Windows 8.1 Mobile Device Management and SCCM 2012 R2 - 'Turn on' option missing

Similar Messages

• Windows 8.1 mobile device management using integrated environment of SCCM 2012 R2 and Windows intune

  Can we avoid the dependency on the Symantec certificate  for enabling windows phone enrollment under Administration->Cloud services -> Windows InTune subscriptions - Windows Phones. My environment will have only windows 8.1 phones.
  Regards
  Leela

  See http://status.manage.microsoft.com/StatusPage/ServiceDashboard. 
  Engineers are investigating a service issue impacting access to portal via mobile devices.
  (Started on 12/30/2014 8:00:00 AM UTC)
  1/8/2015 11:42:49 PM (UTC)
  Current Status: Engineers are continuing to troubleshoot potential issues related to Active Directory Federation Services (ADFS). Engineers have gathered additional traces and logging data for deeper analysis. User Experience: Affected users with Windows Phone,
  iOS, or Android devices are unable to access their company portal and receive repeated prompts to enter credentials. If incorrect credentials are entered, users will receive an error stating that they have entered a bad password. Customer Impact: Engineers
  have received reports that some customers are experiencing this issue. A subset of users are affected by this event. Other users remain unaffected. Incident Start Time: Tuesday, December 30, 2014, at 8:00 AM UTC Next Update by: Tuesday, January 13, 2015, at
  12:00 AM UTC
  Torsten Meringer | http://www.mssccmfaq.de

• IPhone composition   The payload of   and mobile device management is not installable in a utility.

  Hello.
  You.
  And thank you.
  I want you to help me if you please.
  I am not good at English.
  The status code of 201,204 which Apache returns from a MDM server.
  iPhone composition   The payload of   and mobile device management is not installable in a utility.
  iPhone composition   Console of a utility.
  May 1 09:46:15 unknown mc_mobile_tunnel[13281] <Notice>: (Note) MC: mc_mobile_tunnel shutting down.
  May    1 09:46:18 unknown. profiled [13274] <Notice>:   (Note)  MC:   Checking. for. MDM installation ... May 1 09:46:18 unknown profiled[13274] <Notice>: (Note) MC: ...finished checking for MDM installation.
  May    1 09:46:18 unknown. profiled [13274] <Notice>:   (Note)  MC:   Beginning. profile. installation ... May 1 09:46:20 unknown profiled[13274] <Notice>: (Error) MDM: Cannot Authenticate. Error: NSError:Desc     : Since a transaction with the server in "https://www.anetm.com/dav/chkin" was in the situation of "204", it failed.
  US Desc:   A transaction with the server at"https://www.anetm.com/dav/chkin"has failed with the status"204."
  Domain : MCHTTPTransactionErrorDomain
  Code   : 23001
  Type   : MCFatalError
  Params : (
  "https://www.anetm.com/dav/chkin",
  204
  May    1 09:46:20 unknown profiled [13274] <Notice>:   (Error) MC:   Cannot install MDM "mobile device management" .Error:   NSError:
  Desc    :   A payload "mobile device management" was not able to be installed.
  Sugg    :   Since a transaction with the server in "https://www.anetm.com/dav/chkin" was in the situation of "204", it failed.
  US Desc:   The payload "mobile device management" could not be installed.
  US Sugg:   A transaction with the server at"https://www.anetm.com/dav/chkin"has failed with the status"204."
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  Params : (
  "\U30e2\U30d0\U30a4\U30eb\U30c7\U30d0\U30a4\U30b9\U7ba1\U7406"
  ...Underlying error:
  NSError:
  Desc    :   Since a transaction with the server in "https://www.anetm.com/dav/chkin" was in the situation of "204", it failed.
  US Desc:   A transaction with the server at"https://www.anetm.com/dav/chkin"has failed with the status"204."
  Domain : MCHTTPTransactionErrorDomain
  Code   : 23001
  Type   : MCFatalError
  Params : (
  "https://www.anetm.com/dav/chkin",
  204
  I would like to solve this problem.
  If you please, please help me.

