SSL handshake failed

SSL handshake failed

Hello,

 I am getting SSL handshake failures in my fleet of TC70 and TC70X devices, but all the certificates appear to be valid on both the server (14.2) and devices (TC70 5.1.1 and TC70X 7.1.2). How can I go about troubleshooting?

Thank you

14 Answers

Order By:   Standard | Newest | Votes
Raymond Chan | posted this 03 June 2020

What Android firmware version(s) is/are your devices running?

Did you recently make any change(s) to your certificate tab settings in MCadmin? Or any server upgrade done recently?

 

  • 0
  • 0
Zachary Taylor - Tech Support Engineer II | posted this 03 June 2020

TC70 runs 5.1.1, TC70X runs 7.1.2.

Mobicontrol Version is 14.2.2.1170

There was an upgrade a few months ago I believe. From 12.x to 14.2. The SQLExpress database was problematic when trying to upgrade from 2008 to 2012. We rolled back to the snapshot prior to attempting the database upgrade and have faced these problems since.

  • 0
  • 0
JVMOD@SOTI | posted this 03 June 2020

Hello Zachary Taylor,

 

Thank you for your post, are you using IP addresses in Deployment Server section in MCAdmin? if yes, please check in the certificate if that IP addresses are mentioned.

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Zachary Taylor - Tech Support Engineer II | posted this 03 June 2020

Thanks to both of you for your assistance. We do not use an IP, but the FQDN

  • 0
  • 0
JVMOD@SOTI | posted this 03 June 2020

Hello Zachary,

 

Thank you for your response, are you trying to enroll your device as Android Plus? and also can you enter enrollment URL instead of Enrollment ID while enrolling the device? let me know if you still facing same issue.

 

Please factory wipe the device using below bar-code before trying to enroll the device -

https://www.mobilitysolutions.cz/files/Android_FactoryDefault_wSD.pdf

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Zachary Taylor - Tech Support Engineer II | posted this 03 June 2020

This is not during enrollment, it affects all of our devices which are already enrolled. They are enrolled as Device Administrators. I am not on-site to try and factory re-set and re-enroll at this time, but can do so as soon as possible.

  • 0
  • 0
JVMOD@SOTI | posted this 03 June 2020

Hello Zachary,

 

Thank you for your response, is it possible for you to attach the screenshot of the error message?

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Zachary Taylor - Tech Support Engineer II | posted this 03 June 2020

 

This is the error message we see.Thank you

  • 0
  • 0
DDMOD@SOTI | posted this 03 June 2020

Hi Zachary,

 

Did your device upgrade to Android 10 by any chance?

If so, these devices has a SHA256 requirement and right now they're utilizing SHA1.

 

Regards,

Technical Support | SOTI Inc. |+1-888-494-SOTI (7684) | support@soti.net | www.soti.net |

  • 0
  • 0
Zachary Taylor - Tech Support Engineer II | posted this 03 June 2020

No sir, they do not auto-update, nor have we pushed that update out

  • 0
  • 0
DDMOD@SOTI | posted this 03 June 2020

Zachary,

 

This needs further troubleshooting to resolve the issue. 

Can you please raise a support case(click here) or call SOTI Support team(click here) to assist you better?

 

Regards,

Technical Support | SOTI Inc. |+1-888-494-SOTI (7684) | support@soti.net | www.soti.net |

  • 0
  • 0
Raymond Chan | posted this 04 June 2020

Hi Zachary,

 

 

 

Do your problematic devices get fully or partially out-of-control? Or do all policies get deployed and are functional and the only problem is occasional op-up of the "SSL handshake failed" error?

 

Are there problems for ALL your TC70/TC70X devices? Or just for SOME devices? 

 

Are all problematic devices running the same device agent (i.e. same version and build numbers)?

 

As you mentioned you started to have the reported problems since the server/SQL upgrade done a few months ago, it is highly likely that some of the upgrade steps were not done properly.  For example, maybe the problematic devices did not get the right certificate, or your server/infrastructure have not been properly configured.  Did you perform the upgrade yourself?  The steps taken in your upgrade may provide some useful clue on what might have gone wrong.

 

 

  • 0
  • 0
Zachary Taylor - Tech Support Engineer II | posted this 18 June 2020

Thanks for all the assistance everyone. It is about time for us to refresh our fleet anyway. We have created a new server and will wipe/update/ and re-enroll our fleet. This has already proven to fix the SSL problem.

 

Thank you

  • 0
  • 0
DDMOD@SOTI | posted this 19 June 2020

That's great Zachary. 

If this post has helped you in solving your inquiry, I would request you to mark the particular comment as "is solution", so others may benefit from this information.

 

Regards,

Technical Support | SOTI Inc. |+1-888-494-SOTI (7684) | support@soti.net | www.soti.net |

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback