1 2 Previous Next 21 Replies Latest reply on Aug 14, 2012 8:17 AM by bwallace

    Device Agent Fails to Login


      We're attempting to get the MDM Agent working on an IOS device. We downloaded the app from the app store and entered our enrollment url. We enter valid network credentials and when we click enroll, get a dialog stating "Login Failed'.


      I have a couple questions: what credentials should we use here? the end user's domain credentials? and how can I trouble shoot why we are not successfully logging in here.

        • 1. Re: Device Agent Fails to Login
          pacificmags Rookie

          Likey to be a certificate issue. I have seen the error while i am testing things out and it is when the enrollment certificates are not being installed/delivered correctly. Probably needs som econf in the Enrollment configuration window. I dont have any more info really as i am also very new to this and trying to figure out how it works so take what a say witha grain of salt


          We enrol via email address and it works but it did require some intenret DNS records configured pointing to the MDM DMZ server

          • 2. Re: Device Agent Fails to Login
            1EarEngineer Specialist

            like Pacific stated they can login with their emails, however we simply use their AD creds. We prefer them to user domain\username and then their password. Seems to work for us.


            Also check to ensure the account isn't locked out. Since it's going against their AD account, if they enter it in wrong enough times, it will lock their ad account

            • 3. Re: Device Agent Fails to Login

              I will look into this some more next week and report back. As it is, if I put the enrollment url into the browser, I get a certicate error. Like I said, I'll look into this more heavily next week, been too busy this week.

              • 4. Re: Device Agent Fails to Login

                Sorry for the delay, I hope you're still willing to help...


                I entered the enrollment url into a webs browser and it showed that the certificate had an issue, that it wasn't issued by a certificate authority. So I changed our SSL cert to be the one we got from GoDaddy. But it still isn't logging.


                I know there is a section in the install document about where different certificates should go, but being I'm not super Cert smart, I don't fully understand it, we got a contractor to come in and help us with certs, but he's not familiar with LD so it's possible that they aren't put together quite right. In addition, we're attempting to run the MDM server on our core server (with port forwarding from the firewall) so I don't know if that plays in at all.


                If I enter my email address, and domain/username and password, i get 'login failed' nothing more


                If I intentionally mispell the email address, it tells me it 'could not determine enrollment url. check with it deparment and enter vaild url'.


                I assume this means I'm talking correctly to the server and something isn't happening correctly, I'm just not sure what.


                So I guess I have a couple questions:

                1. Our LD rep said he wasn't sure if it was supported to put the Mdm server on the core server, 'try it and see'. Does anyone know if this is a supported configuration, I haven't found anything.
                2. Can someone tell me which certs I should have where and where they should be enabled?
                3. Is there a log somewhere I can check to see if/where the login requests are getting stuck?
                • 5. Re: Device Agent Fails to Login
                  pacificmags Rookie

                  I use logs at:


                  C:\program file (x86)\landesk\mdm\data\logs


                  There are several logs to do with enrollment. Mine show heaps of errors. One of our main problem is that the MDM server was trying to go to the internal proxy server to get to the Internet. It would not authenticate so would stop all traffic, this particularly effected enrolling android devices.This is regardless of your IE proxy settings which it seems MDM request generated from a  console ignore.


                  There are alos IIS logs in the root of C which can help with enrollment troubleshooting

                  • 6. Re: Device Agent Fails to Login

                    By using the logs you suggested, I found that my DNS entry has a type (I had an L instead of i in the enrollment url: ld-...) I successfully logged in, but now it get sent to a page: https://coreserverDNS/DeviceServices/MobileConfig.aspx is giving us an ASP.Net error: 'Object Reference not set to an instance of and object'. Every time I try to switch to the LD agent, it jumps me back to the page in safari with the error. Looking in the Event viewer shows the following application error, any suggestions?



                    Event code: 3005

                    Event message: An unhandled exception has occurred.

                    Event time: 6/28/2012 8:53:24 AM

                    Event time (UTC): 6/28/2012 3:53:24 PM

                    Event ID: cf2d80e1a1b04043b087e0b3bbaa1fcf

                    Event sequence: 11

                    Event occurrence: 2

                    Event detail code: 0


                    Application information:

                    Application domain: /LM/W3SVC/1/ROOT/DeviceServices-1-129853723008202982

                    Trust level: Full

                    Application Virtual Path: /DeviceServices

                    Application Path: C:\Program Files (x86)\LANDesk\MDM\Web\DeviceServices\

                    Machine name: PAPA


                    Process information:

                    Process ID: 27008

                    Process name: w3wp.exe

                    Account name: NT AUTHORITY\NETWORK SERVICE


                    Exception information:

                    Exception type: NullReferenceException

                    Exception message: Object reference not set to an instance of an object.


