locked
Mobile App Activation Fails RRS feed

  • Question

  • I have an on-premise MFA server (6.3.1.1). Phone call and SMS authentication works perfectly. When I try to activate via mobile app using my Android device, I receive the following error:

    Activation failed. Please check the activation code to ensure it is correct. Error Details: Server Error

    The MultiFactorAuthSvc.log shows that the activation code is being generated: 

    pfsvc|Phone App activation code '864983620' generated for user 'name@domain.com'.

    I get successful results when invoking TestPfWsSdkConnection and TestSecurity. The site uses a valid SSL wildcard certificate.

    Anyone have any ideas? Any help would be appreciated.


    Tuesday, March 24, 2015 2:28 PM

Answers

  • Hello Kevin,

    It seems like the connection from the device to your mobile app activation service and the connection from the mobile app activation service to the web service SDK are all good. Otherwise, you wouldn't see any data in the logs. What appears to be failing is sending a push notification to the device to validate it before storing the device's token in the MFA server.

    Though there is no mention of changing authentication methods in the mobile app web site. You may try disabling basic authentication for the mobile app URL and enable anonymous, see if that works.

    Best Regards,

    Sadiqh

    Wednesday, March 25, 2015 7:55 PM

All replies

  • Hi Burgess,

    Thanks for posting here!

    I would like to highlight few points here, which might help you solving your issue.

    I think you are using Windows Server 2012 with IIS 8 Server on which Android devices won't connect while using a wildcard certificate.

    The certificate installed on the Mobile App Web Service box that the mobile app communicates with must be issued from a trusted CA. Otherwise, the mobile app won't trust the cert and the connection will fail.

    Other way round if you have a self-signed certificate on the MFA Server securing the web service SDK, make sure you import it into the Trusted Root store on the mobile app web service box so that it will trust it.

    If not you might be having multiple SSL sites on the server (and this one isn't the "default" binding)?  If so, it could well be the same issue - lack of SNI support in the Android TLS negotiation.

    Refer this link:http://mobilitydojo.net/2012/08/20/server-name-indication-support-in-mobile-devices/

    Regards,

    Sadiqh

    __________________________________________________________________________________________________________________

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, March 24, 2015 7:03 PM
  • Hi Sadiqh,

    Thank you for the response. The certificate installed on the server hosting the web service SDK uses a self-signed certificate. When I import it into the server hosting the mobile app service and attempt to activate, I still receive the same error. On the mobile app server, I currently have 2 virtual directories configured under the Default Web Site call Enroll (user portal) and MobileApp (mobile app service). The Default Web Site has a 443 binding using the wild card certificate.

    Am I missing something?

    Thanks,

    Kevin


    Tuesday, March 24, 2015 8:23 PM
  • Hello Kevin,

    It seems like the connection from the device to your mobile app activation service and the connection from the mobile app activation service to the web service SDK are all good. Otherwise, you wouldn't see any data in the logs. What appears to be failing is sending a push notification to the device to validate it before storing the device's token in the MFA server.

    Though there is no mention of changing authentication methods in the mobile app web site. You may try disabling basic authentication for the mobile app URL and enable anonymous, see if that works.

    Best Regards,

    Sadiqh

    Wednesday, March 25, 2015 7:55 PM