objective c - MDM iPCU Profile Installation Failed in iOS SDK -


i doing mdm vendor set , having apple enterprise account same.but after completing steps getting issue when try install iphone configuration utility file on iphone.we getting alert saying “profile installation failed”.please suggest suspect may wrong.following steps followed profile creation.

for vendor:

  1. i created vendor csr on macbook called vendor.csr.

    email: enterprise account email.

    common name: company name.

    saved disk.

  2. uploaded vendor.csr file enterprise account , downloaded mdm.cer file account.

  3. loaded certificate key chain.

  4. exported .p12 file private.p12 file.

  5. extracted private key using command : openssl pkcs12 -in private.p12 -nocerts -out key.pem

  6. extracted certificate : openssl pkcs12 -in private.p12 -clcerts -nokeys -out cert.pem

  7. convert certificate des form : openssl x509 -in cert.pem -inform pem -out mdm.cer -outform des

8.stripped password private key : openssl rsa -in key.pem -out private.key

for customer:

  1. now created 1 more csr push same macbook called push.csr.

    email: company support email.

    common name : company name push

    saved disk.

python code :

link: https://github.com/grinich/mdmvendorsign

i got python code above link plist encoded file files generated above i.e. private.key, push.csr, mdm.cer.i renamed files according command below , generated plist encoded file.

command : python mdm_vendor_sign.py --csr user_submitted_csr.csr --key mdm_vendor_private.key --mdm mdm_certifiate_from_apple.cer

push cert :

  1. then uploaded plist encoded file on “https://identity.apple.com/pushcert/” , downloaded resulting push certificate there.

  2. installed pushcert downloaded key chain , exported in p12 format , call mdm.p12.

  3. converted mdm.p12 pem format : openssl pkcs12 -in mdm.12 -out pushcert.pem -nodes

iphone configuration utility :

i implemented 3 sections of ipcu. server setup using rapidssl server set up.

  1. general

    a. name : company private limited

    b. identifier: com.mycompany.mdm.profile

    c. organization : company name

    d. description : version 1.0

    e. security : always.

  2. credentials

    uploaded pushcert.pem file generated @ last step of push cert work.

  3. mobile device management

    a. server url : https://xyz.server

    b check in url : https://xyz.checin

    c. topic :com.apple.mgmt.external.xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

    d. identity : selected credential.

export ipcu -> none/signconfigurationprofile (tried both).

now file failing install on device when send through mail , getting message profile installation failed.what understand logs device unable make connection server.please suggest me how resolve that.

device logs:

nov 27 19:02:21 iphone profiled[114] <notice>: (note ) mc: checking mdm installation...  nov 27 19:02:21 iphone profiled[114] <notice>: (note ) mc: ...finished checking mdm installation.  nov 27 19:02:21 iphone profiled[114] <notice>: (note ) mc: beginning profile installation...  nov 27 19:02:21 iphone profiled[114] <error>:  sectrustevaluate  [leaf anchortrusted]  nov 27 19:02:23 iphone locationd[63] <notice>: gesture enabledfortopclient: 0, enabledindaemonsettings: 0  nov 27 19:02:24 iphone locationd[63] <notice>: gesture enabledfortopclient: 0, enabledindaemonsettings: 0  nov 27 19:02:24 iphone profiled[114] <error>:  sectrustevaluate  [leaf anchortrusted]  nov 27 19:02:26 iphone profiled[114] <notice>: (error) mdm: cannot authenticate. error: nserror:  desc   : connection server not established.  desc: connection server not established.  domain : mchttptransactionerrordomain  code   : 23001  type   : mcfatalerror  params : (      "https://mdm.mycompanyname.com/service1.svc",      500  )  nov 27 19:02:26 iphone profiled[114] <notice>: (error) mc: cannot install mdm “mobile device management”. error: nserror:  desc   : payload “mobile device management” not installed.  sugg   : connection server not established.  desc: payload “mobile device management” not installed.  sugg: connection server not established.  domain : mcinstallationerrordomain  code   : 4001  type   : mcfatalerror  params : (      "mobile device management"  )  ...underlying error:  nserror:  desc   : connection server not established.  desc: connection server not established.  domain : mchttptransactionerrordomain  code   : 23001  type   : mcfatalerror  params : (      "https://mdm.mycompanyname.com/service1.svc",      500  )  nov 27 19:02:26 iphone profiled[114] <notice>: (error) mc: rolling installation of profile “com.mycompanyname.mdm.profile”...  nov 27 19:02:26 iphone profiled[114] <notice>: (error) mc: installation of profile “com.mycompanyname.mdm.profile” failed error: nserror:  desc   : profile “mycompanyname” not installed.  sugg   : payload “mobile device management” not installed.  desc: profile “mycompanyname” not installed.  sugg: payload “mobile device management” not installed.  domain : mcprofileerrordomain  code   : 1009  type   : mcfatalerror  params : (      "mycompanyname"  ) 

the certificate generated mdm vendor cert apple isn't used device authentication. it's used particular server send notifications apns.

the identity in ipcu (which deprecated long ago) client certificate. remember tls certificates need valid , trusted. server rejecting client http 500, start investigating server logs why.

really though if developing own mdm solution open dts incident apple. api documents published folks in enterprise developer program , not publicly available. rather here, mdm section of apple developer forums better place discuss it.


Comments

Popular posts from this blog

matlab - "Contour not rendered for non-finite ZData" -

delphi - Indy UDP Read Contents of Adata -

javascript - Any ideas when Firefox is likely to implement lengthAdjust and textLength? -