Staging Samsung Devices

Staging Samsung Devices

Hi there,

 

we'll use devices from other manufacturers than Zebra too. So i got a Samsung A50 with Android 9.

 

We passed the Google-Settingsmanager with the minimum of settings to made (no Google account; we don't need it for now; no Wifi Settings etc.).

We installed the mobicontrol APK on the device and scanned the barcode from Mobicontrol Stage.

Then we get the error, that the wireless settings are not able to be set.

Mobicontrol got all permissions we're able to give in the App-Tab on device.

Mobicontrol is set as deviceadministration App too.

 

But no chance to get the wireless settings set.

Is there something we can do or must we set it manually everytime?

 

The device is asking for connection to ELM, do we really need this or is there a way to use it without ELM?

25 Answers

Order By:   Standard | Newest | Votes
Raymond Chan | posted this 20 February 2020

You seem to be enrolling your device to Android-Enterprise Work-Profile mode.  

I think MobiControl Stage Programmer (running on Android device) is primarily meant for provisioning device in Android-Enterprise Device-Owner mode using QR-code or NFC.  

 

Regarding Samsung ELM,  there is a need for the device to talk to the ELM server at least once during device enrollment.  After that, the device can stay in a closed corporate network without ever accessing the ELM server again.  

 

  • 0
  • 0
Rafael | posted this 20 February 2020

Hi Raymond, i think this is "normal" Android 9, not Enterprise because there's no possibility to change this.

I Found the App "Setting of Workprofile" but I can't find the App itself to start it. (Because of no Google Account!?)

As Active MDM API is shown: "Samsung MDM 5.7, Samsung KNOX 3.0 (6.3.0), RC1

So there's no "Work Managed Device" (show on our Zebras) or something other.

 

Additionally we have the problem to get connected to the ELM Samsung Server. It's blocked from firewall.

We opened temporarily

gslb.secb2b.com:443
eu-elm.secb2b.com:443
eu-prod-klm.secb2b.com:443

but still no activation possible and nothing seen witch is blocked.

Is there anything else we have to allow?

 

When i get the remote connection to the device (activated ELM via SIM) there's no remote control possible (only connectoin to file system but no device screen is shown).

Is there any setting which has to be made?

 

Agentversion: 13.6.0.1114 Android API Level: 28 Version Remotesteuerung: 1.11.0.102 Unterstützte APIs: SamsungMdmV57, Samsung RC v1, Samsung KNOX v3.0

 

  • 0
  • 0
Raymond Chan | posted this 21 February 2020

In fact, Samsung A50 supports both legacy OEM-specific Android Plus and Android-Enterprise platform.   It all depends on which agent you use and how to prepare the device for enrollment.    Maybe you should first figure out your use case and requirements to decide which platform to use.   In general, it is nearly always more beneficial to use Android-Enteprise, as there are more advanced features and the platform is driven by Google.

 

Could you please check the nane and version/build numbers of the apk you downloaded from Soti to do your installation?   That affects your enrollment flow and the software tool (e.g. MobiControl Stage running on Windows or MobiControl Stage Programmer running on Android device)  to use to speed up enrollment.

 

 

  • 1
  • 0
Rafael | posted this 21 February 2020

First of all many thanks to you Chan :D You did remember me that i used wrong profile (Enterprise) for this device but have to use Android Plus Profile.

So for now, the device switches in Locked Mode as mentioned.

But RemoteControl ist still only for filesystem available, no Screen is shown.

 

I tested two Mobicontrol .apk's: 

SamsungElmMobiControl1421.apk - here we had to set mobicontrol as deviceadministration App and all rights (change system settings etc.)

SamsungElmMobiControl1414_1010.apk - here we had to set only rights (change system settings etc.)

  • 0
  • 0
Dave Poulsom | posted this 21 February 2020

Hi Rafael,

We have trouble with remote control when the signal (cellular) is not very good.

We have a could instance so not sure if this helps but we need to open the following for WiFi devices:

10

and Remote Control Consoles connect to MobiControl Server

Binary

5494

Cheers,

Dave

  • 0
  • 0
Rafael | posted this 24 February 2020

@Dave: We are using only Wifi-Devices and all Zebras are working fine. Only the new Samsung device (A50) i got makes trouble.

