locked
Windows phone 8.1 enrollment failure RRS feed

  • Question

  • Hi guys,

    I've stuck in the "certificate enrollment" stage for days now, I really need your help.

    Here's my entire provisioning xml.

    <wap-provisioningdoc version="1.1">
      <characteristic type="CertificateStore">
        <characteristic type="Root">
          <characteristic type="System">
            <characteristic type="37950AE0DB7F3C3D10915C9A31186CB3C18BDF67">
              <parm name="EncodedCertificate" value="MIIC9DCCAl2gAwIBAgIJAM6hm4HZflfxMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
    VQQGEwJUVzEPMA0GA1UECAwGVGFpd2FuMQ8wDQYDVQQHDAZUYWlwZWkxEDAOBgNV
    BAoMB1N5bnRyb24xEDAOBgNVBAsMB1N5bnRyb24xFDASBgNVBAMMC01ETSBUZXN0
    IENBMScwJQYJKoZIhvcNAQkBFhhqdWR5X2xpbkBzeW50cm9udGVjaC5jb20wHhcN
    MTUwNDExMDk0MjIzWhcNMTYwNDEwMDk0MjIzWjCBkjELMAkGA1UEBhMCVFcxDzAN
    BgNVBAgMBlRhaXdhbjEPMA0GA1UEBwwGVGFpcGVpMRAwDgYDVQQKDAdTeW50cm9u
    MRAwDgYDVQQLDAdTeW50cm9uMRQwEgYDVQQDDAtNRE0gVGVzdCBDQTEnMCUGCSqG
    SIb3DQEJARYYanVkeV9saW5Ac3ludHJvbnRlY2guY29tMIGfMA0GCSqGSIb3DQEB
    AQUAA4GNADCBiQKBgQDrRB/3DFSQpIAY1avT76Bid2VXs8hUvUr1lywPSBZEFKrf
    hu4QfY9RuM/F1rRKQukjsdg2pwd8QkR6Re0Rlq/cX3FLpTYCSZvE1NUVaLfvpGHm
    GHG99zQb6ltNFiD0wzMy454ELBntYj2YNXtSJnTDPmzhtikRgBv+jwVfhBeuPwID
    AQABo1AwTjAdBgNVHQ4EFgQUv91AJTs657RShfR9KCgZ1t1zN3kwHwYDVR0jBBgw
    FoAUv91AJTs657RShfR9KCgZ1t1zN3kwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
    AQUFAAOBgQBZGgqG+kfmlI8wm2SoFAsFWWJc9LIL1eIlOZNbAdwqJhRqgOlCdcTP
    gRgvIadWpVpB2f8qpskpTJptlineCVbS6GB3V+6pNjcJcNxZyUkOnigWjpmbQpBC
    0KnER85/cOPI0pyxdaHgbjpokxjUmOXPUYmb77LcCOwcFn0r7dhQmA==" />
            </characteristic>
            <characteristic type="2F7EFB0A58609547903A6B2094299E81C7FE6C42">
              <parm name="EncodedCertificate" value="MIID6zCCA1SgAwIBAgIJAJ4IVcNiv+rGMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
    VQQGEwJUVzEPMA0GA1UECAwGVGFpd2FuMQ8wDQYDVQQHDAZUYWlwZWkxEDAOBgNV
    BAoMB1N5bnRyb24xEDAOBgNVBAsMB1N5bnRyb24xFDASBgNVBAMMC01ETSBUZXN0
    IENBMScwJQYJKoZIhvcNAQkBFhhqdWR5X2xpbkBzeW50cm9udGVjaC5jb20wHhcN
    MTUwNDExMDk0MzIwWhcNMTYwNDEwMDk0MzIwWjCBkzELMAkGA1UEBhMCVFcxDzAN
    BgNVBAgMBlRhaXdhbjEPMA0GA1UEBwwGVGFpcGVpMRAwDgYDVQQKDAdTeW50cm9u
    MRAwDgYDVQQLDAdTeW50cm9uMRUwEwYDVQQDDAw1Mi42OC4xMDguMTYxJzAlBgkq
    hkiG9w0BCQEWGGp1ZHlfbGluQHN5bnRyb250ZWNoLmNvbTCCASIwDQYJKoZIhvcN
    AQEBBQADggEPADCCAQoCggEBAOea4zJ3t2iLkDYxz5z+OBHaPCHzqYI+W96CJUVF
    tlLT3rVN2G+fxWKKbF0M0tIOgW62276kq9iacsUwlb+eB72HxgItNdx6Wd9qemgO
    0+NaS/22o+avy+WCC0JvRcnjYvbOSJMiripzKW5Q09sWjAGlwl2CE/stnYj7pj7H
    P4wp9u4zM3SXUk8FpeuE28INnFmqcpkx2ws4FcrNcVaWRvJRK5ehwepI4+8aLP7N
    p1FIx4ly04MFJP4vBVBkyFZ9H76FWmy90jvm9jPD6Bd1BP4MH+LQ3CvMB2w3/cFU
    AfqIxlm/KezgEIaeXj5lAlK1LuOn1ylp0hZwB+uFvZU4uj0CAwEAAaOBwTCBvjAJ
    BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCBaAwKgYDVR0l
    BCMwIQYIKwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzBlBgNVHREEXjBc
    hwQ0RGwQgiRlbnRlcnByaXNlZW5yb2xsbWVudC5zeW50cm9udGVjaC5jb22GLmh0
    dHBzOi8vZW50ZXJwcmlzZWVudHJvbGxtZW50LnN5bnRyb250ZWNoLmNvbS8wDQYJ
    KoZIhvcNAQEFBQADgYEAC/79vjilJ2mvxY64+CtxOzFCj6bK9o5dZRZXmIh5SZuI
    oAuBz+W4SC6VUnwXcg9cIInUiRqROUDT5/UWIrTL+6jTfK30DrQXjDK8vI95ly16
    v3WHe3cn8Ul1J8RedcoZAxN1fTK5q/+9QnCQLWkUmd4abkkXwp/bdncQNg7dlAE=" />
            </characteristic>
          </characteristic>
        </characteristic>
        <characteristic type="My" >
          <characteristic type="User">
            <characteristic type="8B0644C26615BCDD42DC783585DAF8B7C53B0A9E
    ">
              <parm name="EncodedCertificate" value="MIICbzCCAVegAwIBAgIJAIx5yHcxxguOMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNVBAMTBW15TURNMB4XDTE1MDQxMTEzNDg1MloXDTE1MDUxMTEzNDg1MlowEDEOMAwGA1UEAxMFbXlNRE0wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALNI6p+Mt9jSASms9kkg4bcTX1QVKBpn7f2z7BnjPrzCjbsMiLIzW53K91d/F+pHbZUMFlMtgCc4Qn8Jjd3VEyh5tLVpWHjvkjyKMMHOkWN14xYhWR4dqsDfTL7NpvfCz4TtDdLCs/JJDpggu6Hu2eMnot7rQU97aeMzwPsrUgGzAgMBAAGjUDBOMB0GA1UdDgQWBBTo2BIKkwCOLd7HPIWj9tXVDOfiajAfBgNVHSMEGDAWgBTo2BIKkwCOLd7HPIWj9tXVDOfiajAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIRWI6saaxjoDTKbmdS9LeZI28NzLCBp9eHrMa8dE08+6lTo+Y3wf90vEfwxoMoVWiy2tphRnb6PG0G4QDC5n1GrdewaRnmHbaBDQYprYUltFxcDuKO/2KzVr8BvTClkVr+l3o3XoBsCis63IKxcNx4ArtzFps69X/TLTf3hvyu7KjDUZdc1Z3Tk/gpYv3O/8VzRUEALUUmAbKM1Tc1XhlfAgrMQjFCHarY7wHl8vPIJ0XRHy7Kq7dzMRCV8mMqWsrY22Nf7M5OXKiDkDGIpXoB2WicuFOFegYdAlIzbxjp+4JXghlKs2z2hm9F2/i6qyE+NOp4ycA/YDkvVdM1x4I" />
            </characteristic>
            <characteristic type="PrivateKeyContainer">
              <parm name="KeySpec" value="2"/>
              <parm name="ContainerName" value="ConfigMgrEnrollment"/>
              <parm name="ProviderType" value="1"/>
            </characteristic>
          </characteristic>
        </characteristic>
      </characteristic>
      <characteristic type="APPLICATION">
        <characteristic type="APPADDR">
          <parm name="ADDR" value="http://enterpriseenrollment.syntrontech.com/mdm/test"/> 
        </characteristic>
        <parm name="APPID" value="w7"/>
        <parm name="PROVIDER-ID" value="SynScoutMDM"/>  
        <parm name="NAME" value="SynScout"/>
        <!-- <parm name="SSLCLIENTCERTSEARCHCRITERIA" value="Subject=CN%myMDM&amp;Stores=MY%5CUser"/> -->
        <characteristic type="APPAUTH">
          <parm name="AAUTHLEVEL" value="CLIENT"/>
          <parm name="AAUTHTYPE" value="DIGEST"/>
          <parm name="AAUTHSECRET" value="fcsdhannok"/>
          <parm name="AAUTHDATA" value="MTI5OTUzNDE1Nw=="/>
        </characteristic>
        <characteristic type="APPAUTH">
          <parm name="AAUTHLEVEL" value="APPSRV"/>
          <parm name="AAUTHTYPE" value="BASIC"/>
          <parm name="AAUTHNAME" value="218183ea-69c3-4657-a3ce-945fd9a4c788"/>
          <parm name="AAUTHSECRET" value="fcsdhannok"/>
          <parm name="AAUTHDATA" value="MTI5OTUzNDE1Nw=="/>
        </characteristic>
      </characteristic>
      <characteristic type="DMClient">
        <characteristic type="Provider">
          <characteristic type="SynScoutMDM">
            <parm name="EntDMID" value="218183ea-69c3-4657-a3ce-945fd9a4c788" datatype="string" />
          </characteristic>
        </characteristic>
      </characteristic>
    </wap-provisioningdoc>

