Intune Mobile Management

Similar Messages

• Cannot log in to Mobile Manager after abnormal shutdown (issue & solution)

  After an abnormal shutdown of database, an attempt to log in to Mobile Manager as Administrator fails with the error "Please verify your username, password and try again!"
  I had a power outage in our office and our development server shut down abruptly as a result. When power was restored, the database, listener and GlassFish Server started up automatically (init.d and rc.d), but when I attempt to log in as Administrator using Mobile Manager, I get an error "Please verify your username, password and try again!". I did some research and after some trial and error, figured out that the services must be started in this order (this may not be guaranteed in automatic startup scripts?):
  1. Oracle Listener
  2. Oracle Database
  3. Oracle GlassFish Server with Domain
  If you are seeing this error, please try the following:
  1. Shutdown Glassfish domain
  ./asadmin stop-domain <domain>
  2. Shutdown Oracle database
  SQL> SHUTDOWN IMMEDIATE
  3. Shutdown Listener
  $ lsnrctl stop
  and restart in this order
  1. Oracle Listener
  lsnrctl start
  2. Oracle database
  SQL> STARTUP
  3. GlassFish domain
  ./asadmin start-domain <domain>
  This should work!
  My environment:
  Redhat Enterprise Linux 5.4 with JDK 1.6
  Oracle Database 11g Enterprise Edition 11.1.0.1.0
  Oracle GlassFish Server 3.1.2
  Oracle Database Mobile Server 11.1.0 for 64-bit Linux

  Hi mario,
  FYI
  This issue can occurs when the primary and secondary Cisco ISE nodes' database are out of sync. For out of sync issues, which most likely are due to time changes or NTP sync issues, you must correct the system time and perform a manual sync up through the UI.
  •For certificate expiry issues, you must install a valid certificate and perform a manual sync up through the UI.
  •For a node that has been down for more than six hours, you must restart the node, check for connectivity issues, and perform a manual sync up through the UI.
  For more information regarding this issue, please go through this link:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/troubleshooting_guide/ise_tsg.html#wp192802

• Zenworks mobile management activesync with datasynchronizer

  Can I point zenworks mobile management server at the datasynchronizer as an activesync for auto enrolment?

  Georg,
  Option A seems to work reliably today with Exchange 2007 so as long as the DataSync team properly implements the settings request for email address provided in the ActiveSync 12.1 protocol then it should work reliably. As for B today if the device doesn't support 12.1 or the server doesn't support 12.1 as is the case right now the only approach we currently have is to strip off the domain from the email address and attempt authentication as the user specified in the email. We are working to see if there is some other approach we can take once we provide additional LDAP enhancements in the next version of the product. But for now the two options you identified in our long term solution are the knowns. I'll forward this thread on to both the DataSync team and the ZMM development team and see if we can all come up with some better ideas.
  Thanks,
  Jason
  >>> Georg Fritsch<[email protected]> 8/9/2012 1:24 PM >>>
  Hi Jason,
  Thanx again for the detailed and competent anwser.
  All this restrictions unfortunately mean that hands-off enrollment is going
  to fail for many setups. (including us)
  A requirement that the local-part of an email address has to match the
  username is ridiculous. (Yes, we all know that Exchange 2003 and ActiveSync
  2.5 are ****...)
  I am not sure if understand the long term solution:
  A) If a user gives just a username, the device must get the corresponding
  email address from the ActiveSync system. Available with protocol version
  12.1. Fine. (As long as the device uses protocol version 12.1)
  B) A user gives an email-address, the username must be derived from the
  local-part. Where/How?, local-part == username is an invalid assumptionand
  the device does the parsing and just returns the local-part as username to
  the ActiveSync system. (And this information is IMO not enough to find the
  real username)
  Or is B) not allowed (or a really bad idea/design decision) as A) does
  reliably work?
  Georg
  >>> Jason Blackett<[email protected]> schrieb am 09.08.2012 um 05:35 in
  Nachricht <[email protected]>:
  > The problem with 1.2.3 is that when you authenticate to the domain with
  > the following credentials:
  >
  > user : bob
  > domain : m.comp.com
  > server : zmm.comp.com
  >
  > That the ZMM product currently relies on the activesync provider to tell
  > it Bob's email address. If it doesn't receive one then the iOS active
  > sync account it creates ends up with an email address of
  > m.comp.com\[email protected] which seems to work fine for getting
  > email/calendar but not for sending email. This only occurs if you do
  > hands-off enrollment because as TASNovell points out the email address
  > attribute doesn't get populated in the user, but is a required field when
  > creating a user.
  >
  > The ActiveSync way to fix this is that ActiveSync has to allow the user
  > to authenticate with their email address [email protected] for instance. And
  > then when it parses that it sends back the username as bob and uses the
  > full email address. This is the same capability provided by Microsoft
  > Exchange 2003 which implements the same version of ActiveSync as DataSync
  > currently. There definitely will be issues if the username portion of the
  > email address is not the ActiveSync user account name. In that case hands
  > off enrollment will fail and you will have to manually create the account
  > or import it from the directory and set the email address attribute.
  >
  > The long term solution is that DataSync will move to the 12.1 version of
  > the ActiveSync protocol which provides a settings call that the agent can
  > make to retreive the email address from the ActiveSync system if the user
  > didn't provide one. However this is going to take some time. So in the
  > short term the datasync team implemented the Exchange 2003 like
  > capability allowing user authentiction with email address and then
  > parsing the username. This capability will be part of 1.2.4. This issue
  > is documented in the ZMM Server Release notes
  > (http://www.novell.com/documentation/.../zen_mobile_se
  > rver_relnote.pdf) as follows:
  >
  > "12. Systems where iOS users are interfacing with a Novell GroupWise
  > DataSync server must use
  > DataSync Update 4 (Mobility 1.2.4) to fully utilize the hands-off
  > enrollment functionality. Users need to
  > enroll using their entire email address in lieu of their username if
  > they are enrolling by the hands-off
  > method. Similar processes must be followed to use hands-off enrollment
  > when users interface with
  > Exchange 2003 or any other mail server running ActiveSync 2.5 protocol.
  > A user's username and the
  > string of characters to the left of the @ sign in their email address
  > must be the same."
  >
  > Jason
  >
  >>>> TASNovell<[email protected]> 8/9/2012 8:26 AM >>>
  >
  > feeling a bit silly not reading the version number. We are running
  > datasync v1.2.3.3xxx. ZMM seems to connect fine. Email flows correctly
  > to the ios devices through the delivered profile. The only thing that is
  > not imported is the email address into the newly created user in ZMM. I
  > assume this should be pulled through from LDAP as you have to set the
  > attribute up during install.

• Mobile Manager - Error Queue Email Notification

  I have a quick question regarding Mobile Manager and the Error Queue. Is it possible to setup an email notification when transactions hit the error queue? I know you can setup triggers on the CEQ$ tables but this wont be an efficient notification mechanism as certain transactions will affect multiple tables. I was hoping the Mobile Manager would have some sort of mechanism to handle this as our current method involves a user manually checking the Mobile Manager home page.
  Any help will be greatly appreciated and thanks in advance.

  There are three 'header' tables in the mobileadmin schema. C$IN_MESSAGES is the header for the in queue and is the same as C$EQ (except for the message text). C$INQ is the header for queue based publication items, and is different in that it has one record per uploaded publication item (ie: table), rather then one for each data record.
  Be aware that if you override any of the mobile repository stuff, a future upgrade or patch may revert things, should not be an issue in this case, but worth adding to the checks.
  We have some additional code in the logging triggers created on the underlying schema tables do be more specific about logging of changes in some generic tables, and these need to be re-applied after a re-publish

• Reset password of mobile managed user, cannot acces login keychain

  I reset the lost password of a mobile managed user (very managed, this is a 6-year old). On login and starting Safari, he now gets a panel asking for the keychain password (which is the old password, which is lost). I tried removing the mobile account and recreating, but the same thing happens (login.keychain synced from server?).
  Anyway, how can I fix this?

  If Keychain First Aid doesn't help, try [HT1274|http://support.apple.com/kb/HT1274]?
  Keychain encryption is solid; depending on the sequence which has transpired here, you may end up [resetting the keychain (TS1544)|http://support.apple.com/kb/TS1544] and starting over again.
  Going forward, it might be best to lock this user's password; prevent password changes.

• Mobile Manager: 404 Not Found

  Hello List... I've installed 10g olite on 10g OAS (linux).
  After webtogo login, I click the Mobile Manager link but it throws up a 404 Not Found string (presumably an oracle error handling servlet).
  Has anyone had a similar problem, and been able to resolve the issue?
  thanks /j-p.

  See Installation under AS

• Mobility manager doesn't work when going over ICT

  Mobility manager is working properly if a phone on the same call manager or a phone through the PSTN calls but does not work if the call goes over the SIP trunk.  We can make it work by checking the MTP required on the ICT but this results in video calls that do not work.
  When I call a person across the ICT both devices ring, his desk and his mobile.  If he answers on his mobile, he gets dead air and his desk phone just sits there, does not get a red light as it normally does.  My call continues ringing and then after about 10 seconds goes to a fast busy, any thoughts on what I should check?

  I am having the same problem, any help?

• Deploy Symantec certificate profiles to mobile devices using Microsoft Intune to manage company resources like WiFi

  We are planning to deploy Symantec certificate profiles to Mobile devices to manage company resource like WiFi. I've seen documentation on Technet and the post here http://ronnydejong.com/2014/12/15/part-1-deploy-certificates-to-mobile-devices-using-microsoft-intune-ndes-overview/ that
  we need to install Intune NDES connector which needs to be installed on NDES server. These docs are true when we are using Microsoft PKI.
  Here, we're planning to use Symantec cloud PKI to deploy the certificates to mobile devices. So, I would like to know which are the required on-premises components ? NPS, NDES  or something else? Any documentation URL would be helpful ;) We're in planning
  face hence the question in the forum. 
  Regards
  Anoop
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

  Thank you Jason for the reply !
  Sorry for stupid questions !
  Does that mean, NDES is needed only for initial enrollment process of a mobile device? We don't need it deploying Symantec certificate profiles to manage company resources like WiFi VPN etc... Or I'm totally lost here? 
  My understanding is : Mobile devices will get enrolled to Intune and that device will become a managed device. Now, the mobile device needs to get a connectivity to company resources like VPN or WiFi and for the we may need to deploy certificate profiles.
  Isn't it ? So, you were saying for this process we don't need to have NDES. (or I'm wrong here as well).
  If so, we'll be deploying a public certificate to all the devices via certificate profile deployment and the devices need to get connected with issuing authority to get a device specific private key before connecting to WiFi or VPN?
  Regards
  Anoop 
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

• 3.1 Mobile manager

  I see that 3.1 includes an app for mobile devices to manage NSM. I checked the IOS store and don't seen an app. Is it not published yet?

  On 1/31/2013 12:16 PM, ddevore9 wrote:
  >
  > I see that 3.1 includes an app for mobile devices to manage NSM. I
  > checked the IOS store and don't seen an app. Is it not published yet?
  >
  >
  We're working to get it into the iOS store, but unfortunately we haven't
  heard any specific timeframe on when that process will be complete.
  - NFMS Support Team

• [Intune / Configuration Manager 2012 R2] Android Enrollment

  Hello
  I have a problem with my hybrid configuration (Intune / CM12 R2).
  I can't enroll Android Devices.
  What i've done :
  - Subscribe an account to Windows Intune
  - Activate AD synchronization
  - Change UPN in my Active Directory
  - Make a synchronization between my on-premise AD and Azure
  - Install Configuration Manager 2012 R2
  - Add Intune connector
  - Authorize my user collection 'Intune-user' to enroll devices
  - Add Windows Intune system role 
  - Authorize Android management
  When i try to enroll my android device (i first add company portal), i can log on with my user but i have a message that say : "We can't add this device. If this message open up again, contact your support ...".
  The only clue i have is in the dmpdownloader.log :
  ERROR: Service health log: Failed to load Enrollment Policy for accountId *********************************, userId ***********************************
  And in the dmpuploader.log :
  Ping cloud ... SMS_DMP_UPLOADER
  10/12/2013 16:50:14 4736 (0x1280)
  Ping cloud returned nothing
  Gaëtan

