locked
windows 8.1 MDM discovery problem. RRS feed

  • Question

  • First of all, let me know if there is a better forum to post this question.

    I am trying to implement MDM support for windows 8.1 and I am stuck at discovery phase. I have an MDM server at myserver.mydomain.com and I have done the following:

       - On the windows 8.1 machine, to mimic DNS and to test windows mdm client, I set up local host to map enterpriseenrollment.mysever.mydomain.com to my server IP. This is to make up for dns phase as the user gives the email address of user@myserver.mydomain.com to enroll, then built-in client trys the enterpriseenrollment.myserver.mydomain.com as discovery server.
       - At myserver we made sure it implements discovery soap respone at https://enterpriseenrollment.myserver.mydomain.com/EnrollmentServer/Discovery.svc and hence returns the proper discovery message as per documentation.
       - We have a self-sgined certificate for enterpriseenrollment.myserver.mydomain.com
       - We also made sure that the we set Windows Trusted Root Certificate Authority to have the self-signed certificate of enterpriseenrollment.myserver.mydomain.com added to the list of its trusted certificates

    But we still have problem with discovery. What happens is that we get two GET messages on discovery server (which is not mentioned in the documentation) and then we get a post message which has the input discovery soap envelope  and we return proper response. But the client does not send further soap requests after that and it gives a pop message that “We can’t connect to the service you need right now. Check your network connection or try this again later” so it means that it is still not happy with the discovery response message.
    I also attached input/output soap exchange here:

    Input:
    <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">
            <s:Header>
                    <a:Action s:mustUnderstand="1">http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/Discover</a:Action>
                    <a:MessageID>urn:uuid:748132ec-a575-4329-b01b-6171a9cf8478</a:MessageID>
                    <a:ReplyTo>
                            <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
                    </a:ReplyTo>
                    <a:To s:mustUnderstand="1">https://EnterpriseEnrollment.myserverl.mydomain.com:443/EnrollmentServer/Discovery.svc</a:To>
            </s:Header>
            <s:Body>
                    <Discover xmlns="http://schemas.microsoft.com/windows/management/2012/01/enrollment">
                            <request xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
                                    <EmailAddress>user@myserverl.mydomain.com</EmailAddress>
                                    <RequestVersion>1.0</RequestVersion>
                            </request>
                    </Discover>
            </s:Body>
    </s:Envelope>

    Output:
    <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
    <s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/DiscoverResponse</a:Action>
    <ActivityId>d9eb2fdd-e38a-46ee-bd93-aea9dc86a3b8</ActivityId>
    <a:RelatesTo>urn:uuid:748132ec-a575-4329-b01b-6171a9cf8478</a:RelatesTo>
    </s:Header>
    <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <DiscoverResponse xmlns="http://schemas.microsoft.com/windows/management/2012/01/enrollment">
    <DiscoverResult>       
    <AuthPolicy>federated</AuthPolicy>     
    <EnrollmentPolicyServiceUrl>https://myserverl.mydomain.com/getcertpolicy</EnrollmentPolicyServiceUrl>    
    <EnrollmentServiceUrl>https://myserverl.mydomain.com/enrolldevice</EnrollmentServiceUrl>        
    <AuthenticationServiceUrl>https://myserverl.mydomain.com/authenticateservice</AuthenticationServiceUrl>
    </DiscoverResult>
    </DiscoverResponse>
    </s:Body>
    </s:Envelope>



    Tuesday, July 16, 2013 8:02 PM

All replies

  • Please can you tell us how do we access the mentioned inbuilt client in windows 8.1 preview? I have internally changed the hosts file to point to my local development linux server. I have used workplace settings, entered email address and clicked join button. Following are steps observed as part of my above exercise:

    1. It created a GET request (http://enterpriseenrollment.mydomain.com/EnrollmentServer/Discovery.svc) and the server returned 200 status.

    2. No POST request with SOAP message has been generated after that (In WP8 enrollment it happens so).

    Also is it possible to share your network calls that are being made between Windows 8.1 device and your server? Does your server uses a self-signed certificate to handle HTTPS request for your client?

    Thanks for your in advance.


    Friday, August 23, 2013 11:40 AM
  • Hello Mohaker\Praveen

    Open Specification forum  (http://social.msdn.microsoft.com/Forums/en-US/home?forum=os_windowsprotocols&filter=alltypes&sort=lastpostdesc) is dedicated to software developers who are using the Open Specification documentation, MS-MDM and MS-MDE in this case, to assist them in developing systems, services, and applications that are interoperable with Microsoft products. Your question appears to be related to open specifications.

    You will have better chance of an answer if you post your question to this forum.

    Thanks.


    Tarun Chopra | Escalation Engineer | Open Specifications Support Team

    Saturday, September 7, 2013 12:22 AM