HT1631 Password policy via config profile doesn't unlock keychains

Similar Messages

• Bug? Updating config profile doesn't work as described

  Apple's documentation implies that if you push a new profile to a phone that has the same "Identifier" as an already active profile, then the new profile will be recognized as a replacement to the existing one; if the Identifier is different, then the new profile will be applied in addition to any current ones.
  I recently made a change to a profile, without changing the ID, and sent it to my phone. The phone won't activate the profile, though. It gives an error message: "Can't install Profile: Only one Exchange account can be set up at a given time."
  This seems like a bug. If the Exchange settings in the new profile are identical to the old one, they should be kept; if different, they should be changed. If I want to modify any settings in the profiles that I've already pushed out to users, I'll have to make a new overlay profile; if I want to change the Exchange settings, I'll have to send them instructions on how to remove the existing profile before I can send the new one. Is there a workaround?

  You need to remove any profile that has Exchange keyed into it, then you can install the new profile for Exchange.
  Windows Mobile devices work this way, as well.
  We had about 50 people that we had to change profiles for and they were able to do the remove and install themselves (the new profiles were delivered from a public web site).
  I hope this helps.

• HT1695 How do I unlock my wifi on IPad.  My computer shows its connected by my IPad and  cells show its locked.  I couldn't get the password to work so reset the password and the new one doesn't unlock it either.  It says I can

  How do I unlock my WIFI, my computer said its connected by both my IPad and Cell phones show a lock on them.  When it ask for my password I put it in and it  says I am not allowed to join.

  iOS 6 Wifi Problems/Fixes
  Fix For iOS 6 WiFi Problems?
  http://tabletcrunch.com/2012/09/27/fix-ios-6-wifi-problems/
  Did iOS 6 Screw Your Wi-Fi? Here’s How to Fix It
  http://gizmodo.com/5944761/does-ios-6-have-a-wi+fi-bug
  How To Fix Wi-Fi Connectivity Issue After Upgrading To iOS 6
  http://www.iphonehacks.com/2012/09/fix-wi-fi-connectivity-issue-after-upgrading- to-ios-6.html
  iOS 6 iPad 3 wi-fi "connection fix" for netgear router
  http://www.youtube.com/watch?v=XsWS4ha-dn0
  Apple's iOS 6 Wi-Fi problems
  http://www.zdnet.com/apples-ios-6-wi-fi-problems-linger-on-7000004799/
  ~~~~~~~~~~~~~~~~~~~~~~~
  Look at iOS Troubleshooting Wi-Fi networks and connections  http://support.apple.com/kb/TS1398
  iPad: Issues connecting to Wi-Fi networks  http://support.apple.com/kb/ts3304
  WiFi Connecting/Troubleshooting
  http://www.apple.com/support/ipad/wifi/
  iOS: Recommended settings for Wi-Fi routers and access points  http://support.apple.com/kb/HT4199
  Additional things to try.
  Try this first. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
  Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
  Change the channel on your wireless router (Auto or Channel 6 is best). Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
  Another thing to try - Go into your router security settings and change from WEP to WPA with AES.
  How to Quickly Fix iPad 3 Wi-Fi Reception Problems
  http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
  If none of the above suggestions work, look at this link.
  iPad Wi-Fi Problems: Comprehensive List of Fixes
  http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
  Fix iPad Wifi Connection and Signal Issues  http://www.youtube.com/watch?v=uwWtIG5jUxE
  Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
  Unable to Connect After iOS Update - saw this solution on another post.
  https://discussions.apple.com/thread/4010130
  Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
  ~~~~~~~~~~~~~~~
  If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
   Cheers, Tom