                    Request information:

                    Request URL: https://mdm.phxmesagateway.org:443/DeviceServices/MobileConfig.aspx

                    Request path: /DeviceServices/MobileConfig.aspx

                    User host address:


                    Is authenticated: False

                    Authentication Type:

                    Thread account name: NT AUTHORITY\NETWORK SERVICE


                    Thread information:

                    Thread ID: 6

                    Thread account name: NT AUTHORITY\NETWORK SERVICE

                    Is impersonating: False

                    Stack trace: at AthenaMobileConfig.MobileConfig.Page_Load(Object sender, EventArgs e)

                    at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)

                    at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)

                    at System.Web.UI.Control.OnLoad(EventArgs e)

                    at System.Web.UI.Control.LoadRecursive()

                    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)



                    Custom event details:

                    • 7. Re: Device Agent Fails to Login
                      ThomasCollignon Apprentice

                      Hi bwallace,


                      I have the same issue...

                      Do you have found solution / workaround for this message?




                      • 8. Re: Device Agent Fails to Login

                        No, not yet. Due to the holiday (4th of July) schedule this week, I'm planning on contacting support on Monday next week.


                        All the research I did turned up one post and it related to rights to a folder. This didn't seem to fix my problem so I figure internet research is fruitless and will need to contact support.


                        I'll be sure to post my findings. (if you find anything first, please let me know too).

                        • 9. Re: Device Agent Fails to Login
                          ThomasCollignon Apprentice

                          Oh, Sorry, Happy Bank Holidays...

                          Thank you, I'm interested because after three facilities, I no longer know where to look ...
                          Here are my observations:
                          - The problem that I encounter seems to happen only on IOS, not Android (Android devices are enrolled correctly).
                          - In an IE browser, I put in evidence this error (Error 403): https://MyMDMServer/deviceservices/mobileconfig.aspx. On a functional MDM server, a file is generated.

                          In the document of the community (http://community.landesk.com/support/docs/DOC-25103), although there a track for this problem (MDMSecure must be included in "Trusted root CA" on the Core server) but for me, no improvement.

                          I also intend to open a Case fairly quickly. If I have information, I would do follow them...



                          • 10. Re: Device Agent Fails to Login

                            I did some checking as a result of your mention that you could get it to work on your mdm server. I tried to browse the location from the Mdm server and I get the same error that I am getting from the device: Reference not set to an instance of and object'.

                            • 11. Re: Device Agent Fails to Login
                              ThomasCollignon Apprentice

                              Hi bwallace,


                              Obviously this is not exactly the same error.

                              My error is rather: The remote server Returned an error: (403) Forbidden.


                              Have you assigned to your test user a security profile ?

                              This profile contain the certificate MDMSecure?


                              In an Internet browser, is there a certificate error when you access the page https://mdm.mydomaine.com/?


                              In %ProgramFiles(x86)%\LANDesk\MDM\Data\Logs, have you more informations?

                              In IIS logs, have you more informations about you error?


                              I Hope is clear, my translation is not perfect...


                              • 12. Re: Device Agent Fails to Login
                                dbozic Rookie

                                Hi Thomas and bwallace,


                                I had a similar issue for quite a long time (about 4-5 weeks). See the community thread http://community.landesk.com/support/message/76476#76476 . Log is the same as from bwallace. Do you currently have .Net4 installed on your MDM Server ?



                                • 13. Re: Device Agent Fails to Login



                                  Yes we do have .Net Framework 4 installed on the server.


                                  I did actually look at the post you've mentioned, I double checked our DNS stuff and found a typo, this fixed the login problem, but now it gives the object reference not set error. I believe I've got the certificates all set correctly, and I've checked that the launchpad folder has the permissions our MDM and our core are on the save server and they can talk just fine. I haven't turned off all the firewall stuff, maybe I need to look into that further, but it doesn't seem like a firewall kin of error to me...




                                  I checked our mdm.domain.com and it browses with NO certificate error. I'm guess I'm not sure how to assign our test user to a security profile and how to a make sure this profile has the MDMsecure certificate, are there directions somewhere for that? I do have a default policy assigned to the group that the user is in, but not sure if the cert is there or not. A far as logs go, I don't see anything in the folder you suggested that indicates its from the mobile management stuff (checking contents and modified date) The IIS log has several lines all of which are ok, with one exception:


                                  2012-07-10 18:32:35 <ServerIPAddress> GET /DeviceServices/MobileConfig.aspx - 443 - <DeviceIPAddress> Mozilla/5.0+(iPad;+CPU+OS+5_1_1+like+Mac+OS+X)+AppleWebKit/534.46+(KHTML,+like+Gecko)+Version/5.1+Mobile/9B206+Safari/7534.48.3 500 0 0 78


                                  Our support level information is in process of being corrected or I'd have called support by now.

                                  • 14. Re: Device Agent Fails to Login
                                    1EarEngineer Specialist

                                    you can find both the install guide and user guide here http://help.landesk.com/Product/Index/ENU/MOBL/9.0/home.html


                                    as well as a troubleshooting guide here http://community.landesk.com/support/docs/DOC-25103

                                    1 2 Previous Next