  • 0
  • 0
Rafael | posted this 27 February 2020

We are testing for now, to stage it via Barcode directly from "Welcome"Screen. 

But everytime it says "Wrong QR-Code Please contact your administrator for a correct code".

The Barcode is generated by Mobicontrol Stage. So what's wrong?

  • 0
  • 0
Rafael | posted this 28 February 2020

No help from Soti here?

 

Today i tested it with the Mobicontrol app for enterprise (still have to click through the welcome/settings page).

Here its working well till it wants to set the workprofile. This is restricted from security settings and not possible.

If i try it manually i get only"An error occured".

Is this because there's no google account set? afw#mobicontrol is not working and don't need to use a google account on the zebras.

  • 0
  • 0
JVMOD@SOTI | posted this 03 March 2020

Hello Rafael,

 

Thank you for your post, please provide following details, I will test it on my end and will get back to you -

MobiControl version -

Agent Version -

OS version -

 

Regards,

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Rafael | posted this 04 March 2020

Hi JVMOD,

 

MobiControl version - 14.2.1.4394 (Enterprise Agent)

Agent Version - 14.1.6.1018

OS version - Android 9

OEM-Version - PPR1.180610.011.A505FNXXU2ASH2

 

Tested already those too:  

Agent Version - 14.1.4.1010

Agent Version - 14.2.1

Agent Version - 13.6.0.1114

 

  • 0
  • 0
Raymond Chan | posted this 04 March 2020

If you need help directly from Soti support team, you should send e-mail to support@soti.net or log a support case directly on Soti web site.  

 

Returning to your problem, when you asked whether the problem stems from having no Google account,  I have reason to believe that you have not made the proper preparation before trying your device as Android-Enterprise device.  Whether you are going to  get your device into AE device-owner (non-BYOD) or AE work-profile (BYOD) mode, you do need to create a Managed Google/Manage Google Play account, properly bind to your MobiControl server and a new Add-Devices rule (for AE and NOT for Android+ devices).  If you want to use QR-code to erol, you need an Android provisioning device running the free "MobiControl Stage Programmer" app downloadble from Google Play store.  Using the QR code from MobiControl Stage .exe program running on MS-Windows won't work

 

However, if you are using OEM specific Samsung ELM device agent to enrol your device,  then your device must have network access to Samsung ELM server mentioned in earlier post in this discussion thread.  Your Add-Devices rule should be for Android+ and NOT for Android-Enteprise.   If you press the QR-code button beneath the enrollment ID/URL entry box  on your Android+ device agent, you should use the QR code generated from the  MobiControl Stage .exe program running on MS-Windows, and the QR code from  "MobiControl Stage Programmer" app on provisioning Android device won't work.

 

Finally, shouldn't you first try to enrol your device MANUALLY to ensure everything is set up properly?  After that, you can proceed to try using QR code to speed up the provisioning process.

 

  • 0
  • 0
Rafael | posted this 04 March 2020

@Raymond

Google Account: So Samsung needs a Google Account and Zebra not? I'm wondering about that but if you say thats it, i'll create one but our Zebra's didn't need it since now (Enterprise and +).

MobiControl Stage Programmer: Because of the need of another Phone I didn't want to use this if possible. This app generates a QR-Code, so its not possible to generate it as an PDF, when i am right?

But we need that for our technicans etc. when they set up a blank new device.

Is there a way to get the *.apk file without google play store?

QR-Code: Yes, I found out, as you said, that the QR-Code from MobiControl Stage is only working with Mobicontrol. And the wifi settings weren't able to be set by mobicontrol when scanning the barcode in Android Plus.

The dream was a QR-Code which can be scanned in welcome screen (after activating the camera) and which sets up wifi and downloads mobicontrol app from playstore (using afw#mobicontrol as "login"). It would be ok, to scan a second QR-Code in Mobicontrol App for setting up the agent settings etc. And if it's in Enterprise Mode then it would be perfect but not a must have.

 - So, near to the Zebra Staging - 

Manually: We startet to try to stay as near on the configuration of the Zebra's as possible instead of configuring it completely new.

