Likey to be a certificate issue. I have seen the error while i am testing things out and it is when the enrollment certificates are not being installed/delivered correctly. Probably needs som econf in the Enrollment configuration window. I dont have any more info really as i am also very new to this and trying to figure out how it works so take what a say witha grain of salt
We enrol via email address and it works but it did require some intenret DNS records configured pointing to the MDM DMZ server
like Pacific stated they can login with their emails, however we simply use their AD creds. We prefer them to user domain\username and then their password. Seems to work for us.
Also check to ensure the account isn't locked out. Since it's going against their AD account, if they enter it in wrong enough times, it will lock their ad account
I will look into this some more next week and report back. As it is, if I put the enrollment url into the browser, I get a certicate error. Like I said, I'll look into this more heavily next week, been too busy this week.
Sorry for the delay, I hope you're still willing to help...
I entered the enrollment url into a webs browser and it showed that the certificate had an issue, that it wasn't issued by a certificate authority. So I changed our SSL cert to be the one we got from GoDaddy. But it still isn't logging.
I know there is a section in the install document about where different certificates should go, but being I'm not super Cert smart, I don't fully understand it, we got a contractor to come in and help us with certs, but he's not familiar with LD so it's possible that they aren't put together quite right. In addition, we're attempting to run the MDM server on our core server (with port forwarding from the firewall) so I don't know if that plays in at all.
If I enter my email address, and domain/username and password, i get 'login failed' nothing more
I assume this means I'm talking correctly to the server and something isn't happening correctly, I'm just not sure what.
So I guess I have a couple questions:
- Our LD rep said he wasn't sure if it was supported to put the Mdm server on the core server, 'try it and see'. Does anyone know if this is a supported configuration, I haven't found anything.
- Can someone tell me which certs I should have where and where they should be enabled?
- Is there a log somewhere I can check to see if/where the login requests are getting stuck?
I use logs at:
C:\program file (x86)\landesk\mdm\data\logs
There are several logs to do with enrollment. Mine show heaps of errors. One of our main problem is that the MDM server was trying to go to the internal proxy server to get to the Internet. It would not authenticate so would stop all traffic, this particularly effected enrolling android devices.This is regardless of your IE proxy settings which it seems MDM request generated from a console ignore.
There are alos IIS logs in the root of C which can help with enrollment troubleshooting
By using the logs you suggested, I found that my DNS entry has a type (I had an L instead of i in the enrollment url: ld-...) I successfully logged in, but now it get sent to a page: https://coreserverDNS/DeviceServices/MobileConfig.aspx is giving us an ASP.Net error: 'Object Reference not set to an instance of and object'. Every time I try to switch to the LD agent, it jumps me back to the page in safari with the error. Looking in the Event viewer shows the following application error, any suggestions?
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 6/28/2012 8:53:24 AM
Event time (UTC): 6/28/2012 3:53:24 PM
Event ID: cf2d80e1a1b04043b087e0b3bbaa1fcf
Event sequence: 11
Event occurrence: 2
Event detail code: 0
Application domain: /LM/W3SVC/1/ROOT/DeviceServices-1-129853723008202982
Trust level: Full
Application Virtual Path: /DeviceServices
Application Path: C:\Program Files (x86)\LANDesk\MDM\Web\DeviceServices\
Machine name: PAPA
Process ID: 27008
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Exception type: NullReferenceException
Exception message: Object reference not set to an instance of an object.
Request path: /DeviceServices/MobileConfig.aspx
User host address: 10.1.110.101
Is authenticated: False
Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread ID: 6
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at AthenaMobileConfig.MobileConfig.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Custom event details:
I have the same issue...
Do you have found solution / workaround for this message?
No, not yet. Due to the holiday (4th of July) schedule this week, I'm planning on contacting support on Monday next week.
All the research I did turned up one post and it related to rights to a folder. This didn't seem to fix my problem so I figure internet research is fruitless and will need to contact support.
I'll be sure to post my findings. (if you find anything first, please let me know too).
Oh, Sorry, Happy Bank Holidays...
Thank you, I'm interested because after three facilities, I no longer know where to look ...
Here are my observations:
- The problem that I encounter seems to happen only on IOS, not Android (Android devices are enrolled correctly).
- In an IE browser, I put in evidence this error (Error 403): https://MyMDMServer/deviceservices/mobileconfig.aspx. On a functional MDM server, a file is generated.
In the document of the community (http://community.landesk.com/support/docs/DOC-25103), although there a track for this problem (MDMSecure must be included in "Trusted root CA" on the Core server) but for me, no improvement.
I also intend to open a Case fairly quickly. If I have information, I would do follow them...
I did some checking as a result of your mention that you could get it to work on your mdm server. I tried to browse the location from the Mdm server and I get the same error that I am getting from the device: Reference not set to an instance of and object'.
Obviously this is not exactly the same error.
My error is rather: The remote server Returned an error: (403) Forbidden.
Have you assigned to your test user a security profile ?
This profile contain the certificate MDMSecure?
In an Internet browser, is there a certificate error when you access the page https://mdm.mydomaine.com/?
In %ProgramFiles(x86)%\LANDesk\MDM\Data\Logs, have you more informations?
In IIS logs, have you more informations about you error?
I Hope is clear, my translation is not perfect...
Hi Thomas and bwallace,
I had a similar issue for quite a long time (about 4-5 weeks). See the community thread http://community.landesk.com/support/message/76476#76476 . Log is the same as from bwallace. Do you currently have .Net4 installed on your MDM Server ?
Yes we do have .Net Framework 4 installed on the server.
I did actually look at the post you've mentioned, I double checked our DNS stuff and found a typo, this fixed the login problem, but now it gives the object reference not set error. I believe I've got the certificates all set correctly, and I've checked that the launchpad folder has the permissions our MDM and our core are on the save server and they can talk just fine. I haven't turned off all the firewall stuff, maybe I need to look into that further, but it doesn't seem like a firewall kin of error to me...
I checked our mdm.domain.com and it browses with NO certificate error. I'm guess I'm not sure how to assign our test user to a security profile and how to a make sure this profile has the MDMsecure certificate, are there directions somewhere for that? I do have a default policy assigned to the group that the user is in, but not sure if the cert is there or not. A far as logs go, I don't see anything in the folder you suggested that indicates its from the mobile management stuff (checking contents and modified date) The IIS log has several lines all of which are ok, with one exception:
2012-07-10 18:32:35 <ServerIPAddress> GET /DeviceServices/MobileConfig.aspx - 443 - <DeviceIPAddress> Mozilla/5.0+(iPad;+CPU+OS+5_1_1+like+Mac+OS+X)+AppleWebKit/534.46+(KHTML,+like+Gecko)+Version/5.1+Mobile/9B206+Safari/7534.48.3 500 0 0 78
Our support level information is in process of being corrected or I'd have called support by now.
you can find both the install guide and user guide here http://help.landesk.com/Product/Index/ENU/MOBL/9.0/home.html
as well as a troubleshooting guide here http://community.landesk.com/support/docs/DOC-25103