate? 

 

4. Have you bought an SSL certificate from a reputable CA vendor for the Deployment Server Extension/web-console services? If so, what are the bit-length of the key and algorithm used?

 

5. Do you have other iOS devices with different firmware version enrolled on the same server?  If so, do they have similar problem as for the iOS 14.2 devices?

 

  • 0
  • 0
Ben Schinkel | posted this 21 January 2021

Under the "Apple" tab I clicked on Create Add Devices Rule and then went through the prompts. Afterwards it gave me a URL to enroll the device. That's where I'm getting the error. 

1. On prem

2. 15.0.2.1049. Was upgraded from a previous version but not sure which version (maybe 12). We put 15 on a new server when we did the update. 

3. I'm not sure how to find that information. 

4. Again, not sure. We use MobiControl on various other Android devices and have no issues with certificates. 

5. This is the first iOS device we are trying to enroll. 

  • 0
  • 0
Raymond Chan | posted this 22 January 2021

For (3), you can run MCadmin utility on your MobiControl server, go the to Certificates tab, click on the MobiControl root certificate entry at the top and check the details.

 

From your answer for (2), your previous version is unlikely to be v14.x.  Unless extra work has been properly done during the MobiControl server upgrade,  your Mobicontrol root certificate is likely to ba a length-1024-bit SHA1 root certificate.  Did your company perform the upgrade yourselves, or hire Soti professional services team or 3rd party MobiControl expert to perform the upgrade?

 

For (4), you can check the details  (vendor, key length & algorithm, common-name, etc.) of the certificate bind to Deployment Service Extension/Web-Console services in the certificate tab of MCadmin.  Your Device Management Address configured in MCadmin should also be an FQDN bought from a domain name vendor rather than a public IP address.  If you are using IP address, you likely is using a self-signed SSL certificate.  Please check and confirm.

 

Over the years, Apple has been gradually tightened up certificate requirements on MDM server implementations to ensure that their devices are managed by secure enough 3-rd party MDM solutions   The requirements are much looser for legacy Android/Android+ platform, though the more recent Android-Enterprise platform standardized by Google is also demanding higher security.  As this is the first time you enroll iOS device, and the device is running latest iOS v14.x, it's no surprise you encounter new challenges not seen for your legacy Android devices.

 

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback