AMT VPRO Enrollment Point Certificate Issue
I am having issues provisioning some machines in ConfigMgr 2012 SP1. They get to the point where they say Not Provisioned in the console and detect the version, but they won't provision. I have a cert from GoDaddy with the right hash and have
followed the steps to set it up to the best of my knowledge, but it seems there is an issue between my Enrollment Point and my CA. The clients are AMT version 5.2.1. I'll include the 3 logs with errors. The first two are from the monitoring
section of ConfigMgr.
SMS_AMT_OPERATION_MANAGER
Severity Type
Site code Date / Time
System Component
Message ID Description
Error Milestone
NCT 7/18/2013 8:16:13 AM
WAUSCCM2.NTC.EDU SMS_AMT_OPERATION_MANAGER
7218 The out of band service point failed to request a certificate by using the enrollment point.
Error Milestone
NCT 7/18/2013 8:15:09 AM
WAUSCCM2.NTC.EDU SMS_AMT_OPERATION_MANAGER
7218 The out of band service point failed to request a certificate by using the enrollment point.
Error Milestone
NCT 7/18/2013 8:14:05 AM
WAUSCCM2.NTC.EDU SMS_AMT_OPERATION_MANAGER
7218 The out of band service point failed to request a certificate by using the enrollment point.
Error Milestone
NCT 7/18/2013 8:13:01 AM
WAUSCCM2.NTC.EDU SMS_AMT_OPERATION_MANAGER
7218 The out of band service point failed to request a certificate by using the enrollment point.
SMS_ENROLL_SERVER
Severity Type
Site code Date / Time
System Component
Message ID Description
Error Milestone
NCT 7/18/2013 8:16:13 AM
WAUSCCM2.NTC.EDU SMS_ENROLL_SERVER
8304 Enrollment Point cannot accomplish tasks on the CA. Possible cause: The Certification Authority is down. Action to take: Check if the Certification Authority is running properly.
Possible cause: The credentials used to connect to the Certification Authority are incorrect.The CA is not functioning correctly. Action to take: Check if the Certification Authority is running properly. Check if the credentials used to
communicate with the CA server are correct.
Information Milestone
NCT 7/18/2013 8:16:13 AM
WAUSCCM2.NTC.EDU SMS_ENROLL_SERVER
8309 The Enrollment point connected to the Certification Authority successfully.
amtopmgr.log
>>>>>>>>>>>>>>>Provision task (In Band Provision) begin<<<<<<<<<<<<<<<
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Provision target is indicated with SMS resource id. (MachineId = 16780470 CHS2021A-49422.NTC.EDU)
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Found valid basic machine property for machine id = 16780470.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Warning: Currently we don't support mutual auth. Change to TLS server auth mode.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
The provision mode for device CHS2021A-49422.NTC.EDU is 1.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
The IP addresses of the host CHS2021A-49422.NTC.EDU are 10.1.22.20.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Root hash of provisioning certificate is 2796BAE63F1801E277261BA0D77770028F20EEE4.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Attempting to establish connection with target device using SOAP.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Create provisionHelper with (Hash: 2039F65277E499505D10AC073579B558582CFC97)
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER
7/17/2013 2:40:38 PM 1132 (0x046C)
Try to use default factory account to connect target machine CHS2021A-49422.NTC.EDU...
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Core version of target machine CHS2021A-49422.NTC.EDU is: 5.2.1.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:41 PM
1132 (0x046C)
Succeed to connect target machine CHS2021A-49422.NTC.EDU using default factory account.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:41 PM
1132 (0x046C)
GeneralInfo.GetProvisioningState finished with HResult = 0x0, status = 0x0, clientErr = 0.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:45 PM
1132 (0x046C)
Get device provisioning state is In Provisioning
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:45 PM
1132 (0x046C)
Passed OTP check on AMT device CHS2021A-49422.NTC.EDU.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:48 PM
1132 (0x046C)
Processing provision on AMT device CHS2021A-49422.NTC.EDU...
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:48 PM
1132 (0x046C)
Successfully get AD account for AMT device CHS2021A-49422.NTC.EDU.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:48 PM
1132 (0x046C)
AMT web server certificate Template: ConfigMgrWebServer.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:48 PM
1132 (0x046C)
Call https://WAUSCCM2.NTC.EDU:443/EnrollmentService/AmtEnrollmentService.svc to issue Certificate
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: SCCMCertCredentials - finding self signed sms cert by thumbprint
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - finding in LocalMachine, store Sms, find type FindByThumbprint, validOnly = False
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - there are 6 certs in the specified store
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - Found certs via FindByThumbprint, count = 1
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - cert[0].FriendlyName = Site System Identification Certificate
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - cert[0].Subject = CN=Site System Identification
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - cert[0].Issuer = CN=Site System Identification
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
ERROR: [EnrollmentWrapper]: Enrollment service reports error: CertificateAuthorityError. Detail message: Submitting cert request and issuing cert failed
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
Fail to call SubmitRequest in IssueCertificateFromES
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
STATMSG: ID=7218 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_AMT_OPERATION_MANAGER" SYS=WAUSCCM2.NTC.EDU SITE=NCT PID=1952 TID=1132 GMTDATE=Wed Jul 17 19:40:49.352 2013 ISTR0="" ISTR1="" ISTR2="" ISTR3=""
ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
ERROR: Fail to issue certificate SMS_AMT_OPERATION_MANAGER
7/17/2013 2:40:49 PM 1132 (0x046C)
CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Unspecified' SID=13 MUF=0 PCNT=1, P1='CHS2021A-49422.NTC.EDU' P2='' P3='' P4='' P5=''
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
CStateMsgReporter::DeliverMessages - Created state message file: C:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\csd1mn93.SMX
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
Error: Can't finish provision on AMT device CHS2021A-49422.NTC.EDU with configuration code (0)!
