"Activation failed. Undefined error" when trying to activate device

Been unable to activate some iOS devices since around late September to now. Initially the problem appeared when trying to enrol a new iPod, so I went back and checked another device (iPad) which we had enrolled successfully earlier, removed that device from SMC and re-added it and it is hitting the same brick wall of not being able to activate the device in the SMC app. The worst part is, the error message doesn't give you a lot to go on, the text only reads: "Undefined error. Please try again later or contact your administrator". 

I have tried resetting the device and starting from fresh but still running into the same issues. Have tried activating both manually and from clicking on the link on the webpage. 

Both devices are on iOS 11.0.1. We have another iPad (well another 5 iPads) which are identical to the device both in hardware and set up which is having the issue and they seem work fine. 


Any ideas of what to try or what could be causing the error? 

  • The same here since the update to 7.1.4.

    SMC app just gives an undefined error and if we try to use the setup-website the google captcha can't be solved.

  • The only work around we found, at least for the exact problem we were having was to go into SMC Web interface and delete the pending task bundle for the device, then click "Actions" and choose "Enroll", you will then receive an email with a QR code, go into SMC app on device and activate by QR code, scan QR code then device should run through enrolment procedure. After enrolled, log onto SMC Web interface and install the corresponding profile.

    Might be worth trying yourself? 

  • In reply to Ian Machin:

    I tried, but the app shows again the undefined error.

  • In reply to Ian Machin:

    I'm having the same issue too.  The steps outlined here did not resolve the issue.  Renewing my APN did not resolve the issue either.  This happens on two iphones and an ipad.  

  • In reply to Tony Lademan:

    In our case it was a problem with SSL-certificates. in superadmin account we had to klick on "Automatically detect certificates".

    Activation via SMC App now works.


    Activation via website is just not working, because of the google captcha.

  • In reply to DirkTeichmann:

    I'm not seeing where that option is located.  I am running SMC in Sophos Central though, not hosted in house.  If you're on Central as well, would you be able to point me to where that's located?  I've scoured all the Setup sections, but I might just be blind..


    Thank you

  • In reply to Tony Lademan:

    Our SMC is hosted in house.

    Here is a screenshot (german version):

  • In reply to DirkTeichmann:

    Hi Tony, 

    It would be great if you could share the screenshot of the error on your device. so that I can see what exactly is happening.

  • In reply to Haridoss Sreenivasan:

    Yes, here it is, just as reported in the title:


  • In reply to Tony Lademan:

    Hi Tony, 

    Thank you for the screenshot. Please allow me to check on this and update you on this.

  • In reply to Tony Lademan:

    Hi Tony ,

    Given that your APNs certificate is valid and it wasn't changed, meanwhile since you have rolled out the iOS device (changing the APNs certificate needs re-enrollment of all iOS devices) you should be doing this next:

    1. Do the device which has this issue see APNs? This can be checked from the Sophos Mobile app About-section. It should be also be checked when the device is in the user's network behind the Firewall.

    2. If they see APNs we need verbose logs. When the verbose logging is activated they need to do again what they have tried when the error has occurred.

    To get the log files from the two applications use the "Send logs" option within the Sophos Mobile Control client.

    • Open the Sophos Mobile Control client app
    • Click on the menu button (Android)  or the Info button (iOS) of the SMC client app
    • Select Send log
      This will open the Share with a dialog where you can choose to send the log via email or upload it to a cloud storage provider.

    Using this option will collect and zip all log files from Sophos Mobile Control and Sophos Mobile Security. This procedure also works for iOS. Please refer to the article How to get log files from Sophos apps installed on Android or iOS mobile devices

  • In reply to Haridoss Sreenivasan:

    The iOS device is not connected to our account though, that's the problem.  I get the error in the screenshot when I try to connect it.


    If I go in to the info page, it says Connected to: ---

    And Check APNs returns: APNs server is reachable via Wi-Fi.


    The log files are empty, that was one of the first things I checked before coming here.  


    Again, the iOS device is not rolled out.  It fails to deploy.

  • In reply to Tony Lademan:

    I am having this exact same issue but will all my devices since about a week or so ago. We have tried the above recommendations as well with the same result of it not resolving the issue. 

  • In reply to Tony Lademan:

    Hi Tony, 

    On checking "And Check APNs returns: APNs server is reachable via Wi-Fi." it is clearly evident that your Firewall is blocking the incoming push notification from Apple APNs.

  • In reply to Haridoss Sreenivasan:

    No, I'm sorry, but that's not correct.  I've performed this test from three different LANs (with different firewalls, all of which have NO outbound filtering and for fun-sake I've tested with ALL inbound filtering TURNED OFF).  I've also performed it from two different iphones that were NOT on wifi, but rather cellular data.  The screenshot I sent just happens to be my current test device, as I don't have direct access to the client devices at all times. 


    I just performed another test bypassing our firewall:


    1. Put my cellphone into tether mode.

    2. Connected this ipad to my cellphone's wifi hotspot, so that it is now riding over my ATT cellular data plan.

    3. Confirmed that _no_ firewall is in place on my phone.

    4. Tested again.

    5. It failed to enroll.  Again.


    This is not a local connection issue.


    I _need_ some more visibility into this.  Like I said, the log files that I pulled from the device were _empty_.  Can you give me any access to the logs from our Sophos Central?  I have absolutely nothing to work with here and the client is getting incredibly impatient with the lack of a solution. 


    They're at the point now where they're asking us to not use Sophos.