• How to add new password policy to cn=config via LDIF file

  I am trying to add a new password policy called "Service Password Policy". I have the following LDIF file:
  dn: cn=Sservice Password Policy,cn=config
  changetype: add
  objectClass: top
  objectClass: passwordPolicy
  cn: Service Password Policy
  description: A password policy intended for proxy or service accounts.
  passwordMustChange: off
  passwordChange: off
  passwordMinAge: 0
  passwordInHistory: 0
  passwordExp: off
  passwordMaxAge: 2142720000
  passwordWarning: 0
  passwordExpireWithoutWarning: off
  passwordCheckSyntax: off
  passwordMinLength: 6
  passwordRootdnMayBypassModsChecks: off
  passwordStorageScheme: ssha
  passwordLockout: off
  passwordMaxFailure: 32700
  passwordUnlock: on
  I've tried various permutations of this command:
  dsconf import -h localhost -p 1389 /root/createServicePasswordPolicy.ldif "cn=Service Password Policy,cn=config"
  I get this error:
  "cn=config": suffix does not exist.
  The "import" operation failed on "localhost:1389".
  Thx for any help,
  CC

  Good it did not work or you would have overwritten all the data currently in cn=config. Anyway, "dsconf import" only works on regular backends. The cn=config tree is special a.
  You should use ldapmodify to add the contents to cn=config.
  $ ldapmodify -p 1389 -D cn=root -f a.ldif -a

• Password policy, gone after remote wipe or firmware upgrade?

  I am investigating if the iPhone is a serious option for our customers. I learned a lot the past days, but I still have one important questions.
  I have an iPhone with a password policy
  Situation 1:
  I perform a remote wipe, the latest firmware installs itself after the activation and I don't put back a backup.
  Situation 2:
  I update the firmware of my iPhone with a 'restore' and don't put back a backup.
  Question:
  For both situations: Is my password policy still on the iphone?

  I assume you intend to set the password policy via a configuration profile. The policy will remain in place until the device is wiped. After that it is basically a fresh phone, and neither any data nor any profiles will remain on the phone.
  Your goal is probably that any sensitive information is only stored on a phone with a password policy enabled. For this you would essentially have to put all that information on a VPN, and provide the key / certificate to access that network with the profile, so that a user would not be able to gain access to the information without the profile.

• DSEE 6.3.1 password policy issue

  We're rolling out a network wide password policy on both our LDAP and AD environments. The two are synchronized using Identity Synchronization for Windows 6.0. Today, in my test environment I enabled the password policies that we plan to implement. Since we never had any 5.x directory servers, I set the password policy mode to be Directory Server 6 mode. After configuring everything I tried changing a users password in the AD domain and ISW picked up the change however the following error showed up in the ISW audit log:
  [16/Feb/2011:16:56:03.957 -0500] FINE    18  CNN100 beer-ds01  "LDAP operation on entry uid=tuser,ou=people,dc=beer,dc=com failed at ldaps://beer-ds01.lab.endeca.com:636, error(53): LDAP server is unwilling to perform ((Password Policy: modify policy entry) "objectClass=passwordPolicy" is not supported in pwdCompat:4 (DS6-mode).)." (Action ID=CNN101-12E30785AA8-1, SN=7)When I then tried the same password change directly against the directory server using ldapmodify, I saw the same error:
  # ldapmodify -D 'cn=directory manager' -w endeca123                     
  dn: uid=tuser,ou=people,dc=beer,dc=com
  changetype: modify
  replace: userpassword
  userpassword: !changem3!
  modifying entry uid=tuser,ou=people,dc=beer,dc=com
  ldap_modify: DSA is unwilling to perform
  ldap_modify: additional info: (Password Policy: modify policy entry) "objectClass=passwordPolicy" is not supported in pwdCompat:4 (DS6-mode).The password policy is:
  version: 1
  dn: cn=Password Policy,cn=config
  objectClass: top
  objectClass: ldapsubentry
  objectClass: pwdPolicy
  objectClass: sunPwdPolicy
  cn: Password Policy
  pwdAttribute: userPassword
  passwordStorageScheme: CRYPT
  pwdAllowUserChange: TRUE
  pwdSafeModify: FALSE
  passwordRootdnMayBypassModsChecks: off
  pwdInHistory: 10
  pwdMinAge: 86400
  pwdCheckQuality: 2
  pwdMinLength: 6
  pwdMustChange: FALSE
  pwdMaxAge: 15552000
  pwdExpireWarning: 86400
  pwdGraceAuthNLimit: 0
  pwdKeepLastAuthTime: FALSE
  pwdLockout: TRUE
  pwdMaxFailure: 5
  pwdFailureCountInterval: 1800
  pwdIsLockoutPrioritized: TRUE
  pwdLockoutDuration: 1800I'm at a complete loss as to what causing this problem and am not sure what steps to take to figure out how to fix it. Can anyone offer some help?

  It turns out that when I setup the ISW install I, for a reason that now I cannot comprehend nor remember, added the passwordPolicy objectclass to the auxillary objectclasses used when created a new user. Since that objectclass is a 5.x objectclass my problems started when I moved to pwd-compat DS6-mode. I was able to restore my test systems from a backup, remove the objectclass from the ISW config and then proceed with the password policy rollout which worked fine this time around. Thanks for the suggestions and help.

• Password Policy - Mixed servers 2003 and 2008

  I Need help!!!!
  So this is my situation. I'm trying to enforce a Company Wide Password Policy via GPO but running into problems. We have no current Password Policy in place (This is the only one). I'm attempting to use the default global policy in Server 2008 and I'm
  testing the GPO on a specific security group, but does not seem to work. It will prompt to change the password, but the other requirements aren't being enforced.
  This is what I'm trying to enforce.
  Expire after: 90 days
  Complexity: Enabled
  Cant reuse last: 12 password
  Lockout time: 15 minutes
  Lock out after: 5 attempts
  Minimum of :8 characters
  Infrastructure: We have a mix of 2003 and 2008 servers. I'm using our 2008 server to enforce the GPO.
  Once I apply the GPO to a specific security group, it will prompt to change the password for the users in that group, but will not enforce all the other policies. This is a major project and we cant deploy this policy all at once (Helpdesk wouldn't
  be able to handle the call volume) so we decided to deploy it by departments/Security groups. We also tried
  We also tried using a fine-grained password policy but just like the GPO, it was only enforcing the password change aspect and not the other requirements like a minimum of 8 characters. Can any help!!!!

  > What if I apply the GPO on the domain root level, and then in the
  > delegation tab, exclude certain groups until we are ready for it to
  > apply to that department?   Will hat work?
  No. Read again - in 2003, there is ONE password policy for the DOMAIN,
  not for individual accounts.
  Technically this works the following way: Password policies are picked
  up by every member computer. But on these, password policies only apply
  to LOCAL accounts, not to domain accounts.
  On the other hand, there are Domain Controllers. The PDC emulator is the
  only one of these that will pick up Password policies - and only if they
  are linked to the domain. And so, these apply to all "local" accounts on
  the PDC, which in fact are the domain accounts.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Password Policy with DSCC (DSEE)

  Hi all,
  I am creating security policies with the interface DSCC (Directory service control center).
  In Password Policies there are two types of policies (Global / Built in)
  properties of these policies are in ldap
  Global
  ldapsearch -x -D "cn=Directory Manager" -w admin123 -b "cn=Password Policy,cn=config" objectclass=*
  Built-in
  ldapsearch -x -D "cn=Directory Manager" -w admin123 -b "cn=Password Policy,cn=replication manager,cn=replication,cn=config" objectclass=*
  But, if I create a new policy under cn = PolicyTemp,dc = example, dc = cl, you can not find it by querying ldap?
  it does not deliver results
  ldapsearch -x D "cn=Directory Manager" -w admin123 -b "cn=PolicyTemp,dc=example,dc=cl" objectclass=*

  Hi,
  I found the answer, the LDAP query is :
  ldapsearch -x -D "cn=Directory Manager" -w admin123 -b "dc=example,dc=cl" "(&(objectclass=ldapsubentry)(cn=TempPolicy))"
  Thanks