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
>>>>>>>>>>>>>>>Provision task (In Band Provision) end<<<<<<<<<<<<<<<
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
General Worker Thread Pool: Warning, Failed to run task this time. Will retry(3) it
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
AMT Provision Worker: Wakes up to process instruction files
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:58 PM
3540 (0x0DD4)
AMT Provision Worker: 1 task(s) are in the pending list.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:58 PM
3540 (0x0DD4)
AMT Provision Worker: There are 1 tasks in pending list
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:58 PM
3540 (0x0DD4)
AMT Provision Worker: Wait 11 seconds... SMS_AMT_OPERATION_MANAGER
7/17/2013 2:40:58 PM 3540 (0x0DD4)
AMT Provision Worker: Wakes up to process instruction files
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:41:09 PM
3540 (0x0DD4)
AMT Provision Worker: Send task CHS2021A-49422.NTC.EDU to completion port
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:41:09 PM
3540 (0x0DD4)
AMT Provision Worker: 1 task(s) are sent to the task pool successfully.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:41:09 PM
3540 (0x0DD4)
AMT Provision Worker: There are 1 tasks in pending list
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:41:09 PM
3540 (0x0DD4)
AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER
7/17/2013 2:41:09 PM 3540 (0x0DD4)
Let me know if any other info would help.
Thanks,
Ross
Since no one has answer this post, I recommend opening a support case with CSS as they can work with you to solve this problem.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ
Similar Messages
-
Good evening all,
I'm attempting to get Intel SCS integrated with SCCM 2012 R2 and I have both sides working, doing what they do best, however, I have issues when I try to mate the two. I started with a single server for the site and then tackled the Intel side with success,
then I added another site server to run the Out of Band service point and Enrollment point. Up until this point I've had no issues with certificate templates, or issuance of those certs.
I have re-read the TechNet documents a few times regarding the PKI setup, some Intel documentation and three step by step articles and non of them seem to differ so I can't understand why I'm unable to choose my "ConfigMgr AMT Web Server Certificate"
when configuring the Out of Band Management Component Properties page. The "AMT web server certificate template:" dialog shows my CA FQDN and CA name, but the certificate template list is always blank. I've tried this from both the remote
and local ConfigMgr consoles. The site servers have rights on the CA to manage and issue certs, is there something I'm missing that isn't in the documentation or buried somewhere that I missed? Is there a Application policy that should be on the
cert that isn't mentioned anywhere?
Thanks in advance!
TesfayeHi Joyce,
Thanks for responding. I pretty much have this error repeating in the log file and not much else:
[28, PID:13388][05/21/2014 15:17:15] :System.DirectoryServices.DirectoryServicesCOMException\r\nThere is no such object on the server.
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindAll()
at Microsoft.ConfigurationManagement.AdminConsole.Common.ADUtils.EnumEnterpriseCACertificateTemplates(String domainEntryName, String certAuthorityFqdn, Boolean isServerAuthen)\r\n
I will look into this, but another hint would be greatly appreciated!
Thanks,
Tesfaye -
OOB Enrollment Point service error
We're beginning to migrate our SCCM 2007 clients to our new SCCM 2012 site. We're also getting new replacement systems that have AMT 7x on them. We realize we won't be able to provision the new systems until SCCM 2012 SP1 and that's not a problem.
Looking at the amtopmgr.log we're seeing some errors we'd like to sort out in the meantime.
ERROR: [EnrollmentWrapper]: Communicate to Enrollment service error. The service URL is
https://SCCMServer.domain.com:443/EnrollmentService/AmtEnrollmentService.svc. Please check: 1. The service URL is correct and accessible. 2. Windows Communication Foundation (WCF) Activation is installed on the OOB service point and Enrollment points. 3.
The OOB service point and the Enrollment point are mutual trusted, means each Site System Identification certificate is swapped to other's trusted people store.
I tried browsing to the url to see if I could run the web service but it's not showing anything. Is there another way to find out what might be causing this error?
Orange County District AttorneyAny joy with this, Sandy? I am having the same output in amtopmgr.log
I'm using PKI certs from an internal CA and have a feeling it might be related to this as the log shows the following:
[EnrollmentWrapper]: SCCMCertCredentials - finding self signed sms cert by thumbprint~~ $$<SMS_AMT_OPERATION_MANAGER><08-16-2012 11:04:56.626-60><thread=6336 (0x18C0)>
[EnrollmentWrapper]: FindCertificate - finding in LocalMachine, store Sms, find type FindByThumbprint, validOnly = False~~ $$<SMS_AMT_OPERATION_MANAGER><08-16-2012 11:04:56.632-60><thread=6336 (0x18C0)>
[EnrollmentWrapper]: FindCertificate - there are 7 certs in the specified store~~ $$<SMS_AMT_OPERATION_MANAGER><08-16-2012 11:04:56.633-60><thread=6336 (0x18C0)>
[EnrollmentWrapper]: FindCertificate - Found certs via FindByThumbprint, count = 1~~ $$<SMS_AMT_OPERATION_MANAGER><08-16-2012 11:04:56.634-60><thread=6336 (0x18C0)>
[EnrollmentWrapper]: FindCertificate - cert[0].FriendlyName = Site System Identification Certificate~~ $$<SMS_AMT_OPERATION_MANAGER><08-16-2012 11:04:56.634-60><thread=6336 (0x18C0)>
[EnrollmentWrapper]: FindCertificate - cert[0].Subject = CN=Site System Identification~~ $$<SMS_AMT_OPERATION_MANAGER><08-16-2012 11:04:56.634-60><thread=6336 (0x18C0)>
[EnrollmentWrapper]: FindCertificate - cert[0].Issuer = CN=Site System Identification~~ $$<SMS_AMT_OPERATION_MANAGER><08-16-2012 11:04:56.635-60><thread=6336 (0x18C0)>
ERROR: [EnrollmentWrapper]: Communicate to Enrollment service error. The service URL is https://SCCMserver.domain.com:443/EnrollmentService/AmtEnrollmentService.svc. Please check: 1. The service URL is correct and accessible. 2. Windows Communication Foundation
(WCF) Activation is installed on the OOB service point and Enrollment points. 3. The OOB service point and the Enrollment point are mutual trusted, means each Site System Identification certificate is swapped to other's trusted people store.~~ $$<SMS_AMT_OPERATION_MANAGER><08-16-2012
11:04:57.712-60><thread=6336 (0x18C0)>
Error: Enroll AMT device failed $$<SMS_AMT_OPERATION_MANAGER><08-16-2012 11:04:57.821-60><thread=6336 (0x18C0)> -
Reward certificate issue last year and never received
I enrolled in the rewards program last year with a large purchase. This enrollment was in store at the time and I did not provide an email address. I logged in sometime after I enrolled and noticed that I had a $20 certificate issued a week or so after my purchase. I read that these are sent to the email address on file, but I did not have one enrolled. If it was mailed out I did not receive this either.