  Hello Gaëtan :)
  Did you succeed with Android device enroll ?
  I'm also done all steps you have mentioned but could not enroll Android device :(
  What is correct CNAME for EnterpriseEnrollment.MyDomain enroll:
  is it EnterpriseEnrollment.manage.Microsoft.com or is it only manage.Microsoft.com ?
  Also here is excerpt from companyportal_1.log I've sent to my mail from android device:
  2014-04-03T04:02:33.0490300Z CRIT Event       None                     0 7adaa89f-298f-4bc4-b28b-8ae9ea918787 11-0-0 EnrollmentServiceRequestException
  thrown: Microsoft.Management.Services.AndroidSSP.Exceptions.EnrollmentServiceRequestException: Enrollment service failed the request ---> System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
     at System.Net.HttpWebRequest.CheckFinalStatus (System.Net.WebAsyncResult result) [0x00000] in <filename unknown>:0
     at System.Net.HttpWebRequest.SetResponseData (System.Net.WebConnectionData data) [0x00000] in <filename unknown>:0
     --- End of inner exception stack trace ---
     at Microsoft.Management.Services.AndroidSSP.Enrollment.EnrollmentSOAPRequestBase.SendRequestAndGetResponse (System.String pkcs10Base64) [0x00000] in <filename unknown>:0
     at Microsoft.Management.Services.AndroidSSP.Enrollment.EnrollmentRequest.Send (Android.Content.Context context) [0x00000] in <filename unknown>:0
  2014-04-03T04:02:33.0581540Z ERR_ Event       None                     0 7adaa89f-298f-4bc4-b28b-8ae9ea918787 1-1-1 Enrolling
  failed
  All other logs, OMADMLog_0, 1, 2, 3, 4, 5 have almost same content...
  Best regards
  Nenad

• Mobile Management Solutions

  I’m researching mobile device management solutions for my company. Out of the dozen or so I have looked at Zenprise and Air Watch are my favorite at this point. We are a small business and both of these companies offer a cloud based solution that should work for us. Does anyone have any experience with either of these companies? If you’re using their cloud solution I would like to know your thoughts.

  We are really seriously looking at Airwatch.  We don't have formal experience yet, but in our conversations with lots of people, all of them speak very highly of them.  We've found they also do a good job of integrating with the VPP,  seperating user and enterprise data and don't require an exchange mailbox for maintenance. 

• SSM required for Data Mobility Manager?

  Everything I am reading is saying that to do DMM, I need a SSM. Yet when I review the CCIE Storage lab equipment list there is no SSM module listed, yet the lab blueprint says "Implement DMM". Is there a way to implement DMM without a SSM?

  Stephen, no worries, but it seems that since the Storage lab uses a 9222i and MSM's, that is how they do SME, DME, Santap etc.
  In fact, I have searched but have not found a comparison document of intelligent features supported by MSM, 9222i, and SSM. I am a bit confused over what you can or can't do with one vs. the other as far as intelligent features are concerned.

• Moving the ZENworks Mobile Management Database

  So, as a test, I wanted to check if I could move the DB from one
  (internal SQL Express) server to another regular SQL 2008R2 Server. The
  DB was before on the same server as the Web/HTTP feature was installed.
  Now I moved the DB and I can't login as the administrators I've
  specified. The only thing I see in the log is this:
  Error: [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionWrite
  (send()).
  [00:35:17] SQLError:
  ExecuteSQL returned status: -1
  State: 08S01
  Native: 0
  Error: [Microsoft][ODBC SQL Server Driver]Communication link failure
  [00:39:11] SQLError:
  ExecuteSQL returned status: -1
  State: 22001
  Native: 0
  Error: [Microsoft][ODBC SQL Server Driver]String data, right truncation
  [00:39:47] SQLError:
  ExecuteSQL returned status: -1
  State: 01000
  Native: 10054
  Error: [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionWrite
  (send()).
  Anyone who did this with success?
  Niels

  Jason Blackett wrote:
  > The process for this involves contacting Novell Technical Support as
  > it requires decryption and re-encrypting to configuration file that
  > contains the db information and that tool is only available through
  > support.
  >
  > Jason
  >
  > >>> Niels Poulsen<[email protected]> 8/9/2012 4:41 PM >>>
  > So, as a test, I wanted to check if I could move the DB from one
  > (internal SQL Express) server to another regular SQL 2008R2 Server.
  > The DB was before on the same server as the Web/HTTP feature was
  > installed.
  >
  > Now I moved the DB and I can't login as the administrators I've
  > specified. The only thing I see in the log is this:
  >
  > Error: [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionWrite
  > (send()).
  > [00:35:17] SQLError:
  > ExecuteSQL returned status: -1
  > State: 08S01
  > Native: 0
  > Error: [Microsoft][ODBC SQL Server Driver]Communication link failure
  > [00:39:11] SQLError:
  > ExecuteSQL returned status: -1
  > State: 22001
  > Native: 0
  > Error: [Microsoft][ODBC SQL Server Driver]String data, right
  > truncation [00:39:47] SQLError:
  > ExecuteSQL returned status: -1
  > State: 01000
  > Native: 10054
  > Error: [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionWrite
  > (send()).
  >
  > Anyone who did this with success?
  Okay... I must have misread the docs, I thought this was only required
  if I moved the WEB server to?
  Niels

• Is Intune a feasible solution for Internet-Based Client Management?

  Our organization is looking at implementing SCCM 2012, with a key requirement being that we need to be able to manage Windows updates to clients off site. My understanding is that we must have a PKI in place to do this. However, our environment is complex
  enough that PKI may not be an option.
  My question is, would leveraging Intune and SCCM 2012 be a possible solution? I understand Intune is geared towards MDM, but I'm trying to figure out if we could "assign" off-site clients to SCCM via Intune and manage Windows updates like we do
  with on-site clients.
  I apologize ahead of time if this question has already been answered, but I'd appreciate any insight you all have. Thanks.

  No, unfortunately you can't do that. Computers are handled differently than mobile devices in the Unified Solution of ConfigMgr and Intune.
  Mobile Devices - enrolled with Intune and managed via ConfigMgr (must set the Mobile Device Authority to ConfigMgr).
  Computers - they can have an Intune client OR a ConfigMgr client. They cannot have both. Therefore if you enrol and computer with Intune you cannot manage it with ConfigMgr.
  Are these remote computers domain joined? Have you considered Direct Access as a possible solution. It's straightforward to implement.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Best Strategy for Managing Laptops in a Mixed InTune / SCCM 2012 World

  We're interested in leveraging Intune to help secure and update our roaming laptop users. We have a group of domain-joined laptops that spend a good deal of time off the company network. We thought we could use Intune to make sure these machines stay updated
  and safe while off the network. I understand that we should make sure the SCCM 2012 client does not get installed on any machine that has the Intune client. Will connecting and logging into our domain cause any issues for these clients that anyone can see?
  Orange County District Attorney

  I'm glad that it should work in our instance. Our office just bought some Office 365 licenses as well as Intune. We thought Intune could solve our issue of roaming laptops. We just recently came into some laptops that would be our first, out-of-the-office
  work systems that we want to manage. The Microsoft folks are assuring us this is the way to go for this particular instance. We haven't had a need to use IBCM or DirectAccess up to this point. We've run into issues with our County firewall folks that
  won't let us run DirectAccess as we do have a Juniper VPN that takes care of our remote issues. As for IBCM, we'll have to look a bit deeper into that and see if it has better features for us than Intune does. We don't have any mobile management requirements
  in the near future so I'm left wondering why the heck are management even bought the licenses.
  Thanks for the note back on my question.
  Orange County District Attorney