none
Windows phone 8.1 mdm enrollment failure RRS feed

  • Question

  • Hi,

    I am facing issue getting windows phone 8.1 enrolled. Earlier I was facing issue which got solved by putting correct hashcode values in CertificateStore tag in provisioning xml: 

    19, , , , 95, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer Start] Install cert in app container. , 3, 1944, , , , , 1, 10.590278958
    20, , , , 98, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer] Uninstalling enrollment cert for OMADM session. , 3, 1944, , , , , 1, 10.590302187
    21, , , , 96, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer End] Success , 3, 1944, , , , , 1, 10.590373958
    22, , , , 72, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Enroll End] Error HRESULT: 0x80070057 , 2, 1428, 0x80070057, , , , 1, 10.637523020
    23, SysConfigEx, SysConfigEx: NetworkInterface, , 0, Unknown, , , , , , , , , 24, 


    Now facing below exception:

    Device log:

    22, , , , 56, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Function NCryptOpenKey failed with result (0x80090016). , 1, 3608, NCryptOpenKey, 0x80090016, , , 1, 42.015833645

    24, , , , 5, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Data transmission attempt (1) failed with (2147942487). , 1, 3608, 1, 2147942487, , , 1, 45.715726458



    Any idea what is going wrong?
    Wednesday, August 27, 2014 2:07 PM

Answers

  • Issue is resolved for me and I think it was with self signed certificate. For testing, I have created many self signed certificates with same CN and added that in my JVM which I think was creating issue. Issue got resolved when I did fresh setup of DM server on new machine.

    Regards,

    Ganesh Shinde

    • Marked as answer by Ganesh14Shinde Wednesday, September 17, 2014 5:00 AM
    Tuesday, September 16, 2014 2:10 PM

All replies

  • Are you doing anything which modifies the public key of the requested client certificate?

    The public key of the client certificate in the response must match the public key from the request otherwise it cannot be paired back up with the private key which the device generated when making the request.


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Friday, August 29, 2014 5:54 PM
    Moderator
  • Thanks for the reply Eric,

    I am not modifying the public key in certificate request sent by device. Please have a look at the code below which uses root certificate(self signed certificate i created ) and generated client cert.

    Code:

    PKCS10CertificationRequest certRequest = getEncodedClientCertPkcsReq(request); // Extracts pkcs#10 certRequest from device request

    X509Certificate rootCert = getRootCertificate(); // gets X509Certificate object from self signed certificate stored on my local file system

    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(rootCert.getSubjectX500Principal());
    certGen.setNotBefore(new Date(System.currentTimeMillis()));
    certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
    certGen.setSubjectDN(new X500Principal("CN=MDMLocalClientCert"));
    certGen.setPublicKey(certRequest.getPublicKey());
    certGen.setSignatureAlgorithm("SHA1WithRSA");

    X509Certificate issuedCert = certGen.generate(getRootPrivateKey());

    And then I am embedding root and client certificate objects Base64 encoded data and hash code in provisioning xml by below code:

    String hasVal= org.apache.commons.codec.digest.DigestUtils.shaHex(issuedCert.getEncoded());
    String base64DataOfCertificate = new String(Base64.encode(issuedCert.getEncoded()));

    Anything I am missing or doing wrong step? Thanks again in advance.

    Regards,

    Ganesh Shinde

    Monday, September 1, 2014 6:27 AM
  • Thanks for the reply Eric,

    After few changes in provisioning xml file, now I am able to proceed further but getting some errors. Can you please help?

    I am able to see "Account added successfully" message on device but its showing "Attention required" messages in blue color in workplace setting. When clicked on "Attention required" messages, it shows screen with read only email address and server  fields, but values of these fields are "none" means values are not set. I can see NULL values for these fields in device logs as well.

    Logs:

    26, , , , 7, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Enrollment succeeded with server (xx.xx.xx.xxx). , 2, 2236, xx.xx.xx.xxx, , , , 1, 12.188668750
    27, , , , 91, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM DMScheduleAdmin Start] Commandline: C:\Programs\EnrollmentClient\DMScheduleAdmin.exe /SyncPolling , 1, 2552, C:\Programs\EnrollmentClient\DMScheduleAdmin.exe /SyncPolling, , , , 1, 12.319045677
    28, , , , 93, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM DMScheduleAdmin End] Success , 2, 2552, , , , , 1, 12.332382656
    29, , , , 95, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer Start] Install cert in app container. , 2, 2712, , , , , 1, 12.603171927
    30, , , , 97, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer] Installing enrollment cert for OMADM session. , 2, 2712, , , , , 1, 12.603213906
    31, , , , 96, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer End] Success , 2, 2712, , , , , 1, 12.750669791
    32, , , , 36, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Generated Exchange Device Id (8363F0BCEA7D4D0920DCA52C28BC5B19). , 2, 2236, 8363F0BCEA7D4D0920DCA52C28BC5B19, , , , 1, 13.460362552
    33, , , , 85, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Renew Session Start] Renew period: 42; Renew retry interval: 7; Robo mode: 0; Cert Expiration: 2014-09-02T14:27:04.00 , 2, 2236, 42, 7, 0, 2014-09-02T14:27:04.00, 1, 13.473019270
    34, , , , 86, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Renew Session End] Success , 1, 2236, , , , , 1, 13.479550156
    35, , , , 88, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Expired Start] Cert Expiration: 2014-09-02T14:27:04.00 , 1, 2236, 2014-09-02T14:27:04.00, , , , 1, 13.482643645
    36, , , , 89, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Expired End] Success , 1, 2236, , , , , 1, 13.484472343
    37, , , , 71, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Enroll End] Success , 2, 2236, , , , , 1, 13.526715260
    38, , , , 74, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Client Certificate Renew Start] emailaddress: NULL; servername: ; password: Given; domainusername: NULL. , 1, 1192, NULL, , Given, NULL, 1, 176.430523906
    39, , , , 77, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Client Certificate Renew Start Error] MDM Client Certificate Renew Start hit error trying to initiate the asynchronous start to enrollment. HRESULT: 0x80070057 , 1, 1192, 0x80070057, , , , 1, 176.430533854

    Adding provisioning xml:

    <wap-provisioningdoc version="1.1">
        <characteristic type="CertificateStore">
            <characteristic type="Root">
                <characteristic type="System">
                    <characteristic type="RootCertHashValue">
                        <parm name="EncodedCertificate" value="Base64EncodedRootCertValue" />
                    </characteristic>
                </characteristic>
            </characteristic>
            <characteristic type="My">
                <characteristic type="User">
                    <characteristic type="UserCertHashValue">
                        <parm name="EncodedCertificate" value="Base64EncodedUserCertValue" />
                    </characteristic>
                    <characteristic type="PrivateKeyContainer" />
                </characteristic>
            </characteristic>
        </characteristic>
        <characteristic type="APPLICATION">
            <parm name="APPID" value="w01600" />
            <parm name="PROVIDER-ID" value="MDMManagementService" />
            <parm name="NAME" value="MDMCloud" />
            <parm name="ADDR" value="http://<my machine ip>:8080/ws/api/wp/synchML" />
            <parm name="CONNRETRYFREQ" value="6" />
            <parm name="INITIALBACKOFFTIME" value="30000" />
            <parm name="MAXBACKOFFTIME" value="120000" />
            <parm name="BACKCOMPATRETRYDISABLED" />
            <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml" />
            <parm name="SSLCLIENTCERTSEARCHCRITERIA"
                value="Subject=CN%3DMDMLocalClientCer&amp;Stores=My%5CUser" />
            <characteristic type="APPAUTH">
                <parm name="AAUTHLEVEL" value="CLIENT" />
                <parm name="AAUTHTYPE" value="DIGEST" />
                <parm name="AAUTHSECRET" value="ClientPass123" />
                <parm name="AAUTHDATA" value="MDAxMTAwMTE=" />
            </characteristic>
            <characteristic type="APPAUTH">
                <parm name="AAUTHLEVEL" value="APPSRV" />
                <parm name="AAUTHTYPE" value="BASIC" />
                <parm name="AAUTHNAME" value="testclient" />
                <parm name="AAUTHSECRET" value="ServerPass123"/>
            </characteristic>
        </characteristic>
        <characteristic type="DMClient">
            <characteristic type="Provider">
                <characteristic type="MDMManagementService">
                    <characteristic type="Poll">
                        <parm name="NumberOfFirstRetries" value="8" datatype="integer" />
                        <parm name="IntervalForFirstSetOfRetries" value="15" datatype="integer" />
                        <parm name="NumberOfSecondRetries" value="5" datatype="integer" />
                        <parm name="IntervalForSecondSetOfRetries" value="3" datatype="integer" />
                        <parm name="NumberOfRemainingScheduledRetries" value="0"
                            datatype="integer" />
                        <parm name="IntervalForRemainingScheduledRetries" value="1560"
                            datatype="integer" />
                    </characteristic>
                    <parm name="EntDeviceName" value="WP8Device"
                        datatype="string" />
                </characteristic>
            </characteristic>
        </characteristic>    
    </wap-provisioningdoc>

    Thanks in advance :)

    Regards,

    Ganesh Shinde

    Monday, September 1, 2014 12:50 PM
  • Hi Eric,

    I am able to resolve above issue(changed <parm name="APPID" value="w7" />). I can see account added successfully message and also hostname and email id in workplace account. But device is only sending CONNECT request to MDM server and no other request is sent.

    Can you please let me know if anything missing or how can I further troubleshoot. Thanks in advance.

    Regards,

    Ganesh Shinde
    Tuesday, September 2, 2014 12:23 PM
  • The OMA DM / SyncML session must be established over SSL (https://...) so your server needs to be configured to support SSL connection.

    The Subject CN of the servers' SSL Certificate must match the host name specified in the ADDR parameter from the initial provisioning.

    If you're using an enterprise CA or self-signed certificate for the servers' SSL certificate then you must configure the root certificate on the device during initial provisioning. 