A second part of this is, when I attempt to go to the email address section on my account it says, "We're sorry. Your email address is currently unavailable."
Is it possilbe to get the points back since I did not have an email address enrolled?
Thanks!Hello kjeldoran2015,
Welcome to the Best Buy forum!
While an email should be sent out each time points are converted into a certificate, we cannot guarantee the delivery of any emails. There are times where outside factors beyond our control may prevent an email from being delivered. Either way, you would not have needed to receive an email in-order to redeem the $20 certificate because we can look up active certificates in any of our store registers and apply them to a purchase.
As you may read on the forum, a certificate will expire 60 days after it was issued unless noted otherwise on the actual certificate. The $20 certificate in-question cannot be reissued if it has officially expired, per the Program Terms. I am going to send you a private message so that I can go over your account with you to ensure everything is up-to-date. To check your private messages, you will want to login to the forum and click on the yellow envelope at the top.
I hope you have a great day, and thank you for being a My Best Buy™ member.
Derek|Social Media Specialist | Best Buy® Corporate
Private Message -
Unable to enroll Computer certificates on Server 2008 R2 and older
I've found a strange issue with our CA setup, and it didn't used to be a problem. While renewing some internal certificates a couple of months ago I discovered that systems of the Windows 7/Server 2008 R2 and older families cannot enroll for a Computer
certificate or for a custom template I built for web servers. Systems of the Windows 8/Server 2012 and newer families can enroll using the exact same user and process without any trouble. Direct IIS "domain certificate" enrollment still
works.
I'm enrolling with the Certificates MMC snap-in to allow use of the enhanced security template I built. I open MMC, add the local computer certificates snap-in, and then attempt to request a certificate with Personal > Certificates > All Tasks
> Request New Certificate. I choose the Active Directory Enrollment Policy but then get the "Certificate types are not available" error message and a blank selection screen. If I check the box to show all templates the certificates
I want are listed with:
"The permissions on this certification authority do not allow the current user to enroll for certificates. A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA doesn't' support this
operation, or the CA is not trusted."
I've checked Event Viewer on both the CA and the clients, along with the CA request logs, but there's nothing visibly wrong. The error message seems to say it all but since Windows 8/2012 clients and newer work I know the CA is functional and that
the Administrator account can request certificates. I've searched the web but can't find anything like this specific issue.
Any ideas?
Thank you!Hi Amy.
Domain Admins and Enterprise Admins have Read/Write/Enroll. Authenticated Users have Read.
I also created a copy of an existing certificate (Web Server) but am unable to see it when I go to New > Certificate Template to Issue. Our domain has had plenty of time to replicate the copied template.
I don't recall making any changes that would have affected a computer's ability to enroll. There has been some Group Policy work done and a new certificate template was created and marked to issue, but this problem was picked up by accident when I
went to generate internal certificates back in October. All administrative work is done as the domain Administrator account.
We didn't have issues with this CA when it was first built, so something did change. We don't have a large PKI environment, just some internal web sites, so if it comes to it I may just start over with everything. When we moved to Server 2012
on this system it was an upgrade from a Server 2003 CA that was never properly used or maintained. It may be better just to clean everything and get one consistent root certificate again.
Alan -
Checklist for Exchange Certificate issues
Checklist for Exchange Certificate issues
1.
Why certificate is important for Exchange and What are Certificates used for
Exchange is now using certificates for more than just web, POP3, or IMAP. In addition to
securing web services, it has also incorporated Transport Layer Security (TLS) for session based authentication and encryption.
Certificates are used for several things on Exchange Server. Most customers also use certificates
on more than one Exchange server. In general, the fewer certificates you have, the easier certificate management becomes.
IIS (OWA, ECP, EWS, EAS, OA, Autodiscover, OAB, UM)
POP/IMAP
SMTP
2.
Common symptoms for
certificate issue
Here we can see three different types of the certificate warning, mainly from the Outlook
side.
a.
Certificate mismatch issue
b.
Certificate trust issue
c.
Certificate expiration issue
3.
Checklists
In this section, checklists will be provided according to the three different scenarios:
Certificate Mismatch Issue
[Analysis]:
This issue mainly occurs because the URL of the web services Outlook tries
to connect does not match the host name in the certificate.
[Checklist]:
Firstly make sure how many host name in your certificate the certificate. Run “Get-ExchangeCertificate | select certificatedomain”.
Secondly, check the web services URLs which Outlook are trying to connect to. Run “Test Email AutoConfiguration”
In this scenario, you need to check the host name for the following services:
Autodiscover
EWS
OAB
ECP
UM
If any of the urls above does not match the one in the certificate, refer to the following article to change
it via EMS:
http://support.microsoft.com/kb/940726
1.
Do not forget to restart the IIS service after applying the changes above.
2. Make sure a valid certificate is enabled on the IIS service.
Certificate Trust Issue
[Analysis]:
For the self-signed and PKI-based (Enterprise)
certificates, they are not automatically trusted by the client computer or mobile device, you must make sure that you import the certificate into the trusted root certificate store on client computers and devices. On the other hand, Third-party or commercial
certificates do not have this problem. Most commercial CA certificates are already trusted because the certificate already resides in the trusted root certificate store. Because the issuer is trusted, the certificate is also trusted. Using third-party certificates
greatly simplifies deployment.
[Checklist]:
If it’s an Enterprise CA certificate, manually install the root certificate to the “Trusted Root Certification Authorities” folder:
If it is a 3<sup>rd</sup>-party certificate, first remove and reinstall the certificate. Check whether the Windows Certificate Store on the local
client is corrupted. If it still does not work, please contact the third-party CA support to verify the certificate.
Certificate Expiration Issue
[Checklist]:
When a certificate is about to expired, we just need to renew it by referring the following article:
Renew an Exchange Certificate
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx
To avoid any conflictions, it’s recommended to remove the expired certificate from the certificate store.