We installed the mobicontrol app via sd-card and then staged the device via barcode from Mobicontrol Stage after setting wifi manually and app restrictions. The status here is device works but remote control has no screen to remote control the device, only file management.

  • 0
  • 0
Raymond Chan | posted this 04 March 2020

Managed Google Account or Managed Google Play account can be skipped for special circumstance in Android-Enterprise platform, but many advanced enterprise-grade features of the AE platform will not be avaialble if a device is enrolled without the account

 

If you have special enrollment requirements (e.g. network restrictions, specific AE agent or other enrollment/initiatlization requirements), you need a provisioning Android device running the latest Soti MobiControl Stage Programmer app to make the enrollment possible and super-fast.   

 

In particular,  with that,  your Samsung A50 can definitely be enrolled to Android-Enterprise Device-Owner mode using a single QR code, but the device needs to have network access to Google''s and Samsung ELM server during the enrollment process (though the device as well as the MobiControl server can be restricted to closed corporate network AFTER the whole enrollment process is complete).  There is NO need to MANUALLY type in  the afw#mobiconrol hash-tag, the Wifi configuration (SSID, mode, password, etc.) nor the enrollment ID.  

 

  • 0
  • 0
Rafael | posted this 04 March 2020

@Raymond:

I tried now with SIM-Card (so the connection to google and samsung elm should be possible) and have the same problems:

I did manually (because i don't have an QR-Code working in welcome screen):

- Agree end user license

- skipped wifi configuration

- set "afw#mobicontrol" as google account 

- accept that mobicontrol is downloaded and set as managing app

- scanned barcode in mobicontrol from Mobicontrol Stage -> WiFi-Configuration failed

 

 

I checked App-Setting for mobicontrol: Change Systemsettings wasn't set - but changing it doesn't solve the problem.

  • 0
  • 0
Raymond Chan | posted this 04 March 2020

Just like any other AE capable devices supporting QR-code enrollment, tap your Samsung device screen 6 times in a row quickly in the welcome screen that allows language selection, and your device will switch to camera mode to allow capturing of QR code.

 

  • 0
  • 0
Rafael | posted this 05 March 2020

I know that but I didn't found any working QR-Code creation for this.

Always getting the error "Wrong QR-code please contact your administrator for correct code".

 

And the bigger problem is, that mobicontrol seem not able to set the wifi settings when doing it this way.

I found this:
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "{enrollment-token}"}
}

But how to edit it correct so its working for us?

{
"android.app.extra.PROVISIONING_WIFI_USER_CERTIFICATE": "OUR NETWROK SSID",
"android.app.extra.PROVISIONING_WIFI_PASSWORD": "OUR NETWORK PW TO THIS SSID",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.emm.android/com.emm.android.DeviceAdminReceiver", ?do i have to edit this for Mobicontrol?
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "gJD2YwtOiWJHkSMkkIfLRlj-quNqG1fb6v100QmzM9w=", ?how to get this?
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "?mobicontrol app location at playstore?",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
                                                                                             "dpc_company_name": "Our Company Name",
                                                                                             "emm_server_url": "our enrollment server?",
                                                                                              "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "{our enrollment id}" with or without the "{}"?
                                                                                             }
}

  • 0
  • 0
Raymond Chan | posted this 05 March 2020

Under normal circumstance, there is no need to worry about editing any parameter you showed in your post.  Everything works just fine based on the input typed in the  GUI of MobiControl Stage Programmer app.  Have you actually tried the GUI to successfully enrol one single Samsung device onto your MobiControl server?  And even before that, have you successfully enrolled one single Samsung device onto your MobiControl server manually with the afw#mobicontrol hash tag?

 

  • 0
  • 0
Rafael | posted this 05 March 2020

@Raymond:

Our problem is "- scanned barcode in mobicontrol from Mobicontrol Stage -> WiFi-Configuration failed"

And i don't know how to edit correct/complete the QR-Code for the welcome sreen as posted above.

