IOS Mobile Device Management - The SCEP server returned an invalid response

Similar Messages

• The SCEP server returned an invalid response.

  Hello
  We are trying to enroll iPhone 3GS device with iOS 4.1 to be used with MDM. For SCEP server we use MSCEP in Windows Server 2008. We can't get over "Enrolling Certificate" step because it always fails with message "The SCEP server returned an invalid response.". How can we get more details? Analyzing captured HTTP stream revealed no issues.
  Thanks in advance for any help.
  frustrated Martin

  We are testing in LAN and have configured our router to translate some domains to our local IPs. Could this be a problem? In payloads there are no IP addresses but these local domains.
  It looks CA is issued the certificate, you might seen that from cert manger console. I don't see any obvious reason why cert got rejected by iPhone. (May be some one experts from apple can find from following dump) Anyway I suggest following option to you.
  1) try with http if you are using https
  2) install CA cert to phone and try again
  3) check time between server and phone
  4) try to change default scep issue template to issue 2048 key.
  5) double check finger print(in SCEP profile) you config with ca cert.
  Followings are SCEP PKI Message dump:
  PKCS7 Message:
  CMSG_SIGNED(2)
  CMSGSIGNED_DATA_PKCS_1_5VERSION(1)
  Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data
  PKCS7 Message Content:
  ================ Begin Nesting Level 1 ================
  PKCS7 Message:
  CMSG_ENVELOPED(3)
  CMSGENVELOPED_DATA_PKCS_1_5VERSION(0)
  Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data
  Content Encryption Algorithm:
  Algorithm ObjectId: 1.3.14.3.2.7 des
  Algorithm Parameters:
  04 08 ed 76 05 85 cc 10 e0 71
  04 08 ed 76 05 85 cc 10 e0 71
  PKCS7 Message Content:
  0000 30 00 6d 16 ce 8c 77 04 cd e4 e0 3d 33 9c 86 84 0.m...w....=3...
  0010 36 6c 1c 4c e7 32 b1 8b ae 12 74 1d 2b bf 5a 52 6l.L.2....t.+.ZR
  0020 3d e2 34 8c e7 e5 cf 98 35 a3 fa e7 47 da 7e eb =.4.....5...G.~.
  0030 02 dd 68 23 de 37 92 c6 91 3a 1e b5 1b 61 5f 98 ..h#.7...:...a_.
  0040 50 d3 27 de b5 bf 61 93 b7 ac 54 c9 c6 16 d0 8c P.'...a...T.....
  0050 89 2e 92 ba 6d 52 d7 de 80 98 ad 2d ce b0 5e 5a ....mR.....-..^Z
  0060 79 b4 e2 6f 7b c6 e6 13 4b b7 f4 81 f5 45 d8 3d y..o{...K....E.=
  0070 c7 29 7c ca 78 34 ff 47 dc d1 fc 21 8c aa 43 3a .)|.x4.G...!..C:
  0080 29 52 15 60 fb 37 54 46 aa a9 11 98 ef af b5 58 )R.`.7TF.......X
  0090 e0 21 4d 99 10 2b 00 b3 44 df d9 fa e3 df 98 5c .!M..+..D......\
  00a0 69 06 f9 92 5c d5 a3 32 97 ed 9c 1b 19 55 be 57 i...\..2.....U.W
  00b0 85 53 df 71 87 f1 8b 62 0e b8 f7 7d 6b 47 d4 99 .S.q...b...}kG..
  00c0 c0 47 f9 bb 7e 57 76 4f 55 a8 59 de b2 77 88 cc .G..~WvOU.Y..w..
  00d0 e5 a7 02 de af 44 3c fb ab b9 0d ee 87 78 66 a4 .....D<......xf.
  00e0 aa bc 5f 3b 90 56 90 2b c9 0f de 46 05 9c ed 9b .._;.V.+...F....
  00f0 b4 a1 64 f5 5e 57 a0 d5 75 46 da 35 1e 79 d9 79 ..d.^W..uF.5.y.y
  0100 1c a9 35 d1 12 47 7a de 99 d6 cc b8 a8 71 1c 72 ..5..Gz......q.r
  0110 f3 28 a0 1f 44 62 8d 17 23 c1 8e 2c a1 19 3d 57 .(..Db..#..,..=W
  0120 4b 12 ac 81 d2 14 6f da 67 47 25 32 05 1f 2b c3 K.....o.gG%2..+.
  0130 1d 7d 2c 97 95 1b ee 6e f2 b5 36 7f 69 ea f4 c0 .},....n..6.i...
  0140 b5 88 61 f7 26 db 44 13 6c ef da 8d 78 6c bd c3 ..a.&.D.l...xl..
  0150 6e 45 41 7b 79 d3 92 c8 5e fd b0 1d 9c 0e ea ee nEA{y...^.......
  0160 98 58 6b a8 5f c3 f4 90 16 87 9a 49 c6 99 9b fe .Xk._......I....
  0170 0c d8 0a 45 ce 4e 28 59 cf 43 b1 f9 c4 d5 3b e2 ...E.N(Y.C....;.
  0180 70 69 c8 ca 0e 16 2f ff 7a 3e 76 d6 dd 7e e9 86 pi..../.z>v..~..
  0190 13 a3 8b 66 f8 92 6e f1 84 9b 2d 8c 89 ab d7 3a ...f..n...-....:
  01a0 e9 ca 08 2a 68 76 ed f3 70 ac 52 e7 e6 7e b1 28 ...*hv..p.R..~.(
  01b0 9e 0b 5d 8b 09 54 a7 60 9b 7c 4b 0d 94 76 55 0e ..]..T.`.|K..vU.
  No Signer
  Recipient Count: 1
  Recipient Info[0]:
  CMSGKEY_TRANSRECIPIENT(1)
  CERTID_ISSUER_SERIALNUMBER(1)
  Serial Number: 61047aca000000000003
  Issuer:
  CN=WIN2008SCEP-CA
  No Certificates
  No CRLs
  ---------------- End Nesting Level 1 ----------------
  Signer Count: 1