[How to set a reminder to alert the administrator when a certificate is about to expired]:
It’s easy to fix the certificate expire issue. But it should be more important to set a reminder before the
certificate expiration. Or there can be a large user impacts.
Generally, the Event ID “^(24|25)$” will appear in Application log when a certificate is about to expire.
If it’s not quite visible, we can refer to the following solution:
http://blogs.technet.com/b/nexthop/archive/2011/11/18/certificate-expiration-alerting.aspx
OWA certificate revoked issue
[Analysis]:
IE
includes support for server certificate revocation which verifies that an issuing
CA has not revoked a server certificate. This feature checks for CryptoAPI revocation when certificate extensions
are present. If the URL for the revocation information is unresponsive, IE cancels the connection.
[Solution or workaround]:
1. Contact CA provider and check whether the questioned certificate is in the Revoked List.
2. If not, check whether the certificate has a private key.
3. Remove the old certificate and import the new one.
Workaround:
IE Internet Options -> Advanced tab -> Clear the "Check for server certificate revocation"
checkbox.
4.
More References
Digital Certificates and SSL
http://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx
More on Exchange 2007 and certificates - with real world scenario
http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx(Reported previous post with link to SIS package to moderator)
This is not the correct SIS package for the N73. The package shown is for S60 3.2 devices, but the N73 is not S60 3.2, I believe it is S60 3.0.
Most features may work with this SIS, but if you experience strange problems, try using the S60 3.0 version.
But there are no significant difference between 2.5.3 and 2.5.5 with regard to attachments. The only changes were with localization (languages).
At this point, try 2.7.0 which is out now:
http://businesssoftware.nokia.com/mail_for_exchange_downloads.php
Make sure to pick the right phone on the drop down list. It does matter! There are 4 different packages. This list makes sure you get the right one.
I have seen some issues with attachments not completing that seem to be carrier dependent. You can test this my using Wifi (if possible).
Message Edited by m4e_team_k on 28-Sep-2008 12:25 AM -
How to fetch certificates issued in past
Hi,
I have a long list of templates issued in my Client's Issuing CA, some of them are not in use. If I try to export " Issued Certificates" list from CA, it hangs.
I want to know how many certificates and last certificate issed from a specific template for fine-tuning and seggregation purpose. Please let me know how we can check that status.
Thanks
Neha GargHi Paul,
I am getting the output like this :
C:\Windows\system32>certutil -view -restrict "certificate template=<1.3.6.1.4.1.
311.21.8.10269956.2688026.1196953.3333800.9810006.227.1092942.575204>"
Schema:
Column Name Localized Name Type MaxLength
Request.RequestID Request ID Long 4 -- Index
ed
Request.RawRequest Binary Request Binary 65536
Request.RawArchivedKey Archived Key Binary 65536
Request.KeyRecoveryHashes Key Recovery Agent Hashes String 8192
Request.RawOldCertificate Old Certificate Binary 16384
Request.RequestAttributes Request Attributes String 32768
Request.RequestType Request Type Long 4
Request.RequestFlags Request Flags Long 4
Request.StatusCode Request Status Code Long 4
Request.Disposition Request Disposition Long 4 -- Index
ed
Request.DispositionMessage Request Disposition Message String 8192
Request.SubmittedWhen Request Submission Date Date 8 -- Index
ed
Request.ResolvedWhen Request Resolution Date Date 8 -- Index
ed
Request.RevokedWhen Revocation Date Date 8
Request.RevokedEffectiveWhen Effective Revocation Date Date 8 -- Index
ed
Request.RevokedReason Revocation Reason Long 4
Request.RequesterName Requester Name String 2048 -- In
dexed
Request.CallerName Caller Name String 2048 -- In
dexed
Request.SignerPolicies Signer Policies String 8192
Request.SignerApplicationPolicies Signer Application Policies String 8192
Request.Officer Officer Long
4
Request.DistinguishedName Request Distinguished Name String 8192
Request.RawName Request Binary Name Binary 4096
Request.Country Request Country/Region String 8192
Request.Organization Request Organization String 8192
Request.OrgUnit Request Organization Unit String 8192
Request.CommonName Request Common Name String 8192
Request.Locality Request City String 8192
Request.State Request State String 8192
Request.Title Request Title String 8192
Request.GivenName Request First Name String 8192
Request.Initials Request Initials String 8192
Request.SurName Request Last Name String 8192
Request.DomainComponent Request Domain Component String 8192
Request.EMail Request Email Address String 8192
Request.StreetAddress Request Street Address String 8192
Request.UnstructuredName Request Unstructured Name String 8192
Request.UnstructuredAddress Request Unstructured Address String 8192
Request.DeviceSerialNumber Request Device Serial Number String 8192
RequestID Issued Request ID Long 4 -- Index
ed
RawCertificate Binary Certificate Binary 16384
CertificateHash Certificate Hash String 128 -- Ind
exed
CertificateTemplate Certificate Template String 254 -- Ind
exed
EnrollmentFlags Template Enrollment Flags Long 4
GeneralFlags Template General Flags Long 4
PrivatekeyFlags Template Private Key Flags Long 4
SerialNumber Serial Number String 128 -- Ind
exed
IssuerNameID Issuer Name ID Long 4
NotBefore Certificate Effective Date Date 8
NotAfter Certificate Expiration Date Date 8 -- Index
ed
SubjectKeyIdentifier Issued Subject Key Identifier String 128 -- In
dexed
RawPublicKey Binary Public Key Binary 4096
PublicKeyLength Public Key Length Long 4
PublicKeyAlgorithm Public Key Algorithm String 254
RawPublicKeyAlgorithmParameters Public Key Algorithm Parameters Binary 4096
PublishExpiredCertInCRL Publish Expired Certificate in CRL Long 4
UPN User Principal Name String
2048 -- In
dexed
DistinguishedName Issued Distinguished Name String 8192
RawName Issued Binary Name Binary 4096
Country Issued Country/Region String 8192
Organization Issued Organization String 8192
OrgUnit Issued Organization Unit String 8192
CommonName Issued Common Name String 8192 -- In
dexed
Locality Issued City
String 8192
State Issued State
String 8192
Title Issued Title
String 8192
GivenName Issued First Name String 8192
Initials Issued Initials String 8192
SurName Issued Last Name String 8192
DomainComponent Issued Domain Component String 8192
EMail Issued Email Address String 8192
StreetAddress Issued Street Address String 8192
UnstructuredName Issued Unstructured Name String 8192
UnstructuredAddress Issued Unstructured Address String 8192
DeviceSerialNumber Issued Device Serial Number String 8192
Maximum Row Index: 0
0 Rows
0 Row Properties, Total Size = 0, Max Size = 0, Ave Size = 0
0 Request Attributes, Total Size = 0, Max Size = 0, Ave Size = 0
0 Certificate Extensions, Total Size = 0, Max Size = 0, Ave Size = 0
0 Total Fields, Total Size = 0, Max Size = 0, Ave Size = 0
CertUtil: -view command completed successfully.
but it doesnt give me the output that I am looking for. I want to know details of last certificate issued by a given template and its validity status.