    And the error code is [MDM Enroll End] Error HRESULT: 0x8000FFFF

    I've tried everything I can think of and read every related article, I am pretty desperate, any advice will be great help.

    Best Regard

    Judy


    • Edited by Chiahui_Lin Saturday, April 11, 2015 2:54 PM
    Saturday, April 11, 2015 1:55 PM

Answers

  • 1. The 'user' certificate you're sending is actually a self-signed CA certificate.  (Basic Constraints: Subject Type=CA), this must be a client certificate signed by the CA or Root authority provided in the other CertificateStore entries, see the best practice notes regarding the "Signed client certificate" in the protocol documentation.

    2. Your SSLCLIENTCERTSEARCHCRITERIA value is missing the 'Subject=' at the beginning of the string. (Also, I don't think you need to escape every space character...), try:

    <parm name="SSLCLIENTCERTSEARCHCRITERIA" value="Subject=C%3DUS,O%3DThe Go Daddy Group%2C Inc.,OU%3DGo Daddy Class 2 Certification Authority,CN%3DmyMDM&amp;Stores=MY%5CUser"/>
    
    ...or even just:
    <parm name="SSLCLIENTCERTSEARCHCRITERIA" value="Subject=CN%3DmyMDM&amp;Stores=MY%5CUser"/>



    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    • Marked as answer by Eric Fleck Wednesday, April 22, 2015 7:22 PM
    Tuesday, April 21, 2015 3:34 PM

All replies

  • I see two problems with your XML:

    1. you are missing the port node in 'APPADDR' here:

        <characteristic type="APPADDR">
          <parm name="ADDR" value="http://enterpriseenrollment.syntrontech.com/mdm/test"/> 
        </characteristic>

      Instead of usingn APPADDR use simply ADDR form with port specifier:

      <parm name="ADDR" value="http://enterpriseenrollment.syntrontech.com:443/mdm/test"/> 

    2. you have commented out the node:

    <!-- <parm name="SSLCLIENTCERTSEARCHCRITERIA" value="Subject=CN%myMDM&amp;Stores=MY%5CUser"/> -->


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Tuesday, April 14, 2015 10:16 PM
  • Hi Eric,

    Sorry it took me so long to reply, I have to develop both iOS and Windows MDM on my own, and our customer want to see the implementation of iOS first, so I spent last couple days on it. Anyway, I used the official ssl certificates and fixed those problem you said, but I still got [MDM Enroll End] Error HRESULT: 0x8000FFFF

    Would you please take a look at the provisioning xml again? Thank you.