  Signing Certificate Index: 0
  dwFlags = CAVERIFY_FLAGS_CONSOLETRACE (0x20000000)
  dwFlags = CAVERIFY_FLAGS_DUMPCHAIN (0x40000000)
  ChainFlags = CERTCHAIN_REVOCATION_CHECK_CHAIN_EXCLUDEROOT (0x40000000)
  HCCELOCALMACHINE
  CERTCHAIN_POLICYBASE
  -------- CERTCHAINCONTEXT --------
  ChainContext.dwInfoStatus = CERTTRUST_HAS_PREFERREDISSUER (0x100)
  ChainContext.dwErrorStatus = CERTTRUST_IS_UNTRUSTEDROOT (0x20)
  SimpleChain.dwInfoStatus = CERTTRUST_HAS_PREFERREDISSUER (0x100)
  SimpleChain.dwErrorStatus = CERTTRUST_IS_UNTRUSTEDROOT (0x20)
  CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=20
  Issuer: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  NotBefore: 10/26/2010 1:14 AM
  NotAfter: 10/26/2011 1:14 AM
  Subject: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  Serial: 01
  11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
  Element.dwInfoStatus = CERTTRUST_HAS_NAME_MATCHISSUER (0x4)
  Element.dwInfoStatus = CERTTRUST_IS_SELFSIGNED (0x8)
  Element.dwInfoStatus = CERTTRUST_HAS_PREFERREDISSUER (0x100)
  Element.dwErrorStatus = CERTTRUST_IS_UNTRUSTEDROOT (0x20)
  Exclude leaf cert:
  da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09
  Full chain:
  11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
  Issuer: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  NotBefore: 10/26/2010 1:14 AM
  NotAfter: 10/26/2011 1:14 AM
  Subject: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  Serial: 01
  11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
  A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b01
  09 (-2146762487)
  Verifies against UNTRUSTED root
  Signer Info[0]:
  Signature matches Public Key
  CMSGSIGNER_INFO_PKCS_1_5VERSION(1)
  CERTID_ISSUER_SERIALNUMBER(1)
  Serial Number: 01
  Issuer:
  CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  Subject:
  CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  Hash Algorithm:
  Algorithm ObjectId: 1.2.840.113549.2.5 md5 (md5NoSign)
  Algorithm Parameters: NULL
  Encrypted Hash Algorithm:
  Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
  Algorithm Parameters: NULL
  Encrypted Hash:
  0000 2a 49 b0 b9 6e a0 0b f3 db 14 7d 0d f9 fd 89 25
  0010 b1 fe ad 44 6b 79 c5 31 1a 70 a0 71 d3 bf 22 07
  0020 b5 e3 5b 37 cd ee 63 9a 5b ed 85 d5 d8 fb 44 51
  0030 5c 80 a4 cf 53 78 f0 b4 b7 63 57 fa f1 f9 9d 5d
  0040 fb 4f 22 c7 f4 fb 34 65 1a e2 b1 cd ea b0 45 ab
  0050 af ca 09 bf da 92 ea eb 10 3f 04 e5 2c a3 ae 34
  0060 9a a1 50 67 27 a0 c5 aa d5 29 45 71 40 d1 73 cb
  0070 53 69 5d fa 14 1d db b8 df a2 13 20 e6 da 7a 16
  Authenticated Attributes[0]:
  6 attributes:
  Attribute[0]: 2.16.840.1.113733.1.9.2
  Value[0][0]:
  Unknown Attribute type
  0000 13 02 31 39 ..19
  0000: 13 02 ; PRINTABLE_STRING (2 Bytes)
  0002: 31 39 ; 19
  ; "19"
  Attribute[1]: 1.2.840.113549.1.9.3 (Content Type)
  Value[1][0]:
  Unknown Attribute type
  1.2.840.113549.1.7.1 PKCS 7 Data
  0000 06 09 2a 86 48 86 f7 0d 01 07 01 ..*.H......
  0000: 06 09 ; OBJECT_ID (9 Bytes)
  0002: 2a 86 48 86 f7 0d 01 07 01
  ; 1.2.840.113549.1.7.1 PKCS 7 Data
  Attribute[2]: 1.2.840.113549.1.9.5 (Signing Time)
  Value[2][0]:
  Unknown Attribute type
  Signing Time: 10/26/2010 1:14 AM
  0000 17 0d 31 30 31 30 32 36 30 38 31 34 32 39 5a ..101026081429Z
  0000: 17 0d ; UTC_TIME (d Bytes)
  0002: 31 30 31 30 32 36 30 38 31 34 32 39 5a ; 101026081429Z
  ; 10/26/2010 1:14 AM
  Attribute[3]: 1.2.840.113549.1.9.4 (Message Digest)
  Value[3][0]:
  Unknown Attribute type
  Message Digest:
  c3 01 9e 56 65 b3 08 20 d4 22 f3 73 1a 3a 06 b7
  0000 04 10 c3 01 9e 56 65 b3 08 20 d4 22 f3 73 1a 3a .....Ve.. .".s.:
  0010 06 b7 ..
  0000: 04 10 ; OCTET_STRING (10 Bytes)
  0002: c3 01 9e 56 65 b3 08 20 d4 22 f3 73 1a 3a 06 b7 ; ...Ve.. .".s.:..
  Attribute[4]: 2.16.840.1.113733.1.9.5
  Value[4][0]:
  Unknown Attribute type
  0000 04 10 91 73 92 a0 d5 02 e3 89 2c 2c ab 31 dc 35 ...s......,,.1.5
  0010 78 69 xi
  0000: 04 10 ; OCTET_STRING (10 Bytes)
  0002: 91 73 92 a0 d5 02 e3 89 2c 2c ab 31 dc 35 78 69 ; .s......,,.1.5xi
  Attribute[5]: 2.16.840.1.113733.1.9.7
  Value[5][0]:
  Unknown Attribute type
  0000 13 28 30 38 34 34 36 44 45 31 44 45 37 42 31 41 .(08446DE1DE7B1A
  0010 32 45 38 36 30 33 44 36 43 33 45 42 38 44 33 43 2E8603D6C3EB8D3C
  0020 38 30 44 41 36 30 31 38 31 30 80DA601810
  0000: 13 28 ; PRINTABLE_STRING (28 Bytes)
  0002: 30 38 34 34 36 44 45 31 44 45 37 42 31 41 32 45 ; 08446DE1DE7B1A2E
  0012: 38 36 30 33 44 36 43 33 45 42 38 44 33 43 38 30 ; 8603D6C3EB8D3C80
  0022: 44 41 36 30 31 38 31 30 ; DA601810
  ; "08446DE1DE7B1A2E8603D6C3EB8D3C80DA601810"
  Unauthenticated Attributes[0]:
  0 attributes:
  Computed Hash: 24 92 3c f9 15 fb 4d ad f8 dc f9 08 d3 6c 7d 79
  No Recipient
  Certificates:
  ================ Begin Nesting Level 1 ================
  Element 0:
  X509 Certificate:
  Version: 3
  Serial Number: 01
  01
  Signature Algorithm:
  Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
  Algorithm Parameters:
  05 00
  Issuer:
  CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  [0,0]: CERTRDN_PRINTABLESTRING, Length = 36 (36/64 Characters)
  2.5.4.3 Common Name (CN)="14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC"
  31 34 45 45 44 38 45 38 2d 42 44 30 43 2d 34 43 14EED8E8-BD0C-4C
  44 39 2d 39 39 30 44 2d 34 34 41 39 39 42 37 44 D9-990D-44A99B7D
  43 36 42 43 C6BC
  31 00 34 00 45 00 45 00 44 00 38 00 45 00 38 00 1.4.E.E.D.8.E.8.
  2d 00 42 00 44 00 30 00 43 00 2d 00 34 00 43 00 -.B.D.0.C.-.4.C.
  44 00 39 00 2d 00 39 00 39 00 30 00 44 00 2d 00 D.9.-.9.9.0.D.-.
  34 00 34 00 41 00 39 00 39 00 42 00 37 00 44 00 4.4.A.9.9.B.7.D.
  43 00 36 00 42 00 43 00 C.6.B.C.
  NotBefore: 10/26/2010 1:14 AM
  NotAfter: 10/26/2011 1:14 AM
  Subject:
  CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  [0,0]: CERTRDN_PRINTABLESTRING, Length = 36 (36/64 Characters)
  2.5.4.3 Common Name (CN)="14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC"
  31 34 45 45 44 38 45 38 2d 42 44 30 43 2d 34 43 14EED8E8-BD0C-4C
  44 39 2d 39 39 30 44 2d 34 34 41 39 39 42 37 44 D9-990D-44A99B7D
  43 36 42 43 C6BC
  31 00 34 00 45 00 45 00 44 00 38 00 45 00 38 00 1.4.E.E.D.8.E.8.
  2d 00 42 00 44 00 30 00 43 00 2d 00 34 00 43 00 -.B.D.0.C.-.4.C.
  44 00 39 00 2d 00 39 00 39 00 30 00 44 00 2d 00 D.9.-.9.9.0.D.-.
  34 00 34 00 41 00 39 00 39 00 42 00 37 00 44 00 4.4.A.9.9.B.7.D.
  43 00 36 00 42 00 43 00 C.6.B.C.
  Public Key Algorithm:
  Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
  Algorithm Parameters:
  05 00
  Public Key Length: 1024 bits
  Public Key: UnusedBits = 0
  0000 30 81 88 02 81 80 7c 9f 78 02 50 de 9c 86 88 5b
  0010 9d 4e af cb 70 5e c9 a8 a9 7b 53 c6 29 7b ae 90
  0020 28 92 10 9a af 03 09 da b7 01 a1 15 19 ee 22 35
  0030 f4 45 5d 5a 5b 60 7c ef 98 5b 2d 47 b9 d7 78 c0
  0040 cd 78 1c 63 dd 81 4a b7 d9 6e 2e e8 f4 9d 52 2c
  0050 3a c5 fb c3 d8 9a 6b ef 49 5c fa 53 07 88 c0 e3
  0060 98 a7 88 18 79 41 da f4 33 08 3c 57 a6 f0 5e 4e
  0070 04 c6 8c e6 25 56 70 17 ae 38 49 c2 fd 37 7a 2b
  0080 78 1f 7d 35 12 19 02 03 01 00 01
  Certificate Extensions: 1
  2.5.29.15: Flags = 1(Critical), Length = 4
  Key Usage
  Digital Signature, Key Encipherment (a0)
  0000 03 02 05 a0 ....
  0000: 03 02 ; BIT_STRING (2 Bytes)
  0002: 05
  0003: a0
  Signature Algorithm:
  Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
  Algorithm Parameters:
  05 00
  Signature: UnusedBits=0
  0000 40 c0 34 02 4c 6d 59 4d 43 21 90 d4 43 e0 69 3b
  0010 83 dc e8 5d b0 9b c9 4f 50 6e 7c a3 8c fb e9 0b
  0020 99 21 40 27 e8 99 f6 83 2d 6a 79 03 c5 a7 2c 0b
  0030 f3 d7 5a 7c 45 2c 7d af 13 a1 02 e7 3a d4 0c 41
  0040 4f b6 42 b9 c9 d3 ec f0 33 a9 92 cf 0b ba d4 46
  0050 b0 04 b6 99 a4 c1 92 c2 3b 3c 1e d9 e4 ed 09 ca
  0060 27 c3 74 ba 68 93 a9 65 a3 7a 1a 4e c3 a5 51 f6
  0070 8e 06 94 76 b4 c3 af 55 0f 7b b5 05 36 55 fd 1e
  Signature matches Public Key
  Root Certificate: Subject matches Issuer
  Key Id Hash(rfc-sha1): 08 44 6d e1 de 7b 1a 2e 86 03 d6 c3 eb 8d 3c 80 da 60 18 10
  Key Id Hash(sha1): 21 cd df fe 7c 70 f9 0d 38 cd f5 30 e9 62 3f 7d 8a 7c bf 8b
  Cert Hash(md5): 6e 8e c8 90 f7 e5 a6 0d a4 e3 4c 4f 38 28 75 1b
  Cert Hash(sha1): 11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
  ---------------- End Nesting Level 1 ----------------
  No CRLs

• ISE BYOD Microsoft SCEP NDES 802.1x The SCEP server returned an invalid response

  Hello, 
  Using ISE 1.2 with WLC and on-boarding with single SSID.  On occasion the error 'The SCEP server returned an invalid response' is received on the IPHONE being on-boarded - this is intermittent.   The issue resolves itself in time.  Any ideas on troubleshooting?  tnks

  On the NDES server regedit EnforcePassword = 0 and still having issues.  
  This has been done as well;
  It is possible for ISE to generate URLs that are too long for the IIS web server. In order to avoid this problem, the default IIS configuration can be modified to allow for longer URLs. Enter this command from the NDES server CLI:
  %systemroot%\system32\inetsrv\appcmd.exe set config /section:system.webServer/
   security/requestFiltering /requestLimits.maxQueryString:"8192" /commit:apphost

• "The OCSP server returned unexpected/invalid HTTP data"

  In april I posted about this, but the issue still exists. About one in 10 times visits to archlinux.org I get this error in Firefox. The strange thing is that it only happens when I visit archlinux.org not any other site. Could it be some kind of misconfiguration on this site?

  Northrop wrote:As far as I know it's a problem with CACert's OCSP server. They've had a few issues these past days, I keep on getting 403 Unauthorized errors when requesting OCSP. But it's strange only 1 in 10 visits gives you an error, since FF only checks OCSP once per session.
  1 in 10 was just an estimate. It could be that it coincides with the first visit after starting the browser. I sometimes keep the browser open for days, sometimes only minutes so I wasn't sure.

• Changed setting to no proxy but not solved problem Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /iam/services/setContext. Reason: Error reading from remote server

  This problem only happens with one website when I try to follow hyperlinks to other pages. They have directed me to Firefox troubleshooting section. I have followed the advice there but it has not solved my problem.

  I haven't been able to go on line since 7.01 and up. I have to use ieexplorer. are you idiots or what. I can't even contact you because i have to be in your latest version but i can't get the internet with the latest version. good bye for good

• Mobile Device Management solutions for K-8 school, where are the new iOS 7 features?

  Hi all,
  I work at a K-8 school and we are using Meraki by Cisco as our Mobile Device Management solution.  This seems to be working just fine but with the release of iOS 7 we are trying to figure out how to use all of the new features included pertaining to MDM.  We have about 300 iPad 2s deployed. 
  The teachers would love to be able to use free apps and, using Apple's VPP, paid apps.  Right now we have to manually enter any redemption code into Meraki and then on each and every iPad log in using the Apple ID and password associated with the license purchased.  I am aware, via several sources, that Apple now allows you to "silently" install apps.  How can we do this? Anyone have any other tips to help in the deployment of the apps with the new iOS 7 features?
  Thanks,
  Scott

  Found one on best buy
  http://www.bestbuy.com/site/Belkin+-+Grip+Neon+Glo+Case+for+Apple%26%23174%3B+iP od%26%23174%3B+touch+5th+Generation+-+Pink/1331013.p?id=1219050712926&skuId=1331 013
  by Belkin, so a place to start.
  They're a lot more expensive, but Griffin has some of their 'survivor' cases with sealed ports, so you could cover up the ones you don't need.
  If best buy isn't an option for you, at least there's a manufacturer to look for.

• IPhone composition   The payload of   and mobile device management is not installable in a utility.

  Hello.
  You.
  And thank you.
  I want you to help me if you please.
  I am not good at English.
  The status code of 201,204 which Apache returns from a MDM server.
  iPhone composition   The payload of   and mobile device management is not installable in a utility.
  iPhone composition   Console of a utility.
  May 1 09:46:15 unknown mc_mobile_tunnel[13281] <Notice>: (Note) MC: mc_mobile_tunnel shutting down.
  May    1 09:46:18 unknown. profiled [13274] <Notice>:   (Note)  MC:   Checking. for. MDM installation ... May 1 09:46:18 unknown profiled[13274] <Notice>: (Note) MC: ...finished checking for MDM installation.
  May    1 09:46:18 unknown. profiled [13274] <Notice>:   (Note)  MC:   Beginning. profile. installation ... May 1 09:46:20 unknown profiled[13274] <Notice>: (Error) MDM: Cannot Authenticate. Error: NSError:Desc     : Since a transaction with the server in "https://www.anetm.com/dav/chkin" was in the situation of "204", it failed.
  US Desc:   A transaction with the server at"https://www.anetm.com/dav/chkin"has failed with the status"204."
  Domain : MCHTTPTransactionErrorDomain
  Code   : 23001
  Type   : MCFatalError
  Params : (
  "https://www.anetm.com/dav/chkin",
  204
  May    1 09:46:20 unknown profiled [13274] <Notice>:   (Error) MC:   Cannot install MDM "mobile device management" .Error:   NSError:
  Desc    :   A payload "mobile device management" was not able to be installed.
  Sugg    :   Since a transaction with the server in "https://www.anetm.com/dav/chkin" was in the situation of "204", it failed.
  US Desc:   The payload "mobile device management" could not be installed.
  US Sugg:   A transaction with the server at"https://www.anetm.com/dav/chkin"has failed with the status"204."
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  Params : (
  "\U30e2\U30d0\U30a4\U30eb\U30c7\U30d0\U30a4\U30b9\U7ba1\U7406"
  ...Underlying error:
  NSError:
  Desc    :   Since a transaction with the server in "https://www.anetm.com/dav/chkin" was in the situation of "204", it failed.
  US Desc:   A transaction with the server at"https://www.anetm.com/dav/chkin"has failed with the status"204."
  Domain : MCHTTPTransactionErrorDomain
  Code   : 23001
  Type   : MCFatalError
  Params : (
  "https://www.anetm.com/dav/chkin",
  204
  I would like to solve this problem.
  If you please, please help me.

  Hello Jack,
  Thank you for providing the details about the Apple Mobile Device USB Driver is not being listed.  I found an article with some additional steps you can take. 
  I recommend following the steps in the section titled "If the Apple Mobile Device USB Driver is not listed" in step 5 of the following article:
  iOS: Device not recognized in iTunes for Windows
  http://support.apple.com/kb/TS1538
  Thank you for using Apple Support Communities.
  Best,
  Sheila M.

• Workflow Manager for SP2013. The remote server returned an error: (500) Internal Server Error.

  I am *almost* all the way through provisioning my on premise SP 2013 farm for SharePoint 2013 Workflows.  Workflow manager is installed alongside Service Bus.  Workflow Manager client is installed on the SP servers.  I built a new simple list-based
  workflow in SP Designer 2013, saved it, and published it without any errors.  However, when I go back to the list in my portal and try to run the workflow, I get the "Sorry, something went wrong" page, and the logs say this:
  05/15/2013 12:41:05.07  w3wp.exe (0x071C)                        0x085C SharePoint Foundation        
   Runtime                        tkau Unexpected System.Net.WebException: The remote server returned an error: (500) Internal Server
  Error.    at Microsoft.Workflow.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)     at Microsoft.Workflow.Client.HttpGetResponseAsyncResult`1.End(IAsyncResult result)     at Microsoft.Workflow.Client.ClientHelpers.SendRequest[T](HttpWebRequest
  request, T content) 27be1b9c-f990-f096-34a8-7ac8816bc7a5
  05/15/2013 12:41:05.08  w3wp.exe (0x071C)                        0x085C SharePoint Foundation        
   General                        ajlz0 High     Getting Error Message for Exception System.Web.HttpUnhandledException
  (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> Microsoft.Workflow.Client.InternalServerException: Exception thrown from the data layer. For more details, please see the server logs. HTTP headers received from the server
  - ActivityId: 0c03f692-8153-43a7-bed5-096214b06168. NodeId: VM22. Scope: /SharePoint/default/d386fdc7-ea7b-4d46-9a39-5c114096eef8/f203a564-e83a-47a3-b11b-e432ac1e6dab. Client ActivityId : 27be1b9c-f990-f096-34a8-7ac8816bc7a5. ---> System.Net.WebException:
  The remote server returned an error: (500) Internal Server Error.     at Microsoft.Workflow.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)     at Microsoft.Workflow.Client.HttpGetResponseAsyncResult`1.End(... 27be1b9c-f990-f096-34a8-7ac8816bc7a5
  05/15/2013 12:41:05.08* w3wp.exe (0x071C)                        0x085C SharePoint Foundation        
   General                        ajlz0 High     ...IAsyncResult result)     at Microsoft.Workflow.Client.ClientHelpers.SendRequest[T](HttpWebRequest
  request, T content)     --- End of inner exception stack trace ---     at Microsoft.Workflow.Client.ClientHelpers.SendRequest[T](HttpWebRequest request, T content)     at Microsoft.Workflow.Client.InstanceManager.GetInternal(Int32
  skip, Int32 count, String workflowName, WorkflowInstanceStatus workflowStatus, IDictionary`2 activationMetadataFilter)     at Microsoft.SharePoint.WorkflowServices.FabricWorkflowInstanceProvider.EnumerateByMonitoringParameter(Guid monitoringParameter,
  Int32 offset, Int32 count, Boolean checkPermissions)     at Microsoft.SharePoint.WorkflowServices.FabricWorkflowInstanceProvider.EnumerateInstancesForListItem(Guid listId, Int32 itemId, Int32 offset)     at Microsoft.Sh... 27be1b9c-f990-f096-34a8-7ac8816bc7a5
  05/15/2013 12:41:05.08* w3wp.exe (0x071C)                        0x085C SharePoint Foundation        
   General                        ajlz0 High     ...arePoint.WorkflowServices.FabricWorkflowInstanceProvider.EnumerateInstancesForListItem(Guid
  listId, Int32 itemId)     at Microsoft.SharePoint.WorkflowServices.ApplicationPages.WorkflowPageBase.ConstructStatusArraysWF4(ArrayList running, ArrayList completed, Boolean onlyMyWorkflows)     at Microsoft.SharePoint.WorkflowServices.ApplicationPages.WorkflowPage.ConstructStatusArrays()    
  at Microsoft.SharePoint.WorkflowServices.ApplicationPages.WorkflowPage.OnLoad(EventArgs e)     at System.Web.UI.Control.LoadRecursive()     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
  Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.HandleError(Exception e)     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStages... 27be1b9c-f990-f096-34a8-7ac8816bc7a5
  05/15/2013 12:41:05.08* w3wp.exe (0x071C)                        0x085C SharePoint Foundation        
   General                        ajlz0 High     ...AfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest(Boolean
  includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest()     at System.Web.UI.Page.ProcessRequest(HttpContext context)     at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 27be1b9c-f990-f096-34a8-7ac8816bc7a5
  05/15/2013 12:41:05.08  w3wp.exe (0x071C)                        0x085C SharePoint Foundation        
   General                        aat87 Monitorable   27be1b9c-f990-f096-34a8-7ac8816bc7a5
  Some sort of "general server error" returns a 500 code, but I can't tell from this what the problem(s) might be. Has anyone seen this before?
  Thanks.

  Go to the server running Workflow Manager and open the Event Viewer; Applications and Services Logs; Microsoft-Workflow; Operational; and look for the underlying error.  In our case, the CU for Workflow Manager did something to the SQL permissions and
  we ended up using the workaraound described here:
  http://social.msdn.microsoft.com/Forums/windowsazure/en-US/054d2a58-8847-4a6a-b1ab-05a79f49fe65/workflow-manager-cumulative-update-february-error?forum=wflmgr
  Joe

• ISE integration with Mobile Device Management ( MDM ) help required

  Dear Techies,
       Am here bring to your notice an different issue and no much resources to support even in PEC or Cisco Document.
       We are conduction a Proof Of Concept (PoC) on  Secure Bring Your Own Device ( BYOD ) using Cisco ISE and gonna test all the scenarios like Wired, Wireless and VPN user access.
  Setup Brief :
  =========
        Our Setup has  ISE VM acting as Admin, Monitor and Profiling Device, we have NAC 3315 physical Appliance as Inline posture Device, Wireless LAN controller, Access point and the Identity source as Microsof Active Directory
       Having Plans to Integrate Mobile Device Management ( MDM ) and Citrix VDI setup also.
  Activity Brief:
  =========
       As of now we have tested the Wired Scenario Authentication and authorization for guest users and gonna carry out the profiling and posture.
  Clarifications Required
  ================
  Wired Scenario - Require some configuration / steps on how to carryout posture for the guest wired users i.e. LAPTOP.
  Wireless Scenario
  MDM can be integrated to ISE ? 
  How the MDM can be integrated to Cisco ISE configuration or Guide to show the same?
  What is the demarcation between MDM and ISE ( i.e. What is the role of ISE and MDM on Mobile Devices ) ?
  If MDM is available so then when the control of ISE ends, does MDM do management or ISE will do management of the devices ?
  Is MDM will do client provisioning or ISE should do ?
  Is MDM send or update patches of Mobile Devices ?
  As of now these are the scenarios, kindly revert if any good documents to show this or share your expertise on the Integration Part.
  Thanks for Reading...
  Arun

  I would like to avail your valuable inputs to understand on the  Client provisioning part for the Mobile Devices/ Laptop. I understand  from your reply that MDM integration is not available in the current  release ISE 1.1 - That is correct.
  Kindly let me know your views or any documents on the following scenarios with the current release in mind
  1. User  with Mobile devices connecting to Wireless  ( both Employee  and Guest ) , How the Flow differs for the Employee and Guest.  How the  client provisioning is done ( i.e. Like Posturing  or Compliance Check  ).
  The posturing and compliance check is done based on the user authentication information (i.e. AD memberOf vs Guest user) combined with the users endpoint (windows, mac osx, or a mobile device), ISE then has a few decisions to make based on the authorization policies. For example, if a Domain User coming from a Windows 7 machine joins the network, then can either use the nac agent, or the web agent. Then you can scan for registry settings, file settings, program requirements, hotfix compliance...and the list goes on. If the user fails a check then you can either assign an acl for the user so they only have guest access, or you can place them into a remediation vlan the options are entirely up to the requirements and however the solution is implemented.
  2. User  with Laptop  connecting to Wireless  ( both Employee  and Guest ). How the client provisioning is done ( i.e. Like Posturing   or Compliance Check ).
  Guests are usually redirected to the guest portal which they authenticate and their user group falls within the Guest container that is on the ISE internal database, that is usually coupled with an authorization profile that grants them internet access. For the client provisioning, that is usually done based on the operating system, via profiling (dhcp, and user agent string., netmap...etc) and can be fine tuned for all laptops or to a specific set of users based on their group membership.
  3. What are advantages of having ISE also in  place for Mobile devices, since most of the Mobile related tasks ( like  Authentication, Authorization, Profiling and  Posture ) are carried out  by MDM. I am checking for the significant advantage of having ISE for  Client network having only Mobile devices. Kindly clarify.
  Currently the advantage of Cisco ISE is that it supports profiling within wireless and really fits well within a network that has mostly Cisco products since they are all part of of the Borderless security initiative being driven on the backend. The product teams for wireless, wired, security (vpn..etc) and ISE are pretty close in building their solutions so that you can get connected with any device any where (sorry for the sales pitch). The latests wireless code is improving and is going to have support similar to the ios sensor for wired devices where dhcp, cdp, and other attributes can be sent in the radius packet for better profiling decisions. With integration for an MDM platform coming soon, and also support for TACACS rumored (have to verify with your account rep) you have options that really stand out from a unit that only supports MDM. Cisco ISE also comes with a wireless product ID so that makes the budget work when it comes to deploying ISE if you arent looking for enforcement on your wired devices.
  4. Do you recommend 802.1X Authentication to use for the Employee and Contractor? The Guest user  authentication as Open ?
  For internal users and vendors the best option by far is dot1x, almost all operating systems are capable of performing dot1x and the 1.1.1 MR has a piece now that can provision the supplicant for the users, by using scep to enroll certificates or configure peap settings.
  There is a feature within the guest portal that allows you to statically assign guests into endpoint group, that feature is called device registration web authentication. It seems like an open network but uses mac filtering to assign these devices to an endpoint without requiring users to enter any credentials. They are presented with an AUP page, once they accept their mac address is mapped to the endpoint group
  5. How can we ensure the Encryption of traffic from the Guest user to the NAD ( Network Access devices ) ?
  This may be a wireless question but I am sure the encryption is done using AES and using dot1x as the key management here is a brief background for this - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#L2
  You can also use the anyconnect client which can provide macsec which is layer 2 encryption for wired - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-622477_ns1049_Networking_Solutions_Q_and_A.html
  6. We are also looking for VDI  ( Citrix, VMware ) solution for the  client  ( both Employee and Guest ) , how ISE can play a role in  securing the VDI environment.
  For most thin clients you can perform dot1x authentication on the device itself, however that is something the manufacturer will have to support. This is a little gray for me.
  7. Is that any integration required  with Citrix or VMware. How the  VDI can be offered based on the User  role ( i.e. Employee, Contractor or Guest ), since Guest database is  available only with ISE, how the checks are made from the VDI  environment.
  IN ISE there is an identity sequence which can authenticate users in AD first, if the user is not found then it can look in the internal database.
  Our solution demands  MDM in the integrated  solution, As on today ISE cant be integrated with MDM. so what kind of  solution we can propose to have MDM and Cisco ISE .Do the clients now  enter the network should have already installed the MDM agent (or) any  other way of pushing the same to the Client.
  Today there is no integration between the devices, the last release time I heard was December for this feature. However it would be best to confirm with your Cisco Account rep on this issue.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• HT5188 Will "removing apps from devices" also work with other mobile device management systems like i.e. Mobile Iron?

  As we are a very big company and working with a high end mobile device management system (Mobile Iron), we cannot use the configurator for iOS devices delivered with Mac OS.
  So my question is, whether it is or will be possible to reuse redemption codes also for devices being managed by other MDM systems than Apple configurator.

  As we are a very big company and working with a high end mobile device management system (Mobile Iron), we cannot use the configurator for iOS devices delivered with Mac OS.
  So my question is, whether it is or will be possible to reuse redemption codes also for devices being managed by other MDM systems than Apple configurator.

• How to get rid of mobile device management?

  So I upgraded my iPad to 8.1 and when it got done restoring and upgrading, during setup it said that this device was being setup by Schuyler Community School system and under the Mobile Device Management section there is a profile for Meraki Management.  How do I get rid of this?  It has all kinds of rights to remotely control my iPad.  I've tried restoring it again.  I deleted the downloaded iOS 8.1 upgrade from iTunes and had it download it again.  Same thing when the restore is complete.  Any ideas? 
  THank you!

  Sorry, but it sounds like you have received stolen property. Take a look at the back of the iPad and I bet you will see the Schuyler Community Schools tamper proof asset tag and also an engraving from Schuyler Community Schools. Please contact Schuyler Community Schools at 402 352-5514 and ask for the IT Director…Jeff. Thank you!

• Howto enable Mobile Device Manager via IPCU?

  In the iPhone Configuration Utility you can enable a Mobile Device Management connection, but how?
  Can anyone explain how to configure this? We already have al mdm-server running on OSX Lion.
  Thanks!

  Hi Mitulatbati,
  Find the attached content.. It is used to remove any hardware from your compuer.... I hope you'll enjoy lot..
  Regards : 
  Malhar
  Greeting from India,
  Malhar
  Attachments:
  Add_Remove_by_Mlahar.zip ‏136 KB

• Questions on mobile device management

  Hi All,
  I'm not sure where to post this question since I couldn't find a forum specific to Afaria, so thought someone here might be able to help.
  1. Afaria mobile device management solution claims that data and content is backed up and can be deleted if a device is stolen or lost. Can this deletion be done if the mobile is switched off of the SIM card has been removed? What is the mechanism of the data deletion process when the device is either ON/OFF?
  2. How does Afaria handle online and offline user authentication? If a mobile app is opened, can Afaria be configured to force the user to enter credentials for authentication? Or should there be a separate login page as a part of the mobile app? (The user's credentials are needed to find his role from LDAP and the rest of the app to work properly, which is y the question).
  Thanks & Regards,
  Vaishnavi

  This forum is fine for Afaria discussions and questions, no worries. 
  1.  If mobile device is switched off or not network connected then Afaria is not able to do anything with that device.  The content though would be secured, encrypted etc. so that there should be no risk as long as the device is switched off.  The "kill device" command that can be sent from Afaria will work if device is turned on and connected to a network.
  2.  Afaria can force quite a lot of things and one of them is regarding the device itself, forcing a password/pin type of unlocking.  The mobile app normally has it's own mechanism for authentication, user name and password.  That is a SUP function and has little to do with Afaria, I don't believe Afaria can force that part of authentication. 
  You can get a good overview of the technical part of Afaria here:  [Afaria Technical White paper|http://www.sybase.com/files/White_Papers/Afaria-Technical-WP.pdf]

• The remote server returned an error: (503) Server Unavailable In SharePoint 2010.

  I created a web app with claims based authentication ,
  basiclly i follwe this blog
  http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
  but when i login it throws 503 error
  Server Error in '/' Application.
  The remote server returned an error: (503) Server Unavailable.
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
  Exception Details: System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
  Source Error:
  An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
  Stack Trace:
  [WebException: The remote server returned an error: (503) Server Unavailable.]
  System.Net.HttpWebRequest.GetResponse() +1126
  System.ServiceModel.Channels.HttpChannelRequest.WaitForReply(TimeSpan timeout) +81
  [ServerTooBusyException: The HTTP service located at http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc is too busy. ]
  System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +10258154
  System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +539
  Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message) +0
  Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) +61
  Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) +36
  Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) +26062081
  Microsoft.SharePoint.SPSecurityContext.SecurityTokenForLegacyLogin() +270
  Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.GetSecurityTokenFromWindowsIdentity(WindowsIdentity windowsIdentity, HttpContext httpContext) +21
  Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.AuthenticateRequest(Object sender, EventArgs e) +1176
  System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
  any thoughts?
  thanks in advance!
  Share Knowledge and Spread Love!

  Hi ,
  I was also facing the same issue on changing my credentials. This effects the ServiceTokenApplicationPool and other pools related to the Web applications
  To resolve this  follow these :
  1. Open IIS Manager , under Connection section you can see the Name of your site collection(as
  siteCollectionName(Username))
  2. Open SiteCollection , select Application Pools. A new window with your Web application pool names would open.
  3. Right click on web app, select Advance Setting... , under Process Model select Identity 
  4. check for Custom account , click set and enter your Credentials and click
  OK
  Atlast Refresh the IIS manager.
  Thank you.
  Under application pools Do select the ServiceTokenApplicationPool  also and follow steps 3 and 4

• I have a problem with my PC mobile device that the keyboard stop working and the mouse also

  I have a problem with my PC mobile device that the keyboard stop working and the mouse also

  All I can suggeset is:
  Removing and reinstalling iTunes, QuickTime, and other software components for Windows Vista or Windows 7
  or
  Removing and Reinstalling iTunes, QuickTime, and other software components for Windows XP
  Have you looked at the AMDS topic of:
  iOS: Device not recognized in iTunes for Windows
  Do you have han image capture programs linstalled like for a camers or scanner?