Please let me know if I need to make any changes in command.
Thanks
Neha Garg -
On a server 2012R2 Essentials when trying to install the essentials experience the first install works ok but the configuration allways stops with the message "Certificate Issuer is installed on this server" and no way to continue the configuration.
Windows/Logs/CBS/
2014-07-24 21:10:04, Info CBS TI: --- Initializing Trusted Installer ---
2014-07-24 21:10:04, Info CBS TI: Last boot time: 2014-07-24 18:36:03.489
2014-07-24 21:10:04, Info CBS Starting TrustedInstaller initialization.
2014-07-24 21:10:04, Info CBS Ending TrustedInstaller initialization.
2014-07-24 21:10:04, Info CBS Starting the TrustedInstaller main loop.
2014-07-24 21:10:04, Info CBS TrustedInstaller service starts successfully.
2014-07-24 21:10:04, Info CBS No startup processing required, TrustedInstaller service was not set as autostart
2014-07-24 21:10:04, Info CBS Startup processing thread terminated normally
2014-07-24 21:10:04, Info CBS Starting TiWorker initialization.
2014-07-24 21:10:04, Info CBS Ending TiWorker initialization.
2014-07-24 21:10:04, Info CBS Starting the TiWorker main loop.
2014-07-24 21:10:04, Info CBS TiWorker starts successfully.
2014-07-24 21:10:04, Info CBS Universal Time is: 2014-07-24 19:10:04.379
2014-07-24 21:10:04, Info CBS Loaded Servicing Stack v6.3.9600.17200 with Core: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\cbscore.dll
2014-07-24 21:10:04, Info CSI 00000001@2014/7/24:19:10:04.379 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7ffd2cb360e5 @0x7ffd2de92e53 @0x7ffd2de924ac @0x7ff60b37d2df @0x7ff60b37d9e4
@0x7ffd588d2385)
2014-07-24 21:10:04, Info CBS Could not load SrClient DLL from path: SrClient.dll. Continuing without system restore points.
2014-07-24 21:10:04, Info CBS SQM: Initializing online with Windows opt-in: True
2014-07-24 21:10:04, Info CBS SQM: Cleaning up report files older than 10 days.
2014-07-24 21:10:04, Info CBS SQM: Requesting upload of all unsent reports.
2014-07-24 21:10:04, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2
2014-07-24 21:10:04, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6
2014-07-24 21:10:04, Info CBS NonStart: Set pending store consistency check.
2014-07-24 21:10:04, Info CBS Session: 30386034_3758808251 initialized by client WinMgmt.
2014-07-24 21:10:04, Info CBS Enumerating Foundation package: Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~6.3.9600.16384, this could be slow
2014-07-24 21:10:05, Info CSI 00000002 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x172dbed940
2014-07-24 21:10:05, Info CSI 00000003 Creating NT transaction (seq 1), objectname [6]"(null)"
2014-07-24 21:10:05, Info CSI 00000004 Created NT transaction (seq 1) result 0x00000000, handle @0x25c
2014-07-24 21:10:08, Info CSI 00000005 Poqexec successfully registered in [ml:26{13},l:24{12}]"SetupExecute"
2014-07-24 21:10:08, Info CSI 00000006@2014/7/24:19:10:08.151 Beginning NT transaction commit...
2014-07-24 21:10:08, Info CSI 00000007@2014/7/24:19:10:08.182 CSI perf trace:
CSIPERF:TXCOMMIT;32854
2014-07-24 21:10:08, Info CSI 00000008 CSI Store 99552754976 (0x000000172dce7d20) initialized
2014-07-24 21:10:08, Info CSI 00000009@2014/7/24:19:10:08.182 CSI Transaction @0x172e9bcaa0 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002
and client id [26]"TI5.30386034_3758808251:1/"
2014-07-24 21:10:08, Info CSI 0000000a@2014/7/24:19:10:08.182 CSI Transaction @0x172e9bcaa0 destroyed
2014-07-24 21:10:19, Info CBS Session: 30386012_3156824848 initialized by client DISM Package Manager Provider.
2014-07-24 21:12:19, Info CBS Trusted Installer is shutting down because: SHUTDOWN_REASON_AUTOSTOP
2014-07-24 21:12:19, Info CBS TiWorker signaled for shutdown, going to exit.
2014-07-24 21:12:19, Info CBS Ending the TiWorker main loop.
2014-07-24 21:12:19, Info CBS Starting TiWorker finalization.
2014-07-24 21:12:19, Info CBS Ending the TrustedInstaller main loop.
2014-07-24 21:12:19, Info CBS Starting TrustedInstaller finalization.
2014-07-24 21:12:19, Info CBS Ending TrustedInstaller finalization.
2014-07-24 21:12:20, Info CBS Ending TiWorker finalization.
Any ideas?
//ChristerHi Justin!
nltest /server:"servername" /sc_reset:"domaninname" returns: "I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN"
Dcdiag /q returns : An error occurred. EventID: 0xC0001B77
The text log was not small enough to post here..
Regards.
Christer
Can not find anything directly related in windows-logs but here is the latest log from CBS folder..