• Custom Password policy for ProxyAgent

  Solaris 10 Server Directory Server LDAP 6.3. Clients are Solaris 10.
  The clients use "proxyagent" user located in ou=profile. When I create a Global Password policy and apply to my top level dc, then this service account can "expire". I can't have my service accounts expiring...
  How do you create a custom filter with NO account lockout, expiration, etc? The DSCC wizard doesn't allow you to as the last step of the wizard must have a bug because even though you don't click the Lockout radio button, the webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.
  Question 2: how do you apply a custom password policy to ALL of ou=people? I can do it one by one to dn's under the ou=people, but I want it on the parent so new users get the custom password policy. Everything I try, the Global Password Policy wins. (And can't seem to be done via the DSCC but rather through command line)
  Help.
  Thanks,
  Sean

  How do you create a custom filter with NO account lockout, expiration, etc?
  The DSCC wizard doesn't allow you to as the last step of the wizard must have
  a bug because even though you don't click the Lockout radio button, the
  webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.Logged a new bug
  http://sunsolve.sun.com/search/document.do?assetkey=1-1-6787917-1
  The clients use "proxyagent" user located in ou=profile. When I create a Global Password
  policy and apply to my top level dc, then this service account can "expire". I can't have
  my service accounts expiring...Password policies have to be applied to individual accounts (manually or via CoS). So you
  may need to create a new password policy and assign it to the proxyagent user. Since DSCC
  does not seem to allow you to do that, best to munge it via the commandline (after specifying
  the lockout in dscc). Yes, it's ugly but a bug has been logged. Please contact Sun Support if
  you want a fix against 6.3 (quote the above bug number)

• Setting Password Policy in Oracle 10g

  Hi,
  Could you guide me please? Up to date there has not been a Policy for passwords in our 10g Database which means the user can set anything for their password. We however now require to implement a Password Policy and would appreciate some guidance in doing this.
  We don't use Enterprise Manager,we have chosen not to configure it on our system.
  These are the steps I propose to take to set the password policy:
  1. Edit $ORACLE_HOME/rdbms/admin/utlpwdmg.sql to change default profile values to desired values.
  2. as SYS run utlpwdmg.sql
  Is this correct? Is there anything else I should do?
  thank you.

  user8869798 wrote:
  Hi,
  I had a look at dba_profiles:
  DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
  This suggests that the default profile is not using the function. It doesn't "suggest" it. That's exactly what it means. The default profile is not using a password verify function.
  In the light of this, is it safe then to edit the function and the default profile will be unaffected? The profile cannot be affected by a change to a function that it does not reference.
  I don't want to change the default profile. I plan to create another profile that will make use of the function and then apply it for the users
  thanksthen proceed to do so. Why would you not want the function to be 'default' -- referenced by the default profile?
  BTW, you can name that function anything you want. When you assign a password complexity function to a profile, you assign it by the name of the function. So you are not limited to the name used by the 'out of the box' script provided by oracle. You might want to name your own function something like MYCORP_PSWD_POLICY. And of course the name of the sql file where you keep the code can also be named anything you like, so you might want to name it accordingly. Just so you have a clear seperateion between your company's stuff and that provided by Oracle.

• New users with Global Password Policy requiring password "reset on first user login" are still prompted to reset password after entering incorrect password

  The setup:
  We have the option "Password must: be reset on first user login" enabled in the Global Password Policy on our 10.9 / Mavericks server. We import new user accounts into Open Directory via a delimited text file and include a default password for each user.
  What I've observed and tested:
  When a user attempts to log into a computer that's bound to our Open Directory for the first time, they can enter anything in the password field and still receive the prompt to reset their password. They are never notified that they entered their default password incorrectly. The password reset will then fail (as it should), but they still aren't notified that this is the reason for the password reset failure. To put it another way: Seeing the prompt to reset your password would reasonably imply that you entered the default password correctly, but that's not the case at all.
  The question:
  Is this expected behavior? If it is, it doesn't seem logical. If this was the case in OS X Server 10.3 through 10.7 I never noticed it. Can anyone corroborate this with their own setup? Thanks in advance.
  -- Steve

  Some follow up questions:
  - How did you migrate (dsmig ldif or binary import)
  - Did the accounts in .x have any custom password policies set?
  For a "new" and a migrated entry, can you check if a passwordpolicysubentry is configured?
  (search as directory manager and fetch the attribute)

• How do you apply the same password policy to every PDF document you create with inDesign?

  All,
  Adobe peeps!,
  I don't know if this is really supported with inDesign 5.5, but here is my my use case:
  I constantly create more than 10 PDFs a day using inDesign
  On  all PDF's I create, i want to apply password security to protect them
  But in order to do so, within inDesign, I am   always forced to go to the "security dialogue" pane to set up the same permission  and passwords over and over again
  This gets tiring :/
  So what I am hoping to do is  the following:
  Like acrobat, I want to create a password policy within inDesign
  I want all PDFs created to have such a password policy  be automatically applied
  I know acrobat supports something like this (http://help.adobe.com/en_US/acrobat/pro/using/WS58a04a822e3e50102bd615109794195ff-7d68.w.h tml), but, unless I may have missed something, the Acrobat feature is limited. That is, the help link  does not tell me how to automatically do this with Acrobat either (the link does not explain to me how to "automatically apply the same password security policy to every PDF document I save within the application). I think the only way to do so is via "Adobe LiveCycle Rights Management ES", but for non server users, I am hoping there is another way.
  So my questions are:
  Is it possible to create password security policies in inDesign?
  Is it possible to apply the same password security policy to every PDF i create in inDesign?
  If not, can I change default settings within Acrobat ProX to automatically apply a password security policy everytime I save a PDF?
  If all fails, do you guys know of any extensions that can support this?
  Any help would be great. Thanks!

  Steve,
  Thanks for your notes. To follow up on your response.
  Bummer. I kinda had a hunch at this inDesign limitation.
  I have been aware of the method for setting up of a security policy within Acrobat. While this feature does cut down some of the work involved in creating and applying password policies to pdfs, what I am looking for with Acrobat is to apply the same password policy to every document I save from the app. Automatically. Without having to manualy select a policy.
  I think my solution will have to lie in me creating some sort of script to help support this need. I don't think Acrobat Pro X has the capabilities to allow me to tinker with, say, creating a save PDF preset that will allow me to automatically apply a password policy.
  PS. I am using acrobat pro x.

• Configuring group policy for user profiles in Windows Server 2012 R2 Domain

  Requesting some experts advise on configuring group policy for user profiles.
  We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
  The settings which I am concerned:
  1. Folder Redirection: Desktop, Documents, Favorites.
  2. Quota for Folder Redirection - 1 GB per user.
  3. Map a networked drive - 1 GB per user.
  4. Roaming profile - (Will ignore if it does not suit our requirement). 
  The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
  FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
  Thanks a lot for your valuable time and efforts.

  Hi,
  >>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
  This depends on where our outlook data files are stored. If these data files are stored under
  drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
  However, regarding your question, we can refer to the following thread to find the solution.
  Roam outlook profiles without roaming profiles
  http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
  In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
  Configuring Folder Redirection
  http://technet.microsoft.com/library/cc786749.aspx
  Hope it helps.
  Best regards,
  Frank Shen

• How to ignore the password policy in a custom workflow?

  Hi,
  We have a custom workflow which is called via SPML to provide 'Administrator Change Password' functionality in a portal.
  Our password policy sets the String Quality rules and Number of Previous Passwords that Cannot be Reused. But we like to bypass the password policy when the password administrators (who have a admin role with a capability - 'Change Password Administrator'). At least, restriction ' Number of Previous Passwords that Cannot be Reused' need to be ignored (But password need to be added to the history... cannot disable adding passwords to history).
  Please advice me how it could be achieved?
  The workflow steps:
  1. Checkout 'ChangeUserPassword' view for the user as an administrator
  2. Set the new password in the view, set true to view.savePasswordHistory
  3. Set password on the resources
  4.Checkin the view
  Thanks
  Siva

  Thanks eTech.
  My main goal is to skip the password history check (new password can't be a last used 10 passwords) when admin change password workflow is launched. As you suggested , I created a special password policy exactly as our regular password policy excluding "Number of Previous Passwords that Cannot be Reused" setting.
  Then before change the password of a user as admin, special policy is attached , password changed, and user's password policy is reverted back to regular one. The issue is, as the special policy does not enforce the password history check, the whole password history of the user is wiped out from the user object when the password is changed by admin change password workflow. We don't want this to happen.
  Please guide me whether is anyway to achieve just ignoring the password history without any other impact on user.
  Is adding passwords to user object's password history list is triggered by "Number of Previous Passwords that Cannot be Reused" setting of the password policy??
  Thanks
  Siva

• MMS not working in iPhone4S when installing config profile with APN

  When we use the iPhone Configuration Utility (either the latest version or previous versions) to create a config profile with APN info, then install the profile to an iPhone4S, we noticed that MMS (multimedia messaging) was no longer working. This means we could not send or receive MMS messages. And this is MMS going over the MMS protocol (and not iMessage). We had not seen this before. We routinely do config profiles with APN info and have done for all iPhone models and iOS version before the new iPhone4S. Never had a problem with MMS or anything else. This is for iPhone4S devices in the AT&T network. It is easy to reproduce and you don't need an enterprise APN for that. In fact just a config profile with AT&T's APN settings will still break MMS when installed (other than the MMS, everything else works fine).
  It does not appear an iOS 5 issue. iPhone4 (or iPhone3GS) with iOS 5 do not have this problem. It appears to be tied to the new iPhone4S hardware. The same configuration profile (with the APN info) works fine on iPhone4 with iOS 5 (MMS works fine), but when you put the very same configuration profile to an iPhone4S, MMS quits working.
  Doing a network reset does not solve the problem. Only removing the profile fixes the MMS
  Any ideas, explanations or workarounds?

  I called the Apple care line, and eventually got to 4th tier support, where they declared that there must be an issue with the APN I'm using, regardless of the fact that none of the iPhone 3G, 3GS', and 4's in our office are experiencing this issue while using the same APN.  I guess I shouldn't be surprised about this, afterall who'd expect Apple to actually admit there's a "bug" in one of their products, especially since this is hapenning to a very small number of users on the 4S.  Getting to 4th tier support was free, but to be able to talk to someone who can actually investigate this issue will cost $700.
  I offered to give them access to our private APN for testing, but they were "unable to do that sort of testing".  Additionally, we have tested using a public APN from AT&T (wap.cingular), and still experience the same issue.
  Lastly,  I did some further digging, and I think it has something to do with PDP Context 2 not getting an IP address.  As a disclaimer, I have no clue what a PDP Context is, what it does, what it's for, but obviously MMS needs it.  Going into field test mode on the phone will allow you to see the PDP Contexts, and is where I got this info from.
  On the iPhone 4S, without an APN profile installed, the PDP Contexts are listed 0-3.  These 4 contexts have values for an APN, and an IPv4 address, although context 0 and 2 are the only ones that have values in them.
  When an APN profile isnt installed, MMS' can be sent, cellular internet doesn't work., the values are:
  Context 0
  IPv4:    ip is blank
  APN:   phone (this is the default APN for the iphone 4s on att).
  Context 2
  IPv4:     has a valid public IP address
  APN:     wap.cingular
  When an APN profile is installed, MMS's can't be sent, but cellular internet does work, the values are:
  Context 0:
  IPv4:     Valid public IP address is present
  APN:     Our enterprise APN
  Context 2:
  IPv4:     ip is  blank.
  APN:     wap.cingular
  It appears that when Context 2 has an IP address, MMS' are able to be sent.  One other interesting fact, on the iPhone 4, only 1 PDP Context is listed, while the 4S has 4 listed.
  Hopefully this issue will be resolved in the 5.1 update, as this update contains a baseband update for the 4S, updating it from 1.0.14 to 1.2.01-1.  Unfortunately I don't have access to a 5.1 beta, otherwise I'd test this my self.  If anyone has access to the beta, and wants to test APN profiles/MMS send status, we'd greatly appreciate it!