MDM Device Issue Domain Enroll
- hello,
I have an issue with a Samsung GT-C6625 Mobile with Windows Mobile 6.1 Standard. This problem is that it can't do Domain Enroll. I have an error "cannot contact Server [...]".
I have checked Enrollement Server Acces URL (mobileenroll.xxx.com/Enrollement/...) ==> OK
Domain Enroll with Other PDA (T-Mobile 6.1 Professional) ==> OK it works
have you any ideas about this issue ?
Thanks
Lylian
Réponses
- Hello,
My problem is resolved. It was a certificate issue !
In fact the internal Enrollment server website certificate must be the same that your URL for enrolling the mobile. For example in my ISA 2006 i publish a website "mobileenroll.toto.com", so my internal certificate on the enrollment server website must be "mobileenroll.toto.com" and not the internal FQDN "mobileenroll.toto.local"
Goood now !!! Thanks for your help- Marqué comme réponseLylian L mercredi 8 juillet 2009 13:08
Toutes les réponses
- There are lots is things to check.
To check connectivity visit https://mobileenroll.xxx.com/enrollmentserver/service.asmx?op=ShouldEnroll, accept certificate warnings and a "ShouldEnroll" link will appear. If it does, then you have a connection to the server.
In the Version box, type 2.0.0.In the Owner Identity box, type your name. Choose Invoke. This should return a value of 0. If it returns a value of 1, the owner identity did not match the pre-enrollment request. If the Enrollment Web service returns anything else you might have a SQL problem.
Check you have a valid pre-enrollment request that has not expired !
Cheers Wayne
Airloom - Hello Wayne,
Thank you for your help ^^
Pre-Enrollment is OK and not expired.
I don't understand why testing Enroll Process while with another PDA Enroll process is OK ... (not the same manufacturer)
EDIT: I have tested and the result is <hr>0</hr> with a parameter value 1.0.0 and not 2.0.0.
With 2.0.0 i have the result <hr>2147418062</hr> OK... so you are defiantly hitting the enrolment server... but doesn’t looks like this is a device issue as the web service is reporting an invalid enrolment request.
Are you running MDM or MDM SP1 ?
Try enrolling a device that has previously worked. Use the current enrollment request. I think this will fail !Try creating a new enrolment request, for a test user and try enrolling the device again.
There are a few more thing to check in the Troubleshooting MDM Enrollment Issues Technet Document.
Cheers Wayne
Airloom
- I Running MDM SP1 Wayne.
I don't understand why with a T-Mobile PDA Enroll Works and with Samsung PDA it doesn't ...? I Can Enroll lot of times the T-Mobile PDA, no errors.
With My T-Mobile PDA i have the same error "2147418062" with 2.0.0 Parameter and domain enroll Works ...
EDIT: I have checked my events + IIS Events and no errors appears... I don't know where is the mistake !
Regards
Lylian While 1.0.0 is correct for SCMDM RTM I cannot remember the value for SCMDM SP1. (Wayne may very well be correct with 2.0.0.) But based on what you're seeing I think the enrollment requests are created properly, and the enrollment server looks good too based on the fact that you can enroll a T-Mobile device.
Actually since it seems to be device specific chances are your servers are ok. Other people on the forums have reported issues with Samsung devices, so I don't know what it is Samsung are doing to their devices. I'd check if there's a new ROM available for your device. I'd probably check if domain enrollment works using the Windows Mobile emulator as that usually is a good reference. If that works it's most likely a bug in the Samsung, or the security level is set too strict. (WM Standard devices often have a higher security level than WM Professional devices.)
- I'm also getting the same result trying to test the enrollment server using https://mobileenroll.xxx.com/enrollmentserver/service.asmx?op=ShouldEnroll
Is there a log or anywhere else to look to get more information on what that error means?
Thanks,
Chad While 1.0.0 is correct for SCMDM RTM I cannot remember the value for SCMDM SP1. (Wayne may very well be correct with 2.0.0.) But based on what you're seeing I think the enrollment requests are created properly, and the enrollment server looks good too based on the fact that you can enroll a T-Mobile device.
Wayne is indeed correct with the 2.0.0 value. The SCMDM SP1 documentation was updated to reflect that:
http://technet.microsoft.com/en-us/library/dd261751.aspx
|\\arco..- Hello,
My problem is resolved. It was a certificate issue !
In fact the internal Enrollment server website certificate must be the same that your URL for enrolling the mobile. For example in my ISA 2006 i publish a website "mobileenroll.toto.com", so my internal certificate on the enrollment server website must be "mobileenroll.toto.com" and not the internal FQDN "mobileenroll.toto.local"
Goood now !!! Thanks for your help- Marqué comme réponseLylian L mercredi 8 juillet 2009 13:08
