locked
Enroll on behalf of RRS feed

  • Question

  • Attempted to get a device to enroll on behalf of. I have two machines one is a vm one is a real lenovo laptop. I am able to get the the vm to attempt an enroll and it says successful but never actually hits the server even though it says it is enrolled. The actual machine wont even enroll. The laptop fails after the get_policies response. Both devices get the same get_policies response.

    is the below response formatted correctly? If not what is wrong? If it is formatted correctly what could be wrong with the laptop?

    <s:Envelope xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"> 
    <s:Header> 
    <a:Action s:mustUnderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPoliciesResponse</a:Action> 
    <ActivityId CorrelationId="08d2997e-e8ac-4c97-a4ce-d263e62186ab" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">d4335d7c-e192-402d-b0e7-f5d550467e3c</ActivityId> 
    <a:RelatesTo>urn:uuid: 69960163-adad-4a72-82d2-bb0e5cff5598</a:RelatesTo> 
    </s:Header> 
    <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> 
    <GetPoliciesResponse xmlns="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy"> 
    <response> 
    <policyFriendlyName xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> 
    <nextUpdateHours xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> 
    <policiesNotChanged xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /> 
    <policies> 
    <policy> 
    <policyOIDReference>0</policyOIDReference> 
    <cAs xsi:nil="true" /> 
    <attributes> 
    <policySchema>3</policySchema> 
    <privateKeyAttributes> 
    <minimalKeyLength>2048</minimalKeyLength> 
    <keySpec>2</keySpec> 
    <keyUsageProperty xsi:nil="true" /> 
    <permissions xsi:nil="true" /> 
    <algorithmOIDReference xsi:nil="true" /> 
    <cryptoProviders xsi:nil="true" /> 
    </privateKeyAttributes> 
    <supersededPolicies xsi:nil="true" /> 
    <privateKeyFlags>0</privateKeyFlags> 
    <subjectNameFlags xsi:nil="true" /> 
    <enrollmentFlags xsi:nil="true" /> 
    <generalFlags xsi:nil="true" /> 
    <hashAlgorithmOIDReference>0</hashAlgorithmOIDReference> 
    <rARequirements xsi:nil="true" /> 
    <keyArchivalAttributes xsi:nil="true" /> 
    <extensions xsi:nil="true" /> 
    </attributes> 
    </policy> 
    </policies> 
    </response> 
    <cAs xsi:nil="true" /> 
    <oIDs> 
    <oID> 
    <value>1.3.14.3.2.29</value> 
    <group>1</group> 
    <oIDReferenceID>0</oIDReferenceID> 
    <defaultName>Lightspeed Systems</defaultName> 
    </oID> 
    </oIDs> 
    </GetPoliciesResponse> 
    </s:Body> 
    </s:Envelope>

    Tuesday, August 5, 2014 7:10 PM

All replies

  • Can you explain in more general terms what policy values you are trying to set?

    For example, you specify an oID value of: 1.3.14.3.2.29, which is SHA1 with RSA signature but you set the defaultName to "Lightspeed Systems" instead of "szOID_OIWSEC_sha1RSASign" ...

    I'm not sure if this matters but I also notice that you specify: <privateKeyFlags>0</privateKeyFlags>, instead of:  <privateKeyFlags xsi:nil="true" />.


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Wednesday, August 6, 2014 4:04 PM
  • Those are errors that i accidentally left in during my testing. I am attempting to complete and Enroll on behalf of on a windows 8.1 device. virtual machines will enroll but then never connect to anything while real machines wont even enroll. I have verified that the device is submitting an enroll on behalf request
    Thursday, August 7, 2014 6:02 PM