2014-07-28 11:04:25, Info CSI 00000888 [DIRSD OWNER WARNING] Directory [ml:520{260},l:118{59}]"\??\C:\Windows\Inf\Windows Workflow Foundation 3.0.0.0\041D" is not owned but specifies
SDDL in component Microsoft-Windows-WWFCoreComp.Resources, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"sv-se", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:04:25, Info CSI 00000889 [DIRSD OWNER WARNING] Directory [ml:128{64},l:126{63}]"\??\C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en" is not owned but specifies
SDDL in component Microsoft.Dtc.PowerShell.Non_msil.Resources, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:04:28, Info CSI 0000088a [DIRSD OWNER WARNING] Directory [ml:134{67},l:132{66}]"\??\C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US" is not owned but specifies
SDDL in component Microsoft.Dtc.PowerShell.Scripts.Resources, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:04:28, Info CSI 0000088b [DIRSD OWNER WARNING] Directory [ml:520{260},l:134{67}]"\??\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework" is not owned but specifies
SDDL in component Microsoft-Windows-WWFCoreComp, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:04:28, Info CSI 0000088c [DIRSD OWNER WARNING] Directory [ml:520{260},l:118{59}]"\??\C:\Windows\Inf\Windows Workflow Foundation 3.0.0.0\0000" is not owned but specifies
SDDL in component Microsoft-Windows-WWFCoreComp, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:04:28, Info CSI 0000088d [DIRSD OWNER WARNING] Directory [ml:520{260},l:114{57}]"\??\C:\Program Files (x86)\Reference Assemblies\Microsoft" is not owned but specifies SDDL
in component Microsoft-Windows-WWFCoreComp, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:04:28, Info CSI 0000088e [DIRSD OWNER WARNING] Directory [ml:520{260},l:144{72}]"\??\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0" is not owned
but specifies SDDL in component Microsoft-Windows-WWFCoreComp, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:04:28, Info CSI 0000088f [DIRSD OWNER WARNING] Directory [ml:520{260},l:94{47}]"\??\C:\Program Files (x86)\Reference Assemblies" is not owned but specifies SDDL in component
Microsoft-Windows-WWFCoreComp, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:04:30, Info CSI 00000890 Ignoring duplicate ownership for directory [l:72{36}]"\??\C:\Windows\microsoft.net\authman" in component Microsoft.Interop.Security.AzRoles, Version
= 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:04:31, Info CSI 00000891 [SR] Verify complete
2014-07-28 11:04:31, Info CSI 00000892 [SR] Verifying 100 (0x0000000000000064) components
2014-07-28 11:04:31, Info CSI 00000893 [SR] Beginning Verify and Repair transaction
2014-07-28 11:04:36, Info CSI 00000894 [SR] Verify complete
2014-07-28 11:04:36, Info CSI 00000895 [SR] Verifying 100 (0x0000000000000064) components
2014-07-28 11:04:36, Info CSI 00000896 [SR] Beginning Verify and Repair transaction
2014-07-28 11:04:40, Info CSI 00000897 [DIRSD OWNER WARNING] Directory [ml:520{260},l:120{60}]"\??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\RedistList" is not owned but specifies
SDDL in component NetFx-ASSEMBLYLIST_XML, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope neutral, PublicKeyToken = {l:8 b:b03f5f7f11d50a3a}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:04:42, Info CSI 00000898 [SR] Verify complete
2014-07-28 11:04:42, Info CSI 00000899 [SR] Verifying 100 (0x0000000000000064) components
2014-07-28 11:04:42, Info CSI 0000089a [SR] Beginning Verify and Repair transaction
2014-07-28 11:04:46, Info CSI 0000089b [SR] Verify complete
2014-07-28 11:04:46, Info CSI 0000089c [SR] Verifying 100 (0x0000000000000064) components
2014-07-28 11:04:46, Info CSI 0000089d [SR] Beginning Verify and Repair transaction
2014-07-28 11:04:52, Info CSI 0000089e [SR] Verify complete
2014-07-28 11:04:52, Info CSI 0000089f [SR] Verifying 100 (0x0000000000000064) components
2014-07-28 11:04:52, Info CSI 000008a0 [SR] Beginning Verify and Repair transaction
2014-07-28 11:04:58, Info CSI 000008a1 [SR] Verify complete
2014-07-28 11:04:58, Info CSI 000008a2 [SR] Verifying 100 (0x0000000000000064) components
2014-07-28 11:04:58, Info CSI 000008a3 [SR] Beginning Verify and Repair transaction
2014-07-28 11:05:02, Info CSI 000008a4 [SR] Verify complete
2014-07-28 11:05:02, Info CSI 000008a5 [SR] Verifying 100 (0x0000000000000064) components
2014-07-28 11:05:02, Info CSI 000008a6 [SR] Beginning Verify and Repair transaction
2014-07-28 11:05:08, Info CSI 000008a7 [SR] Verify complete
2014-07-28 11:05:08, Info CSI 000008a8 [SR] Verifying 52 (0x0000000000000034) components
2014-07-28 11:05:08, Info CSI 000008a9 [SR] Beginning Verify and Repair transaction
2014-07-28 11:05:09, Info CSI 000008aa [DIRSD OWNER WARNING] Directory [ml:520{260},l:56{28}]"\??\C:\Windows\system\Speech" is not owned but specifies SDDL in component Windows-Media-SpeechSynthesis-WinRT,
pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:05:09, Info CSI 000008ab Ignoring duplicate ownership for directory [l:56{28}]"\??\C:\Windows\system\Speech" in component Windows-Media-SpeechSynthesis-WinRT, Version =
6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2014-07-28 11:05:09, Info CSI 000008ac [SR] Verify complete
2014-07-28 11:05:09, Info CSI 000008ad [SR] Repairing 1 components
2014-07-28 11:05:09, Info CSI 000008ae [SR] Beginning Verify and Repair transaction
2014-07-28 11:05:09, Info CSI 000008af Hashes for file member \??\C:\Program Files\Windows Server\Bin\WebApps\RemoteAccess\Web.config do not match actual file [l:20{10}]"Web.config"
Found: {l:32 b:jiP+IRWGZxsG0nX6il5MCZofFThiSfytb8Ih27r5EPk=} Expected: {l:32 b:KR7DbPqdCKMwdiZI2XDSr42o4ujtpZlzfX9ud+ODKRM=}
2014-07-28 11:05:09, Info CSI 000008b0 [SR] Repairing corrupted file [ml:520{260},l:120{60}]"\??\C:\Program Files\Windows Server\Bin\WebApps\RemoteAccess"\[l:20{10}]"Web.config" from
store
2014-07-28 11:05:09, Info CSI 000008b1 [SR] Repair complete
2014-07-28 11:05:09, Info CSI 000008b2 [SR] Committing transaction
2014-07-28 11:05:09, Info CSI 000008b3 Creating NT transaction (seq 2), objectname [6]"(null)"
2014-07-28 11:05:09, Info CSI 000008b4 Created NT transaction (seq 2) result 0x00000000, handle @0xba4
2014-07-28 11:05:11, Info CSI 000008b5@2014/7/28:09:05:11.308 Beginning NT transaction commit...