  Hello Jack,
  Thank you for providing the details about the Apple Mobile Device USB Driver is not being listed.  I found an article with some additional steps you can take. 
  I recommend following the steps in the section titled "If the Apple Mobile Device USB Driver is not listed" in step 5 of the following article:
  iOS: Device not recognized in iTunes for Windows
  http://support.apple.com/kb/TS1538
  Thank you for using Apple Support Communities.
  Best,
  Sheila M.

• IOS device not recognized in iTunes, Windows  7 Computer, or Device Manager

  Sometime last week, I ran the updates for my computer. When I plugged in my iPod Touch afterwards, it would not connect to iTunes, although on the iPod itself, I could see it was connected based on the "charging" symbol on the battery icon. So I checked if my computer recognized it as a "Device with removable memory in the computer. Only "DVD RW Drive (E)" showed up and under the "Other" section only showed my iCloud Photos folder. I also checked the device manager for any drive with the name Apple- none. I have only 2 USB ports on my computer, and I've switched between them over and over. No result. I have checked the hardware id's on all my USB drives in the device manager, and I only find the HP TrueVision camera on my laptop.
  After a couple of hours browsing through the support forums, I was able to restore the driver, thus allowing my iPod to be recognized again by the computer and iTunes.
  on 10/14/13 I ran the installation for updates again, and the same problem occured with my iPod. So I went through the same steps from last week, but this time, no changes. I still cant get the drive back on my device manager. I've gone through all the support pages pertaining to anything and everything about this issue, and still, everything I tried from and simple computer restore to a clean boot has still rendered no results. I know my USB cable works because im able to charge my iPod from any outlet (computer, A/C adapter, car adapter) and sadly I do not have the means to try on another computer.
  I have a HP 64-bit Computer running Windows 7 service pack 1.
  iTunes version 11.1 currently installed.
  iPod Touch 4th Generation iOS version 6.1.3.
  The Apple Mobile Device Support is installed.
  Can someone heplp me?

  Have you tried to give your iPod  a reset? Hold down the sleep and home keys until you see the silver apple. Let it reboot and try again.
  Have you tried different USB ports? Rebooted your computer?
  Uninstalled and then reinstalled iTunes? (You won't lose content if you uninstall)

• Itunes Mobile device manager wont load/gone

  I bought a new ipad3 and i am having an error message come up when syncing my music  from my iTunes account on a HP Netbook (Windows XP) to my iPad3.
  I get an error message that the iTunes Mobile Device Manager is not connected. Using the new 10.6 OS upgrade....recently updated what has happened.
  I repaired iTunes in my Programs, tried to sync...no go. I then deleted iTunes completely and reinstalled.....same result....no Device Manager.
  Maybe I haven't deleted some or all programs first and then try to reinstall? ...maybe I missed something.
  All programs labeled Apple and iTunes were deleted...am I missing something?
  Thanks for any help and guidence.

  Refer to this article to restart AMDS,
  How to restart the Apple Mobile Device Service (AMDS) on Windows
  http://support.apple.com/kb/TS1567

• ISE integration with Mobile Device Management ( MDM ) help required

  Dear Techies,
       Am here bring to your notice an different issue and no much resources to support even in PEC or Cisco Document.
       We are conduction a Proof Of Concept (PoC) on  Secure Bring Your Own Device ( BYOD ) using Cisco ISE and gonna test all the scenarios like Wired, Wireless and VPN user access.
  Setup Brief :
  =========
        Our Setup has  ISE VM acting as Admin, Monitor and Profiling Device, we have NAC 3315 physical Appliance as Inline posture Device, Wireless LAN controller, Access point and the Identity source as Microsof Active Directory
       Having Plans to Integrate Mobile Device Management ( MDM ) and Citrix VDI setup also.
  Activity Brief:
  =========
       As of now we have tested the Wired Scenario Authentication and authorization for guest users and gonna carry out the profiling and posture.
  Clarifications Required
  ================
  Wired Scenario - Require some configuration / steps on how to carryout posture for the guest wired users i.e. LAPTOP.
  Wireless Scenario
  MDM can be integrated to ISE ? 
  How the MDM can be integrated to Cisco ISE configuration or Guide to show the same?
  What is the demarcation between MDM and ISE ( i.e. What is the role of ISE and MDM on Mobile Devices ) ?
  If MDM is available so then when the control of ISE ends, does MDM do management or ISE will do management of the devices ?
  Is MDM will do client provisioning or ISE should do ?
  Is MDM send or update patches of Mobile Devices ?
  As of now these are the scenarios, kindly revert if any good documents to show this or share your expertise on the Integration Part.
  Thanks for Reading...
  Arun

