04-17-2012 09:52 AM
I have activated an iPhone on UDS. I can see the IT-Policy in the Client on the device but it does not get applied to the device (e.g. I don't have to set an password). I also don't see the other profiles which are attached to the user in the client (e.g. ActiveSync).
Does anyone have this problem, too?
On an android device it is working.
Solved! Go to Solution.
04-18-2012 06:56 PM
This might be similar to what I had with our iOS devices after my UDS install.
Are you seeing 'action.poke' failure message in the users Communication Logs?
If so you, make sure port 2195 is open on your firewall for outbound traffic from the server that runs your Core Module.
This will allow the policies and profiles to be pushed out to the iOS devices.
04-19-2012 02:56 AM
the firewall rules are correct and working (tested via telnet). The APNS certificate has the status Installed and expires 2013. But the log entrys show that anything is not working:
19. April 2012 06:33:28 UTC: command.application request 19. April 2012 06:33:28 UTC: command.deviceinfo_bdmi request 19. April 2012 06:33:28 UTC: command.deviceinfo request 19. April 2012 06:32:03 UTC: action.update request 19. April 2012 06:18:24 UTC: command.application request 19. April 2012 06:18:24 UTC: command.deviceinfo_bdmi request 19. April 2012 06:18:24 UTC: command.deviceinfo request 19. April 2012 06:03:16 UTC: command.application request .... 17. April 2012 08:26:06 UTC: command.deviceinfo_bdmi request 17. April 2012 08:26:06 UTC: command.deviceinfo request 17. April 2012 08:11:05 UTC: command.application request 17. April 2012 08:11:05 UTC: command.deviceinfo_bdmi request 17. April 2012 08:11:05 UTC: command.deviceinfo request 17. April 2012 07:57:08 UTC: action.update success
In the core log I found this:
59ce38","Unhandled Poke Exception. Error of performing device 'poke'. ", ,Type: System.InvalidOperationException ,Message: No certificates with key 'APSP:f21b760f-77e3-487d-9745-307a874c61e6' found in the store. ,Source: RIM.BUDS.Utilities ,TargetSite: "System.Security.Cryptography.X509Certificates.X50 9Certificate2 GetCertificate(System.String, System.Security.Cryptography.X509Certificates.X509 FindType, System.Security.Cryptography.X509Certificates.Stor eName)" ,StackTrace: at RIM.BUDS.Utilities.Helpers.CertificateFactory.GetC ertificate(String subjectName, X509FindType findType, StoreName storeLocation) in c:\ec_build\604689\BUDSServer\source\enterprise\BU DS\Server\Sources\RIM.BUDS.Utilities\Helpers\Certi ficateFactory.cs:line 41 , at RIM.BUDS.DeviceActions.iOS.iOSActionPoke.GetApnsCe rtificate(String certSubject) in c:\ec_build\604689\BUDSServer\source\enterprise\BU DS\Server\Sources\RIM.BUDS.DeviceActions.iOS\iOSAc tionPoke.cs:line 102 , at RIM.BUDS.DeviceActions.iOS.iOSActionPoke.Execute(J Object tenant, JObject device) in c:\ec_build\604689\BUDSServer\source\enterprise\BU DS\Server\Sources\RIM.BUDS.DeviceActions.iOS\iOSAc tionPoke.cs:line 80 , at RIM.BUDS.Core.Model.DeviceModel.ExecutePoke(Object data) in c:\ec_build\604689\BUDSServer\source\enterprise\BU DS\Server\Sources\RIM.BUDS.Core\Model\Device\Devic eModel.cs:line 676
Maybe there is a bug with the APNS certificate handling.
I will try to renew the certificate
04-19-2012 05:43 AM
OK, from your mmc, Certificates snap-in on the UDS server right-click on the Apple certificate in the Personal store, select All Tasks followed by Manage Private Keys. You will need to add Authenticated Users with Read permissions.
04-19-2012 08:45 AM - edited 04-19-2012 10:02 AM
thanks! It's working now. I dindn't saw this part on the APNS Import Page and after the APNS Import, this information was not accessible any more (the Learn more link does not work).
For all who need this information too:
- Open MMC
- Add local computer certificate store
- Open Personal/Certificates and right click on it
- All Tasks -> Import
- Choose APNS Cert
- Mark the key as exportable and enter the password and click next until finish
- Right click the APNS Cert in the MMC (begins with APSP)
- All tasks -> manage private keys
- Add the Service Account and give Read permissions
04-24-2012 12:43 PM
I have a similar problem but i check all the things you said in the answer and we did everithing in the installation but still is not working. I can see the it policy in the fusion client, i can see in the about section the activate device info but the it policy is not applied to de iphone. We test with a password policy but no password is set in the iphone.
the only thing i can find is in the communiation log
|24 de abril de 2012 16:22:38 UTC:||action.poke||success|
|24 de abril de 2012 16:22:38 UTC:||command.application||request|
|24 de abril de 2012 16:22:38 UTC:||command.deviceinfo_bdmi||request|
|24 de abril de 2012 16:22:38 UTC:||command.deviceinfo||request|
I try to understand the core log but i can't find any error reference.
Could you help us?