i tried to change a cert within 9.5.2 -
Proceeded this: https://community.sophos.com/kb/en-us/122559
1. Wizard, Import, Webconsole, detect certs, deleted old ones.
2. Restarted server, I get Error 2033 within SMC Control Agent (iOS)
3. Restarted Mobile Terminal, no change
4. like 1. I renerated self signed cert - and afters this I i imported (goto Number 1) - and after this replace with official cert.
All did not help - i reverted my snapsot an I hope you'll have a solution for me. I have 2 weeks to go with the old cert - perhaps someone other has tried to renew/replace the SSL Server cert with SMC 9.5.2 running on Windows Datacenter 2016.
Webbrowser opens console without error.
Would you please confirm that the new/old SSL certificate follows the requirement mentioned in this article which requirement from Apple for iOS 13 and macOS Catalina?
Please refer to this article from Sophos on these requirements and follow steps.
Jasmin Community Support Engineer | Sophos Support Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link
I can confirm the same problem here. We updated to Version 9.5 and renewed our SSL/TLS certs. After this, my client devices get the 2033 sync error...
I purchased like always and never had problems. I checked my cert and there is nothing what is not supported - I think the cert cache within the App-Server has problem.
I‘m looking forward for a fix.
I am assuming that you have followed this article, could you please let me know which certificates are displayed in the certificate list of TLS/SSL tab of Mobile control server? Are you able to enroll any new device after renewing the certificate? Can you try to synchronize the devices on the server, and check the task status? I will be discussing this with our support team, and let you know if we can get more information related to this issue.
The new cert is active within the web console - new enrollments are not tested due to the resaon of short downtime.
I went back to old snapshot
Hi TillLober and Christoph Bucher
I discussed the reported issue with the team, this issue is being currently investigated by our development team where an error occurs while SSL certificate hash renewal for existing devices. It is likely to be fixed in the upcoming version release, we will be notifying the same once the version with the fix is released.
what workaround is possible? what timeframe is planned for this hotfix?
According to current planning, this should be available in the course of the next week. However, I do not have any specific date for the version release. Once it is released we will be updating our forums. For testing purposes, Would it be possible to send a message to the affected device? The communication should work again after receiving the message.
Hi Shweta, Hi Till
I tested the "trick" with sending a message to an affected device. Unfortunately this didn't work. On the device, there pops up, that it received a message, but when the customer try to read this message, he gets again the "Error 2033".
thank you for the test - I can not test this because we are running on production and outages are monitored and charged to my account... I invested 2 tries to change the cert (see initial post and had no success - I support SMC starting Version 2.0 and have years of experience within mobile device management (not a newbe, started 1998 with Nokia Communicator my first mobile business)
Good Morning everybody!
Any news about a solution? We still struggle with this problem and we wouldn't be pleased 'bout re-enroll all devices :P
Today, I gonna do some testing again:
. Switch back to the old certificate on to SM Server as well as on the Apache2 reverse proxy.
. Enroll a device.
. Upgrade to the new certificate on SM Server and Apache2 reverse proxy according to community.sophos.com/.../123984.
. Check state of previously enrolled device