  I would like to avail your valuable inputs to understand on the  Client provisioning part for the Mobile Devices/ Laptop. I understand  from your reply that MDM integration is not available in the current  release ISE 1.1 - That is correct.
  Kindly let me know your views or any documents on the following scenarios with the current release in mind
  1. User  with Mobile devices connecting to Wireless  ( both Employee  and Guest ) , How the Flow differs for the Employee and Guest.  How the  client provisioning is done ( i.e. Like Posturing  or Compliance Check  ).
  The posturing and compliance check is done based on the user authentication information (i.e. AD memberOf vs Guest user) combined with the users endpoint (windows, mac osx, or a mobile device), ISE then has a few decisions to make based on the authorization policies. For example, if a Domain User coming from a Windows 7 machine joins the network, then can either use the nac agent, or the web agent. Then you can scan for registry settings, file settings, program requirements, hotfix compliance...and the list goes on. If the user fails a check then you can either assign an acl for the user so they only have guest access, or you can place them into a remediation vlan the options are entirely up to the requirements and however the solution is implemented.
  2. User  with Laptop  connecting to Wireless  ( both Employee  and Guest ). How the client provisioning is done ( i.e. Like Posturing   or Compliance Check ).
  Guests are usually redirected to the guest portal which they authenticate and their user group falls within the Guest container that is on the ISE internal database, that is usually coupled with an authorization profile that grants them internet access. For the client provisioning, that is usually done based on the operating system, via profiling (dhcp, and user agent string., netmap...etc) and can be fine tuned for all laptops or to a specific set of users based on their group membership.
  3. What are advantages of having ISE also in  place for Mobile devices, since most of the Mobile related tasks ( like  Authentication, Authorization, Profiling and  Posture ) are carried out  by MDM. I am checking for the significant advantage of having ISE for  Client network having only Mobile devices. Kindly clarify.
  Currently the advantage of Cisco ISE is that it supports profiling within wireless and really fits well within a network that has mostly Cisco products since they are all part of of the Borderless security initiative being driven on the backend. The product teams for wireless, wired, security (vpn..etc) and ISE are pretty close in building their solutions so that you can get connected with any device any where (sorry for the sales pitch). The latests wireless code is improving and is going to have support similar to the ios sensor for wired devices where dhcp, cdp, and other attributes can be sent in the radius packet for better profiling decisions. With integration for an MDM platform coming soon, and also support for TACACS rumored (have to verify with your account rep) you have options that really stand out from a unit that only supports MDM. Cisco ISE also comes with a wireless product ID so that makes the budget work when it comes to deploying ISE if you arent looking for enforcement on your wired devices.
  4. Do you recommend 802.1X Authentication to use for the Employee and Contractor? The Guest user  authentication as Open ?
  For internal users and vendors the best option by far is dot1x, almost all operating systems are capable of performing dot1x and the 1.1.1 MR has a piece now that can provision the supplicant for the users, by using scep to enroll certificates or configure peap settings.
  There is a feature within the guest portal that allows you to statically assign guests into endpoint group, that feature is called device registration web authentication. It seems like an open network but uses mac filtering to assign these devices to an endpoint without requiring users to enter any credentials. They are presented with an AUP page, once they accept their mac address is mapped to the endpoint group
  5. How can we ensure the Encryption of traffic from the Guest user to the NAD ( Network Access devices ) ?
  This may be a wireless question but I am sure the encryption is done using AES and using dot1x as the key management here is a brief background for this - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#L2
  You can also use the anyconnect client which can provide macsec which is layer 2 encryption for wired - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-622477_ns1049_Networking_Solutions_Q_and_A.html
  6. We are also looking for VDI  ( Citrix, VMware ) solution for the  client  ( both Employee and Guest ) , how ISE can play a role in  securing the VDI environment.
  For most thin clients you can perform dot1x authentication on the device itself, however that is something the manufacturer will have to support. This is a little gray for me.
  7. Is that any integration required  with Citrix or VMware. How the  VDI can be offered based on the User  role ( i.e. Employee, Contractor or Guest ), since Guest database is  available only with ISE, how the checks are made from the VDI  environment.
  IN ISE there is an identity sequence which can authenticate users in AD first, if the user is not found then it can look in the internal database.
  Our solution demands  MDM in the integrated  solution, As on today ISE cant be integrated with MDM. so what kind of  solution we can propose to have MDM and Cisco ISE .Do the clients now  enter the network should have already installed the MDM agent (or) any  other way of pushing the same to the Client.
  Today there is no integration between the devices, the last release time I heard was December for this feature. However it would be best to confirm with your Cisco Account rep on this issue.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Mobile Device date and time Restrication

  Hi,
  Is any policies in Intune to restrict the users to not change the Mobile device Date and Time.
  Shailendra Dev

  thanks geery,
  Also is below things possible through MS Intune for Windows Phone 8.1 , as i have checked the technet as of now below features not supported for Windows Phone 8.1 . can I manage the Blackberry devices from Ms Intune...?
  also one things i want to know from you is currently MS intune features changes very frequents hence  is any sites that i can subscribe for updates about Ms Intune.. 
  Features that i am looking for Windows Phones
  1. Browser Restriction 
  2. Mobile Application Management Policy 
  Shailendra Dev

• Deployment of mobile device management.

  Hi All,
  I am using SCCM 2012 R2 environment in my organization, and i want deploy mobile device management for mange the apple,android and WIN RT devices. Please help me out for this complete step by step process.
  Currently my SCCM in configured with http.
  Thanks
  Shankarkumar

  All Exchange connector features and supported configurations are listed in the following links :
  http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigMobileExchCon
  http://technet.microsoft.com/en-us/library/gg682022.aspx
  Benoit Lecours | Blog: System Center Dudes

• Questions on mobile device management

  Hi All,
  I'm not sure where to post this question since I couldn't find a forum specific to Afaria, so thought someone here might be able to help.
  1. Afaria mobile device management solution claims that data and content is backed up and can be deleted if a device is stolen or lost. Can this deletion be done if the mobile is switched off of the SIM card has been removed? What is the mechanism of the data deletion process when the device is either ON/OFF?
  2. How does Afaria handle online and offline user authentication? If a mobile app is opened, can Afaria be configured to force the user to enter credentials for authentication? Or should there be a separate login page as a part of the mobile app? (The user's credentials are needed to find his role from LDAP and the rest of the app to work properly, which is y the question).
  Thanks & Regards,
  Vaishnavi

  This forum is fine for Afaria discussions and questions, no worries. 
  1.  If mobile device is switched off or not network connected then Afaria is not able to do anything with that device.  The content though would be secured, encrypted etc. so that there should be no risk as long as the device is switched off.  The "kill device" command that can be sent from Afaria will work if device is turned on and connected to a network.
  2.  Afaria can force quite a lot of things and one of them is regarding the device itself, forcing a password/pin type of unlocking.  The mobile app normally has it's own mechanism for authentication, user name and password.  That is a SUP function and has little to do with Afaria, I don't believe Afaria can force that part of authentication. 
  You can get a good overview of the technical part of Afaria here:  [Afaria Technical White paper|http://www.sybase.com/files/White_Papers/Afaria-Technical-WP.pdf]

• When I connect my iPod touch it tells me that I need a new version of Apple Mobile Device Support and to uninstall iTunes and then re-install it, I've done that twice with the newest version of iTunes and it still doesn't work?

  When I connect my iPod touch it tells me that I need a new version of Apple Mobile Device Support and to uninstall iTunes and then re-install it, I've done that twice with the newest version of iTunes and it still doesn't work?

  Try:
  Removing and reinstalling iTunes, QuickTime, and other software components for Windows Vista or Windows 7

• Apple Mobile Device service and Ipod Service both necessary?

  Do I need both Apple Mobile Device service and Ipod Service running on my Windows XP machine in order to use an iPod Touch Gen4?  I have to restart both of these services to get iTunes 11.0.4.4 to recognize it.  I wonder if they conflict with one another.

  Both need to be running.
  Try:
  Removing and Reinstalling iTunes, QuickTime, and other software components for Windows XP

• G470 Bluetooth not listed under Device Manager and not working

  Hi,
  Can someone teach me how to solve my G470 problem?
  Its Bluetooth is not listed under Device Manager and I can't find it anywhere.
  Before that, it isn't working at all.
  Thanks
  Solved!
  Go to Solution.

  hi athirah11,
  Welcome to the Lenovo Forums.
  Can you try the following:
  1. Press the Windows key‌ +R, type devmgmt.msc and press Enter. On the Device Manager, click View > Show hidden devices and check if the Bluetooth device is being listed.
  - Link to picture
  - Link to picture
  2. If the bluetooth device shows up under the Device Manager, do the following:
      a. Under Control Panel > Programs, uninstall the Bluetooth driver/software (reboot if necessary)
      b. Run the Bluetooth Driver Installer
       -  this will identify the type of Bluetooth Device installed on the system (eg. Qualcom Atheros, Intel, etc.) and it will install a generic Bluetooth driver. If successful, the Bluetooth device and its components should now appear normally under the Device Manager.
  If the bluetooth device still doesn't show up, can you provide the model number of your G470 (eg. 59xxxxxx) fur further checking.
  Let me know how it goes.
  Regards
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
  Follow @LenovoForums on Twitter!

• IOS Mobile Device Management - The SCEP server returned an invalid response

  I am in the process of writing an open source iOS mobile device management module in Java. For this I am referring the Apple provided Ruby code at [1]. I have set this up and it works fine for me. Now I need to convert this code to Java. So far I have accomplished to do that up to PKIOperation. In the PKI operation I get "The SCEP server returned an invalid response" which I believe is due to wrong response I sent to device upon PKIOperation.
  However when I do search on the internet I get this is something to do with the "maxHttpHeaderSize" as I am using the server as Apache Tomcat. Although I increase that since still it does not get resolved.
  Here is the code I need to convert - taken from Apple provided Ruby script
  if query['operation'] == "PKIOperation"
      p7sign = OpenSSL::PKCS7::PKCS7.new(req.body)
      store = OpenSSL::X509::Store.new
      p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
      signers = p7sign.signers
      p7enc = OpenSSL::PKCS7::PKCS7.new(p7sign.data)
      csr = p7enc.decrypt(@@ra_key, @@ra_cert)
      cert = issueCert(csr, 1)
      degenerate_pkcs7 = OpenSSL::PKCS7::PKCS7.new()
      degenerate_pkcs7.type="signed"
      degenerate_pkcs7.certificates=[cert]
      enc_cert = OpenSSL::PKCS7.encrypt(p7sign.certificates, degenerate_pkcs7.to_der,
          OpenSSL::Cipher::Cipher::new("des-ede3-cbc"), OpenSSL::PKCS7::BINARY)
      reply = OpenSSL::PKCS7.sign(@@ra_cert, @@ra_key, enc_cert.to_der, [], OpenSSL::PKCS7::BINARY)
      res['Content-Type'] = "application/x-pki-message"
      res.body = reply.to_der
  end
  So this is how I written this in Java using Bouncycastle library.
  X509Certificate generatedCertificate = generateCertificateFromCSR(
                  privateKeyCA, certRequest, certCA.getIssuerX500Principal()
                          .getName());
          CMSTypedData msg = new CMSProcessableByteArray(
                  generatedCertificate.getEncoded());
          CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
          edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(
                  receivedCert).setProvider(AppConfigurations.PROVIDER));
          CMSEnvelopedData envelopedData = edGen
                  .generate(
                          msg,
                          new JceCMSContentEncryptorBuilder(
                                  CMSAlgorithm.DES_EDE3_CBC).setProvider(
                                  AppConfigurations.PROVIDER).build());
          CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
          ContentSigner sha1Signer = new JcaContentSignerBuilder(
                  AppConfigurations.SIGNATUREALGO).setProvider(
                  AppConfigurations.PROVIDER).build(privateKeyRA);
          List<X509Certificate> certList = new ArrayList<X509Certificate>();
          CMSTypedData cmsByteArray = new CMSProcessableByteArray(
                  envelopedData.getEncoded());
          certList.add(certRA);
          Store certs = new JcaCertStore(certList);
          gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                  new JcaDigestCalculatorProviderBuilder().setProvider(
                          AppConfigurations.PROVIDER).build()).build(
                  sha1Signer, certRA));
          gen.addCertificates(certs);
          CMSSignedData sigData = gen.generate(cmsByteArray, true);
          return sigData.getEncoded();
  The returned result here will be output in to the servlet output stream with the content type "application/x-pki-message".
  It seems I get the CSR properly and I generate the X509Certificate using following code.
  public static X509Certificate generateCertificateFromCSR(
          PrivateKey privateKey, PKCS10CertificationRequest request,
          String issueSubject) throws Exception {
      Calendar targetDate1 = Calendar.getInstance();
      targetDate1.setTime(new Date());
      targetDate1.add(Calendar.DAY_OF_MONTH, -1);
      Calendar targetDate2 = Calendar.getInstance();
      targetDate2.setTime(new Date());
      targetDate2.add(Calendar.YEAR, 2);
      // yesterday
      Date validityBeginDate = targetDate1.getTime();
      // in 2 years
      Date validityEndDate = targetDate2.getTime();
      X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(
              new X500Name(issueSubject), BigInteger.valueOf(System
                      .currentTimeMillis()), validityBeginDate,
              validityEndDate, request.getSubject(),
              request.getSubjectPublicKeyInfo());
      certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(
              KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
      ContentSigner sigGen = new JcaContentSignerBuilder(
              AppConfigurations.SHA256_RSA).setProvider(
              AppConfigurations.PROVIDER).build(privateKey);
      X509Certificate issuedCert = new JcaX509CertificateConverter()
              .setProvider(AppConfigurations.PROVIDER).getCertificate(
                      certGen.build(sigGen));
      return issuedCert;
  The generated certificate commonn name is,
  Common Name: mdm(88094024-2372-4c9f-9c87-fa814011c525)
  Issuer: mycompany Root CA (93a7d1a0-130b-42b8-bbd6-728f7c1837cf), None
  [1] - https://developer.apple.com/library/ios/documentation/NetworkingInternet/Concept ual/iPhoneOTAConfiguration/Introduction/Introduction.html

  I am in the process of writing an open source iOS mobile device management module in Java. For this I am referring the Apple provided Ruby code at [1]. I have set this up and it works fine for me. Now I need to convert this code to Java. So far I have accomplished to do that up to PKIOperation. In the PKI operation I get "The SCEP server returned an invalid response" which I believe is due to wrong response I sent to device upon PKIOperation.
  However when I do search on the internet I get this is something to do with the "maxHttpHeaderSize" as I am using the server as Apache Tomcat. Although I increase that since still it does not get resolved.
  Here is the code I need to convert - taken from Apple provided Ruby script
  if query['operation'] == "PKIOperation"
      p7sign = OpenSSL::PKCS7::PKCS7.new(req.body)
      store = OpenSSL::X509::Store.new
      p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
      signers = p7sign.signers
      p7enc = OpenSSL::PKCS7::PKCS7.new(p7sign.data)
      csr = p7enc.decrypt(@@ra_key, @@ra_cert)
      cert = issueCert(csr, 1)
      degenerate_pkcs7 = OpenSSL::PKCS7::PKCS7.new()
      degenerate_pkcs7.type="signed"
      degenerate_pkcs7.certificates=[cert]
      enc_cert = OpenSSL::PKCS7.encrypt(p7sign.certificates, degenerate_pkcs7.to_der,
          OpenSSL::Cipher::Cipher::new("des-ede3-cbc"), OpenSSL::PKCS7::BINARY)
      reply = OpenSSL::PKCS7.sign(@@ra_cert, @@ra_key, enc_cert.to_der, [], OpenSSL::PKCS7::BINARY)
      res['Content-Type'] = "application/x-pki-message"
      res.body = reply.to_der
  end
  So this is how I written this in Java using Bouncycastle library.
  X509Certificate generatedCertificate = generateCertificateFromCSR(
                  privateKeyCA, certRequest, certCA.getIssuerX500Principal()
                          .getName());
          CMSTypedData msg = new CMSProcessableByteArray(
                  generatedCertificate.getEncoded());
          CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
          edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(
                  receivedCert).setProvider(AppConfigurations.PROVIDER));
          CMSEnvelopedData envelopedData = edGen
                  .generate(
                          msg,
                          new JceCMSContentEncryptorBuilder(
                                  CMSAlgorithm.DES_EDE3_CBC).setProvider(
                                  AppConfigurations.PROVIDER).build());
          CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
          ContentSigner sha1Signer = new JcaContentSignerBuilder(
                  AppConfigurations.SIGNATUREALGO).setProvider(
                  AppConfigurations.PROVIDER).build(privateKeyRA);
          List<X509Certificate> certList = new ArrayList<X509Certificate>();
          CMSTypedData cmsByteArray = new CMSProcessableByteArray(
                  envelopedData.getEncoded());
          certList.add(certRA);
          Store certs = new JcaCertStore(certList);
          gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                  new JcaDigestCalculatorProviderBuilder().setProvider(
                          AppConfigurations.PROVIDER).build()).build(
                  sha1Signer, certRA));
          gen.addCertificates(certs);
          CMSSignedData sigData = gen.generate(cmsByteArray, true);
          return sigData.getEncoded();
  The returned result here will be output in to the servlet output stream with the content type "application/x-pki-message".
  It seems I get the CSR properly and I generate the X509Certificate using following code.
  public static X509Certificate generateCertificateFromCSR(
          PrivateKey privateKey, PKCS10CertificationRequest request,
          String issueSubject) throws Exception {
      Calendar targetDate1 = Calendar.getInstance();
      targetDate1.setTime(new Date());
      targetDate1.add(Calendar.DAY_OF_MONTH, -1);
      Calendar targetDate2 = Calendar.getInstance();
      targetDate2.setTime(new Date());
      targetDate2.add(Calendar.YEAR, 2);
      // yesterday
      Date validityBeginDate = targetDate1.getTime();
      // in 2 years
      Date validityEndDate = targetDate2.getTime();
      X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(
              new X500Name(issueSubject), BigInteger.valueOf(System
                      .currentTimeMillis()), validityBeginDate,
              validityEndDate, request.getSubject(),
              request.getSubjectPublicKeyInfo());
      certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(
              KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
      ContentSigner sigGen = new JcaContentSignerBuilder(
              AppConfigurations.SHA256_RSA).setProvider(
              AppConfigurations.PROVIDER).build(privateKey);
      X509Certificate issuedCert = new JcaX509CertificateConverter()
              .setProvider(AppConfigurations.PROVIDER).getCertificate(
                      certGen.build(sigGen));
      return issuedCert;
  The generated certificate commonn name is,
  Common Name: mdm(88094024-2372-4c9f-9c87-fa814011c525)
  Issuer: mycompany Root CA (93a7d1a0-130b-42b8-bbd6-728f7c1837cf), None
  [1] - https://developer.apple.com/library/ios/documentation/NetworkingInternet/Concept ual/iPhoneOTAConfiguration/Introduction/Introduction.html

• HT5188 Will "removing apps from devices" also work with other mobile device management systems like i.e. Mobile Iron?

  As we are a very big company and working with a high end mobile device management system (Mobile Iron), we cannot use the configurator for iOS devices delivered with Mac OS.
  So my question is, whether it is or will be possible to reuse redemption codes also for devices being managed by other MDM systems than Apple configurator.

  As we are a very big company and working with a high end mobile device management system (Mobile Iron), we cannot use the configurator for iOS devices delivered with Mac OS.
  So my question is, whether it is or will be possible to reuse redemption codes also for devices being managed by other MDM systems than Apple configurator.

• How can I install Apple Mobile Device Manager by itself

  I have been having an issue with my new iPod touch where iTunes does not see the iPod and tells me it is missing some software. I know for a fact that the apple mobile device manager should be installing with the iTunes 7.5 download, but for some reason it is not installing on my machine. I used WinRAR to split apart the 7.5 installer file and have the Apple Mobile Device Support 1.1.2.23 file saved on my desktop. The problem now is that I can't figure out how to install the file.
  The file type is a .MSI. I've done some searching and not found anything I could understand that would help me to install this file on my pc. Any suggestions?

  i was having this problem with my iphone.......1st go into the control panel and then to uninstall programs and uninstall anything apple. once everything apple is uninstalled. go to www.apple.com and install the latest itunes. after the latest itunes is installed this should work. it worked just fine for my iphone. ps i had my iphone connected to my computer during the whole process.