Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 6337 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trial MDM: MDM behind UTM: Problems during implementing

Sophos_iLIKE

Hello Forums,

i just play around with mdm right now.

So this is my idea:

Internet ---> UTM --> MDM

Backround:

the internal name from the mdm is smc.internal.lab

the external name from the mdm is smc.mycompany.de

i have a valid cert for smc.mycompany.de

dns is set external to smc.mycompany.de

dns is set internal to smc.internal.lab

dns is also set smc.mycompany.de=smc.internal.lab

this works fine.

When i activate in the utm>Sophos Mobile Control it fails:

Error-log:

2014:12:22-13:12:30 proxy01 smcc[10444]: could not login to SMC server
2014:12:22-13:12:30 proxy01 smcc[10444]: exiting due to fatal error
2014:12:22-13:12:33 proxy01 smcc[10454]: Could not log into SMC server
2014:12:22-13:12:33 proxy01 smcc[10454]: exiting due to fatal error
 
i can log in directly to the mdm with the same credentials. 
 
so i slipped around that and created a webserver protection for that:
the server is accessible from external.
 
what happend: i can reach the ssp from external (or internal),
i can log in, put in my phone number
recieved the pin
entered the pin
software installation (bootstrap) starts--> AND fails. 
Error message: registering device failed, please contact your support or similar
 
Can can't see what happend or why it failed.
where are the logfiles and reports to see whats happend?
(or what is not working)
 
how can i fix that?
regads
 
 
 
:55209


This thread was automatically locked due to age.
Parents
  • 0

    Hi Sophos_iLike,

    so it seems you have to different issues here which I try to address in my answer ;-)


    At first the UTM / SMC connection issue:

    In general, there exists this article, which explains how to connect the UTM to an SMC server 

    Maybe the problem is that an SSL connection could not be established to the SMC server, because there are issues with the trust of SSL certificate. Does the certificate being in place on the SMC server cover the name configured as server name in the UTM?

    So if the certificate being used on the SMC server is for "smc.mycompany.de" then you should use this name also within the "Sophos Mobile Control" section of the UTM.

    Regarding the second issue with the device registration:

    In a first step, you can check the "Task view" and check the task which was erroreous using the magnifier icon next to the task. Maybe there is already an error code or a error description which might help you. You could also click on the "Details" button to get further information.

    Log files can either be downloaded as a super administrator in the "About" section. On the Windows Operating system, the are located in the folder %MDM_HOME%\jboss\server\mdm\log.

    The main log you would check would be the "server.log".

    Based on your description it seems you try to register an iOS device. Please make sure that you have uploaded an APNS certificate to the SMC customer you are working with. Otherwise, a device registration will immediately fail during the creation of the bootstrap / mdm enrollment profile.

    Information how to create an APNS certificate is described in chapter 10 of the SMC startup guide.

    Hope this helps.


    Best regards

    Stefan

    :55283
Reply
  • 0

    Hi Sophos_iLike,

    so it seems you have to different issues here which I try to address in my answer ;-)


    At first the UTM / SMC connection issue:

    In general, there exists this article, which explains how to connect the UTM to an SMC server 

    Maybe the problem is that an SSL connection could not be established to the SMC server, because there are issues with the trust of SSL certificate. Does the certificate being in place on the SMC server cover the name configured as server name in the UTM?

    So if the certificate being used on the SMC server is for "smc.mycompany.de" then you should use this name also within the "Sophos Mobile Control" section of the UTM.

    Regarding the second issue with the device registration:

    In a first step, you can check the "Task view" and check the task which was erroreous using the magnifier icon next to the task. Maybe there is already an error code or a error description which might help you. You could also click on the "Details" button to get further information.

    Log files can either be downloaded as a super administrator in the "About" section. On the Windows Operating system, the are located in the folder %MDM_HOME%\jboss\server\mdm\log.

    The main log you would check would be the "server.log".

    Based on your description it seems you try to register an iOS device. Please make sure that you have uploaded an APNS certificate to the SMC customer you are working with. Otherwise, a device registration will immediately fail during the creation of the bootstrap / mdm enrollment profile.

    Information how to create an APNS certificate is described in chapter 10 of the SMC startup guide.

    Hope this helps.


    Best regards

    Stefan

    :55283
Children
No Data
Unfiltered HTML