2014-07-28 11:05:11, Info CSI 000008b6@2014/7/28:09:05:11.470 CSI perf trace:
CSIPERF:TXCOMMIT;163479
2014-07-28 11:05:11, Info CSI 000008b7 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
2014-07-28 11:07:13, Info CBS Trusted Installer is shutting down because: SHUTDOWN_REASON_AUTOSTOP
2014-07-28 11:07:13, Info CBS TiWorker signaled for shutdown, going to exit.
2014-07-28 11:07:13, Info CBS Ending the TiWorker main loop.
2014-07-28 11:07:13, Info CBS Starting TiWorker finalization.
2014-07-28 11:07:13, Info CBS Ending the TrustedInstaller main loop.
2014-07-28 11:07:13, Info CBS Starting TrustedInstaller finalization.
2014-07-28 11:07:13, Info CBS Ending TrustedInstaller finalization.
2014-07-28 11:07:13, Info CBS Ending TiWorker finalization.
Regards. Christer -
Points / Certificate question
I preordered Destiny and used (what I thought) was a combination of available certificates and gift cards. I have been unable to access my points history, but it is saying that I have $5 in certificates to use. I have two questions,
1) Looking at the order history, I see the gift cards were used, but the points do not seem to be. Can this be confirmed for me?
2) Can the existing certificate be applied to an existing order? I am concerned with cancelling and replacing the same order as it is for a high demand product and I do not want to lose my ability to get the item.
3) Since the points history has not been accessible for me, as it seems to be the case with others, will Best Buy make an exception to the policy of reissuing rewards certificates based on this issue?
4) I have my rewards certificates set to issue at $20. Is there a way to see when I changed this versus when the last two certificates were issued?
I understand the policy of reissuing, so if that is the final answer, you do not need to send me to the fine print link. I am just hoping the interest of customer service some sort of resolution can be found. If not, I'll chalk it up as lost money to a confusing and broken system.
Also, if this is Derek answering, you have helped me multiple times with other issues. This is not intended to criticize any individuals. Thanks!Good morning ToxicLogics,
I am more than happy to see if I can help answer your questions!
Based on your pre-order, it does not appear that any My Best Buy certificates were redeemed.
If you want to apply any active My Best Buy certificates to your pre-order, then you would need to cancel the existing pre-order and place a new pre-order.
Are you trying to view your points history by logging into BestBuy.com? If you want to view the details of your account and access your points/certificates , then you are going to wan to login to MyBestBuy.com. Your My Best Buy and BestBuy.com accounts appear to be linked.
I am unable to see when you changed your certificate preference
I would like to go over your My Best Buy account with you to ensure it is up-to-date and that your certificate preference is correct, so I will be sending you a private message. You can check your private messages by logging into the forum and clicking on the little yellow envelope at the top of the page.
Thank you for posting to the forum!
Derek|Social Media Specialist | Best Buy® Corporate
Private Message -
Deploy iPads AC 1.5 + PM 3 enrollment profile install-issues
I'm having a hard time in deploying iPads the OTA-way using Profile Manager 3 and Apple Configurator 1.5.
Under Profile Manager (OS X Mavericks) I have a valid trust certificate and a created enrollment profile (for the iPads).
Under Apple Configurator 1.5 I prepare an iPad using Supervised mode and added the trust certificate and a WiFi-setting. In the Supervise-tab I add the enrollment profile (created in Profile Manager). Everything works nice until the enrollment profile needs to be installed. Every time I get an error stating the profile could not be installed... AC 1.5 has a new feature on the Prepare-tab: anchor profiles. Is it possible this has something to do with the error I get? I can't find any info on that new feature...
Extra info: I'm using the same Profile Manger to deploy iMacs and this works without problems. So the trust certificate is valid.
I've been watching so many video's demonstrating the deployment-process of iPads using AC and PM. Those installments all work. Very frustrating... I can't get it to work... I've to state that all those video's use AC 1.4.x and the iPads have versions prior to iOS7.1.
I even have tried to enroll the iPads on a manual basis but I always end up with the same error.
Can anyone help me or give some tips in order to get my iPads enrolled?Same issues here.
Buggy as ****..
Also after some time, the Profile Manager PAne doesn't even fill in Server.app.....stays at Loading...
Nevertheless, the service itself works with the bug you outlined, plus enroll is impossible for me (check my post here: Can't enroll devices with Profile Manager - invalid key )
I hope all these get fixed in 10.7.1 !!! -
Basically my Ipad2 stopped allowing me to go to sites such as Tumblr a little while ago. It wouldn't display the page properly because of 'security certificate' issues. This in itself would not have been such a problem, but when I went to the App store to try and download the Tumblr App, a pop up appeared asking me to answer some security questions before I could successfully install the App. However, the pop up would not display correctly because of 'security certificate' issues and as a result I can't download any apps from the App Store. Can anyone help with this??
Well, I maged to delete some stuff, download the update...
My Mac mail is still not ok. Still only displays today, yesterday and everything is the 16th of the month previous to this?
All a bit strange to say the least any suggestons on how to resolve this.
I now have a second issue in all my emails at the very top of each it describes in detail the full information of
Delivered-To:
Received:
Received:
Received:
Received:
X-Received:
Return-Path:
Received-Spf:
Authentication-Results:
Content-Type:
Mime-Version:
X-Mailer:
X-Cloudmark-Analysis:
Surely this should not be displayed rather insecure I would think. Any suggestions on how to amend -
Certificates issued by communications server for client authentication
Hi,
we ran into problem with those certificates, that are being issued by the lync server itself. In our enteprise we have CX600 and CX3000 phones, and i know that certificate authentication is required for the phones to work (both for registrar and webservice).
However, now that users have lync installed, they have their communications server certificate assigned as well. The problem is when a user needs to sign a document with the certificate from our private CA, for most of the users, word or excel suggests to
use a certificate issued by communications server, not our ent CA. Maybe there is a way for LYNC to trust private enteprise CA and not give out its own certificates and STILL use certificate authentication?
Thanks!Facing almost the same issue, Lync (server) issues ClientAuth certs from "Communication Server", (btw
is not trusted of course), and in turns forces users to make a selection of which VPN cert to use when dialing in, instead of only one ClientAuth cert installed, they now have 2 ClientAuth certs installed, which our internal CA's should care about and NOT
the Lync (server).
Don’t get how an MS product of this caliber can be built without proper PKI integration, how can it NOT utilize internally issued certs for client authentication???
Not the first though, SCCM and OSD is another example....
However, are you saying that Lync communication can’t be used without certificate authentication,
without the user being spammed with credential prompts?
Trying to get clarification on this… -
CF7 and JDK 1.4.2 - EV SSL Certificate Issue
Let me start off by telling the group that we do not use CF for any of our applications. We are a payments company that hosts a .NET API in IIS that 100's of thousands of customer use. We have one particular customer using CF7 and JDK 1.4.2 who is currently unable to process against our API. About a week ago we upgraded our SSL certificates to EV (Extended Validation) and since that time our once happy customer is now unhappy. I have spent hours working with him, going through FAQs and walk throughs, knowledge bases and forums and have had no luck. Here are the details:
EV Certificate issued by DigiCert (4096-bit).
Customer is on CF7 and JDK 1.4.2.
When he attempts to process against our API with the new certificate he gets 'Connection Failure: Status code unavailable' message from his CF application. He is using cfhttp to post his requests. We found a work around that indicated that the only issue with JDK 1.4.2 was importing the high-bit certificates. Our customer installed JDK 1.6, imported the certificate (and all intermediate certificates) successfully into the cacerts file, but when attempting to list using JDK 1.4.2 is returns an invalid certificate error and still will not work.
Please help as we are currently in a work around state for this customer (not long term) and we have exhausted the resources we have access to for solving this issue.
Thanks in advance to those gurus that reply. I have attached a sample post from our customers logs with non-essential data removed.
I can be reached by phone at 801-341-5620 if anyone feels like reaching out to talk.
- DaveDave,
I am having a similar issue with CF7 and PayPal's Reporting API which also uses EV SSL.
I can offer that in my testing, both CF 8 and CF 9 do seem to be able to work when using CFHTTP and EV SSL,
so the only solution I can offer at this time is to make the suggestion to your customer that they need to upgrade
to either CF 8 or CF 9 to get the issue quickly resolved.
I'm still working to see if I can find a solution for CF7 and I've been asking around in the CF community for help, so
if I do find a solution, I'll definitely post it there for you.
Cheers -
Clean Access Agent 4.0.5 certificate issue
Dear all,
I ran into an issue that I hope you could help me resolve.
We have NAC 4.0.5 and windows active directory domain.... the clients log on to the client to access the network with their domain credentials and they used to get the "Certificate is issued from an untrusted...." until I installed the www.perfigo.com certificate to the local certificate store...
But as I'm a newbie... I seem to have done something on the NAC manager that messed up something, cause now the client considers the certificate issued from a trusted source, BUT a warning stating that the name on the certificate does not match the name (image attached)..
What would be the possible solution to this??Hi,
This can happen if you change IP address or hostname of the issued certificate...
Have you done any of these?
As side note, please beaware that 4.0.5 is End of Life since March 16th 2009... so you may want to consider upgrading your setup.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/end_of_life_notice_c51-524732.html.
HTH,
Tiago -
When accessing Intranet sites with that have SSL Certificates issued by our internal PKI, FF for Windows gives an error messsage - An error occurred during a connection to myshaw. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)
Chrome and IE work fine. This is a new PKI using the SHA-2 signature algorithm.Hi Guigs2,
From the other post you link too, I can confirm that both the Root and Subordinate CA have been commissioned with the:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\IssuingCA\CSP\AlternateSignatureAlgorithm = 1
registry key set. As can be seen above, the Signature algorithm on an issued certificate is RSASSA-PSS. This is been Microsoft suggested deployment IF you do not wish to support either XP or Windows 2003 machine and lower. In fact, I believe the option has been around since Windows 2008, however, there were of course, a lot more XP machines back then.
The obvious answer is that we would like to maintain the updated algorithm, AND see support for it added for Firefox. I think you will see a LOT more posts like this as people deploy more 2012 PKI infrastructure supporting only Windows 7 and up. Heavens, we may well be forced to Chrome or even back to IE!!! Whilst I do not what to necessary open up other potential vulnerabilities, for the sake of testing, what do you mean by disabling mozilla:pkix?
Maybe you are looking for
-
Help please!! my itunes (windows) wont open when I click on the short cut or go into start and programs. it simply wont open. Someone recommended delelting and re downloading...but will I loose all my music????? Someone please help me!!! THANKS!
-
Ssrs 2008 r2 textbox expression
In an SSRS 2008 R2 existing report, I wouuld like a particular textbox to look like the following when there is data: Checking: $57.35 In the same textbox when there is no amount, the textbox would look like the following: Checking: $0.00 The f
-
FCP & other programs not opening when plug in Firewire
Hello, First, please forgive the double posting - but I just didn't think that I had made myself very clear lastnight, and I wanted to rectify that. The problem is, that whenever I plug my camera/deck into my G5 with my firewire, no program will open
-
Need of feedback ,base on your experience
Hi everyone I need recommendations and feedback if possible. we are grouping 60 differents strores ,separated oracle databases(running the same application,same configuration) into one main server;using a Multi-schema,therefore we will be using one s
-
[semi-solved] Question about firefox css theming
With my current firefox theme, authenticated urls (top screenshot) show up as dark text on a green background. However, regular urls (bottom) show up as dark text on a black background, which is almost unreadable unless you highlight the area. authe