  • 0
  • 0
Raymond Chan | posted this 05 March 2020

I have never encountered any Wifi configuration problem enrolling thousands of Samsung devices to AE in the last couple of years, and thing just works fine in a snap every time.   Your problem is actually much much much bigger than what you said.  Maybe someone from Soti can help you figure out what's your problem is.

 

  • 0
  • 0
JVMOD@SOTI | posted this 05 March 2020

Hello Rafael,

 

Please reach out to Support team to troubleshoot the issue further, click here to create a case.

 

Thanks and Regards,

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Rafael | posted this 26 March 2020

I'm in contact with Soti for a while now.

There's something which someone here can tell me too:

We are now testing with google account (android enterprise fully managed). 

But the mobicontrol setup get stuck at this Message:

"Google-Konto

Completing Configuration For your Work Profile"

Does this mean there's something missing in the Google Account settings?

 

And the other thing is, i got invited to the company google account but don't get access to it.

I had to create a new account.

When i choose "My Managed Apps" or "Administartor Settings" at https://play.google.com/work, i always get the error (Sorry for German message):

  • 0
  • 0
JVMOD@SOTI | posted this 31 March 2020

Hello Rafael,

 

Thank you for your response, after this pop-up you have to click "ok" and refresh the browser.

Following are the steps for the reference -

  1. In the MobiControl Web Console, click on the All Platforms tab to open it.

  2. On the All Platforms tab, click on the Servers tab to open it.

  3. On the Servers tab, in the Global Settings list, click on the wrench icon next to Android for Work Enterprise Bindings to open the Configure Android for Work Enterprise Bindings dialog box.

  4. In the Configure Android for Work Enterprise Bindings dialog box, specify the primary domain, and any secondary domains, you want to use for Android for Work.

    To specify a primary domain, click New and enter the primary domain address and MDM token string in the Add Android for Work Enterprise Binding dialog box. Click OK when you are done.

    To specify a secondary domain, click Add and enter the secondary domain address. When you are finished, press Enter. Note that a secondary domain must be linked to the primary domain.

  5. When you are finished configuring the primary and secondary domains for the Android for Work Enterprise Bindings, click Close to save the domain settings and close the Configure Android for Work Enterprise Bindings dialog box.

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Rafael | posted this 01 April 2020

We didn't do it as "Google Domain", we did choose "managed enterprise" and followed that instructions.

Do we need that Google-Domain part too? 

I hope not, because you have to log in at "https://admin.google.com/" with a G-Suite Account for which you have to pay for.

 

Actual we are able to add Apps to the application cataloge with managed google play apps.

There are only three things which actual don't work:

1. I got invited to the administrator account/ our company but don't get access to it (this is a google thing). Error Message see my last Post and is not so important for now. Only hoped that someone else had this problem too.

2. The device is hanging in configuration at "Google-Konto Completing Configuration For your Work Profile". I think it's because of this error i get in protocol: 

3. I only get Remote Access to filesystem even RemoteControl Icon is shown and all API's are available, but i think it's because of error in "2."(?)

  • 0
  • 0
JVMOD@SOTI | posted this 01 April 2020

Hello Rafael,

 

Thank you for your response, you have to add Managed Enterprise account.

for enrollment did you use afw#mobicontrol to enroll the device?

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Rafael | posted this 02 April 2020

Yes, we added already an managed enterprise account.

I enrolled with QR-Code and because of your SOTI-Support wanted to with afw#mobicontrol.

The result was both the same.

 

BUT i got an idea yesterday and its working now:

The device must have a connection to google and the soti-server AT SAME TIME.

We use On-Premise solution, and this server is not reachable from outside our network for now.

So, when i tried it without SIM (but Wifi or both), there was no connection to google but to our soti (that was as expected, because of proxy/firewall).

When i tried to get the google account added (via mobicontrol) without WiFi (but SIM) there was no connection to our soti (expected) but to google. it wasn't possible too (that was unexpected). I thought, that all settings were transfered to the device and it only needs the connection to google to get the account added. But that was false and no one told me/ had this idea still now.

So, we added proxy including exceptions and opened several connections in firewall/proxy. And now it's fine.

Hopefully this will help other people if they have same problem.

 

So this Problem is solved but i can't mark my own post as solution - a bit strange.

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback