Topic
  • No replies
ValH
ValH
24 Posts

Pinned topic Troubleshooting: iOS Enrollment

‏2015-08-19T20:14:30Z | enrollment ios8 ios9 maas360 troubleshooting ios

iOS Enrollment

Items to check before contacting IBM

Where is the enrollment failing?

1.     Go to m.dm/corpid/xxxxxx (or m.dm/corpid if just using AD) and enter your password or Active Directory credentials.  A failure here normally indicates one of the following:

a.     No internet connection

b.    A bad username and password (check AD for lockouts, bad passwords)

c.     The request expired (enrollments are only good for 7 days after issue)

d.    The enrollment URL was entered incorrectly (it is case sensitive)

e.     Cookies are disabled on the device (check Settings -> Safari -> Accept Cookies)

2.     Obtain the MDM certificate from Fiberlink.  A failure here normally indicates one of the following:

a.     No internet connection

b.    Https (TCP 443) is blocked

c.     The date that is set on the device is old.  Older dates have resulted in enrollment errors.

3.     Talk to Apple via APNs and obtain the payloads that contain the policy information.  A failure here normally indicates one of the following:

a.     No internet connection

b.    APNs (TCP 5223) is blocked

c.     The APNs certificate has expired.  You can verify this by looking under Settings >> General >> Profiles. Only the main MDM cert will be there, not the restrictions and other payloads that were configured like VPN or Wireless.

4.     Install the MaaS360 for iOS app from the App Store.  The user will have to enter their iTunes ID.  When completed, the user should launch the app to complete set up.  A failure here normally indicates one of the following:

a.     User did not enter an iTunes account when they set up the phone

b.    User did not type his iTunes credentials correctly

c.     The App Store is blocked

Other items to check:

  • Is this happening to one device or all devices?
  • Is this happening on Wi-Fi?  Check to see if this works over a cellular network to ensure no ports block on the wireless connection.
  • Ensure that there is an APNS loaded under Setup -> Deployment Settings and that it has not expired.
  • Verify #3 above and check to see if the profiles coming down and look for any failed settings in the Summary detail of the Device.  VPN and email profiles cannot be downloaded if VPN or email already exists on the device. We recommend that you remove them before enrollment.  Are there certificates configured in the VPN, Email or Wireless policy?  If the certificate is configured and has not yet been requested or made it from the Certificate Authority (CA), the payloads will not show up on the device and you should start troubleshooting the Cloud Extender.

General Actions failures

  • Apple uses the Apple Push Notification Service to contact the devices for real time actions.
  • Ensure that the APNS certificate has not expired.
  • Check to see if the APNS commands are working. A "lock device" action can be tested (on customer's consent) to test the APNS message delivery.
  • Try connecting to either Wi-Fi or 3G on iPads. Connecting to both may prevent the APNS daemon from responding to APNS messages.
  • Ensure TCP Port 5223 is open.

Items to include when contacting IBM

  • Summary of the problem
  • Description of the problem
  • Version of iOS and the device type
  • Username and/or device name of the device having the issue
  • Any error messages
  • Any relevant screenshots
  • Logs
Updated on 2015-12-23T01:34:27Z at 2015-12-23T01:34:27Z by NatePomeroy