    <wap-provisioningdoc version="1.1">
      <characteristic type="CertificateStore">
        <characteristic type="Root">
          <characteristic type="System">
            <characteristic type="340B2880F446FCC04E59ED33F52B3D08D6242964">
              <parm name="EncodedCertificate" value="MIIEfTCCA2WgAwIBAgIDG+cVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVT
    MSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdv
    IERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMTAx
    MDcwMDAwWhcNMzEwNTMwMDcwMDAwWjCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
    B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHku
    Y29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1
    dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3Fi
    CPH6WTT3G8kYo/eASVjpIoMTpsUgQwE7hPHmhUmfJ+r2hBtOoLTbcJjHMgGxBT4H
    Tu70+k8vWTAi56sZVmvigAf88xZ1gDlRe+X5NbZ0TqmNghPktj+pA4P6or6KFWp/
    3gvDthkUBcrqw6gElDtGfDIN8wBmIsiNaW02jBEYt9OyHGC0OPoCjM7T3UYH3go+
    6118yHz7sCtTpJJiaVElBWEaRIGMLKlDliPfrDqBmg4pxRyp6V0etp6eMAo5zvGI
    gPtLXcwy7IViQyU0AlYnAZG0O3AqP26x6JyIAX2f1PnbU21gnb8s51iruF9G/M7E
    GwM8CetJMVxpRrPgRwIDAQABo4IBFzCCARMwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
    HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9BUFuIMGU2g/eMB8GA1Ud
    IwQYMBaAFNLEsNKR1EwRcbNhyz2h/t2oatTjMDQGCCsGAQUFBwEBBCgwJjAkBggr
    BgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMDIGA1UdHwQrMCkwJ6Al
    oCOGIWh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2Ryb290LmNybDBGBgNVHSAEPzA9
    MDsGBFUdIAAwMzAxBggrBgEFBQcCARYlaHR0cHM6Ly9jZXJ0cy5nb2RhZGR5LmNv
    bS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAWQtTvZKGEacke+1bMc8d
    H2xwxbhuvk679r6XUOEwf7ooXGKUwuN+M/f7QnaF25UcjCJYdQkMiGVnOQoWCcWg
    OJekxSOTP7QYpgEGRJHjp2kntFolfzq3Ms3dhP8qOCkzpN1nsoX+oYggHFCJyNwq
    9kIDN0zmiN/VryTyscPfzLXs4Jlet0lUIDyUGAzHHFIYSaRt4bNYC8nY7NmuHDKO
    KHAN4v6mF56ED71XcLNa6R+ghlO773z/aQvgSMO3kwvIClTErF0UZzdsyqUvMQg3
    qm5vjLyb4lddJIGvl5echK1srDdMZvNhkREg5L4wn3qkKQmw4TRfZHcYQFHfjDCm
    rw==" />
            </characteristic>
          </characteristic>
        </characteristic>
        <characteristic type="CA">
          <characteristic type="System">
            <characteristic type="27AC9369FAF25207BB2627CEFACCBE4EF9C319B8">
              <parm name="EncodedCertificate" value="MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
    EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
    EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
    ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3
    MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
    EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE
    CxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQD
    EypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi
    MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzD
    BNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOv
    K/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23e
    cSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HY
    pDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7n
    eTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMB
    AAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
    HQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv
    9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
    b2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5n
    b2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG
    CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv
    MA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz
    91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2
    RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi
    DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11
    GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x
    LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB" />
            </characteristic>
          </characteristic>
        </characteristic>
        <characteristic type="My" >
          <characteristic type="User">
            <characteristic type="D99776E29260635C7D7855A925E3422FB48A0CAA
    ">
              <parm name="EncodedCertificate" value="MIIDuTCCAqGgAwIBAgIJAItolZaZdUonMA0GCSqGSIb3DQEBCwUAMHMxDjAMBgNVBAMTBW15TURNMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE1MDQxOTA3Mjk1N1oXDTE1MDUxOTA3Mjk1N1owczEOMAwGA1UEAxMFbXlNRE0xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc7dgQEGs7JBnWtIXY9SYA1aDKod+IXuy1v+ev3s4CWxpmdgAiktPTR3C7RyJhsKEr+QOzDdoIXQSJRX+HTE0VAN4nJ/dUXY2v/durp5l7c4XTHL60tg/Db917wd7z1nudSf74+7ksC6PxM6/kUCsNHvo1nFnJ0aei1kGwSjvYsFkYYlgeCEd2pWVJwPxtdN4QtPLMkqnck+bEl4tM70LB7Gu3yy16DkVuAKXm0Znj5+L5FWEzBPXGxdRTK21qnlL9kBjOBcLGGdjhpRLvMv5BAf5+5carSUxuzEq40A4qq+HLX/JOLDwG2EYziXfu0gzSGJ0xUmXZiGwj7EjVEEQzAgMBAAGjUDBOMB0GA1UdDgQWBBTnMrDPY80XBPKJymp6PRKBA6bUZDAfBgNVHSMEGDAWgBTnMrDPY80XBPKJymp6PRKBA6bUZDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA9BAvlEEQslq4Vabh4BFA3YjWBf5LbVrQsH7mNsqZXWFnMqgUn9r+lyGtjttOuw4vTBe+KCP9/sug4WRBhY1XkY4kLBSviGarRpfsH42iyNrt4Mkfzd6B5CfvQ99C41uDSu4rnMLhQpXnbRHiVpQR+MmhPoeHnqZ1qX2lWU5A6mNZJyI6seQmGPU5mggALxqtegF8H7bnPhHTTNWeX7yl7gbrDaLJfzBNUrWwWiL23R6f/GGb/mTO+pTaHwEqCcL4a3FGpKZ9NnsuQGIEw27zkmARvDc7k4E9v7klqHaA5unS/VbrpGJ/cJootFS5RexNayAEWdx+oWIagm5SckCN0" />
            </characteristic>
            <characteristic type="PrivateKeyContainer">
              <parm name="KeySpec" value="2"/>
              <parm name="ContainerName" value="ConfigMgrEnrollment"/>
              <parm name="ProviderType" value="1"/>
            </characteristic>
          </characteristic>
        </characteristic>
      </characteristic>
      <characteristic type="APPLICATION">
        <parm name="ADDR" value="https://enterpriseenrollment.syntrontech.com:443/mdm/test"/>
        <parm name="APPID" value="w7"/>
        <parm name="PROVIDER-ID" value="SynScoutMDM"/>  
        <parm name="NAME" value="SynScout"/>
        <parm name="SSLCLIENTCERTSEARCHCRITERIA" value="C%3DUS%2CO%3DThe%20Go%20Daddy%20Group%2C%20Inc.%2COU%3DGo%20Daddy%20Class%202%20Certification%20Authority%2CCN%3DmyMDM&amp;Stores=MY%5CUser"/>
        <characteristic type="APPAUTH">
          <parm name="AAUTHLEVEL" value="CLIENT"/>
          <parm name="AAUTHTYPE" value="DIGEST"/>
          <parm name="AAUTHSECRET" value="fcsdhannok"/>
          <parm name="AAUTHDATA" value="MTI5OTUzNDE1Nw=="/>
        </characteristic>
        <characteristic type="APPAUTH">
          <parm name="AAUTHLEVEL" value="APPSRV"/>
          <parm name="AAUTHTYPE" value="BASIC"/>
          <parm name="AAUTHNAME" value="218183ea-69c3-4657-a3ce-945fd9a4c788"/>
          <parm name="AAUTHSECRET" value="fcsdhannok"/>
          <parm name="AAUTHDATA" value="MTI5OTUzNDE1Nw=="/>
        </characteristic>
      </characteristic>
      <characteristic type="DMClient">
        <characteristic type="Provider">
          <characteristic type="SynScoutMDM">
            <parm name="EntDMID" value="218183ea-69c3-4657-a3ce-945fd9a4c788" datatype="string" />
          </characteristic>
        </characteristic>
      </characteristic>
    </wap-provisioningdoc>

