MDM Enrollment server
- Hi
I have installed enrollment server.After successful installation i got only help file in my start program files ? How do i start accessing the enrollment server.
Also if i go to IIS webpage i am getting HTTP Error 403.4 - Forbidden: SSL is required to view this resource
Please let me know how do i proceed on this ?
Regards
Loganathan.b
Answers
Logan,
It is possible to redirect the traffic but the SSL session will fail. The certificate has a differnt host name to the server request. You need to re-issue the certificates and re-install the Enrolment server.
Cheers Wayne
Airloom- Proposed As Answer byWayne Phillips.MVP, ModeratorThursday, October 29, 2009 12:40 AM
- Edited byWayne Phillips.MVP, ModeratorMonday, November 09, 2009 11:23 PMtypoos
- Marked As Answer byWayne Phillips.MVP, ModeratorMonday, November 09, 2009 11:24 PM
All Replies
- Depends on what you mean by "accessing the enrollment server". Installing the Enrollment role will not let you do much by itself. You can create pre-enrollment requests by accessing the SCMDM console though.
If you just want to verify that the enrollment server is properly installed you should open up your browser and go to:
https://localhost:8445/MDM/EnrollmentAdminService/Admin.asmx - Good one.It is working Now...i was accessing the url and i am getting the page.Is it anything further testing on this ? Also we are not going to use proxy for first time enrollment.
We are discussing internally thru the network..How can we do this ? Is it any specific document or how do i start testing on this ?
In PDA i need to type the below url to get the enrollment or what ( Which you mentioned in the mail instead of localhost with hostname ?
Regards
Loganathan.B. - Unless you are having problems enrolling, or want to know how the enrollment server works for a programmer you can leave the web page for now. It's installed and running like it should. (If you have configured it wrong you'll discover this soon enough.)
For a live deployment I'd publish the enrollment server through ISA or something similar. If you want to perform the enrollments only on the internal network you don't have to do anything more at the moment. Other than making sure it's reachable through DNS, and that the DNS record matches the common name of the certificate. (The device will perform certificate validation when enrolling.)
By default the device will look for the enrollment server at https://mobileenroll.domain.com if you provide an email of user@domain.com. If the device fails to locate the server at this address you must provide the address manually. I didnt get you what is this meaning ?
Other than making sure it is reachable through DNS and that DNS record matches the common of the ceritifcate ?
I am sure this url https://mobileenroll.domain.com is going to be external facing url ? If this is the case how we do match with this url .we dont want to use any proxy for enrollment ..
https://hostname:8445/MDM/EnrollmentAdminservice/Admin.asmx ?
Regards
Loganathan.B.
I was thinking of a scenario where the internal address and the external address are different. So for instance the external address is mobileenroll.domain.com, and the internal is enroll.domain.local, the certificate would then need to be issued to the external address that the device locates through DNS. If you're only enrolling internally you can use enroll.domain.local, but if you want to enroll both externally and internally you need to make sure both the external and internal DNS resolves to the external address. (Since a web site in IIS can only have one certificate pr IP address and port combination.)
Ok..I got it...Initially i can do the domain enroll and can setup the device.After this i would like to convert using ipvpn for access ?
For this type of setup i need to change anything ?
Regards
Loganathan.B.
- The enrollment server is only used for the domain enroll. After that the device talks to either the gateway server, or the device management server directly. If you plan to use the VPN tunnel and IPSec you need to install and configure the gateway server. You would also need to make sure that pre-enrollment requests contain the details for the gateway server.
- Ok..The DNS Records are big one for Localhost..How we do we make it as redirection if they type /https://mobileenroll.domain.com
to redirect to below url for enrollment
https://hostname:8445/MDM/EnrollmentAdminService/Admin.asmx Logan,
It is possible to redirect the traffic but the SSL session will fail. The certificate has a differnt host name to the server request. You need to re-issue the certificates and re-install the Enrolment server.
Cheers Wayne
Airloom- Proposed As Answer byWayne Phillips.MVP, ModeratorThursday, October 29, 2009 12:40 AM
- Edited byWayne Phillips.MVP, ModeratorMonday, November 09, 2009 11:23 PMtypoos
- Marked As Answer byWayne Phillips.MVP, ModeratorMonday, November 09, 2009 11:24 PM