    Best Regards. Judy

    Sunday, April 19, 2015 7:45 AM
  • 1. The 'user' certificate you're sending is actually a self-signed CA certificate.  (Basic Constraints: Subject Type=CA), this must be a client certificate signed by the CA or Root authority provided in the other CertificateStore entries, see the best practice notes regarding the "Signed client certificate" in the protocol documentation.

    2. Your SSLCLIENTCERTSEARCHCRITERIA value is missing the 'Subject=' at the beginning of the string. (Also, I don't think you need to escape every space character...), try:

    <parm name="SSLCLIENTCERTSEARCHCRITERIA" value="Subject=C%3DUS,O%3DThe Go Daddy Group%2C Inc.,OU%3DGo Daddy Class 2 Certification Authority,CN%3DmyMDM&amp;Stores=MY%5CUser"/>
    
    ...or even just:
    <parm name="SSLCLIENTCERTSEARCHCRITERIA" value="Subject=CN%3DmyMDM&amp;Stores=MY%5CUser"/>



    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    • Marked as answer by Eric Fleck Wednesday, April 22, 2015 7:22 PM
    Tuesday, April 21, 2015 3:34 PM
  • Hi Eric, thank you for the tips, I've successfully enrolled the device, you have been a great help, appreciate again!

    Wednesday, April 22, 2015 6:32 PM
  • Hi,

    Im facing difficulties in certificate service step for Federated enrollment.

    https://social.msdn.microsoft.com/Forums/en-US/os_windowsprotocols/thread/cecd9d35-d8d0-48d9-a058-29fbe78bef7d/#cecd9d35-d8d0-48d9-a058-29fbe78bef7d

    Any help would be appreciated :)

    Tuesday, March 8, 2016 11:06 AM