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Tuesday, September 2, 2014 2:29 PM
    Moderator
  • Hi Eric,

    I have made sure that the last 3 points you mentioned are implemented. Still I am facing issues in initiating SynchML session. After enroll done successfully, device is sending CONNECT request to MDM server and no other request is sent.

    Any other guess from your side? I am not getting any fruitful information in logs as well to troubleshoot.

    Regards,

    Ganesh Shinde

    Friday, September 5, 2014 10:24 AM
  • Are you still using IP address for your server?  ... can you try using fully qualified domain name? 


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Friday, September 5, 2014 6:12 PM
    Moderator
  • Hi Eric,

    I am using IP address in ADDR field of provisioning XML. I do not have server with DNS resolvable domain name for my development. Is it mandatory to give domain name in ADDR field?

    I tried giving domain name of server where webservice to cater synchML request is not present(just to try out domain name suggestion you gave) but device is not sending any request other than CONNECT to that server.

    Also protocol document mentions some Server requirements for OMA DM like:

    1. Secure Sockets Layer (SSL) must be on the OMA DM server, and it must provide server certificate-based authentication, data integrity checking, and data encryption. If the certificate is not issued by a commercial certification authority whose root certificate is preinstalled in the phone, you must provision the company's root certificate in the phone's ROOT store.
    2. To authenticate the client, you must use either Basic or MD5 client authentication at the application level. At the SSL level, use client certificate-based authentication.

    I have implemented this as well. But not sure why device is not sending any SynchML request.

    Adding Device logs for complete enrollment process.

    Device logs:

     

    Line #, Provider Name, Task Name, Opcode Name, Id, Process, Event Name, Message, Cpu, ThreadId, Message (Field 1), Field 2, Field 3, Field 4, Count, Time (s)
    3, , , , 113, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Soap Request Message: <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization">
    <s:header>
    <a:action s:mustunderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rst/wstep</a:action>
    <a:messageid>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:messageid>
    <a:replyto>
    <a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>
    </a:replyto>
    <a:to s:mustunderstand="1">http://10.10.25.151:8080/ws/api/wp/enrollservice</a:to>
    , 0, 1984, <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization">
    <s:header>
    <a:action s:mustunderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rst/wstep</a:action>
    <a:messageid>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:messageid>
    <a:replyto>
    <a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>
    </a:replyto>
    <a:to s:mustunderstand="1">http://10.10.25.151:8080/ws/api/wp/enrollservice</a:to>
    , , , , 1, 10.499925572
    4, , , , 112, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Soap Response Message: <s:envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:header> <action s:mustunderstand="1"> http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rstrc/wstep </action> <a:relatesto>urn:uuid:81a5419a-496b-474f-a627-5cdd33eed8ab </a:relatesto> <o:security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustunderstand="1"> <u:timestamp u:id="_0"> <u:created>2013-08-02t00:32:59.420z</u:created> <u:expires>2015-08-02t00:37:59.420z</u:expires> </u:timestamp> </o:security> </s:header> <s:body> <requestsecuritytokenresponsecollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <requestsecuritytokenresponse> <tokentype> http://schemas.microsoft.com/5.0.0.0/configurationmanager/enrollment/deviceenrollmenttoken </tokentype> <requestedsecuritytoken> , 3, 1984, <s:envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:header> <action s:mustunderstand="1"> http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rstrc/wstep </action> <a:relatesto>urn:uuid:81a5419a-496b-474f-a627-5cdd33eed8ab </a:relatesto> <o:security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustunderstand="1"> <u:timestamp u:id="_0"> <u:created>2013-08-02t00:32:59.420z</u:created> <u:expires>2015-08-02t00:37:59.420z</u:expires> </u:timestamp> </o:security> </s:header> <s:body> <requestsecuritytokenresponsecollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <requestsecuritytokenresponse> <tokentype> http://schemas.microsoft.com/5.0.0.0/configurationmanager/enrollment/deviceenrollmenttoken </tokentype> <requestedsecuritytoken> , , , , 1, 10.615109479
    5, , , , 97, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer] Installing enrollment cert for OMADM session. , 3, 880, , , , , 1, 11.164222968
    6, , , , 96, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer End] Success , 3, 880, , , , , 1, 11.277500104
    7, , , , 95, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer Start] Install cert in app container. , 3, 880, , , , , 1, 11.164180833
    8, , , , 93, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM DMScheduleAdmin End] Success , 0, 3768, , , , , 1, 10.921007968
    9, , , , 92, Unknown, , , , , , , , , 6, 
    10, , , , 91, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM DMScheduleAdmin Start] Commandline: C:\Programs\EnrollmentClient\DMScheduleAdmin.exe /SyncPolling , 0, 3768, C:\Programs\EnrollmentClient\DMScheduleAdmin.exe /SyncPolling, , , , 1, 10.908130000
    11, , , , 89, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Expired End] Success , 1, 1984, , , , , 1, 11.438004791
    12, , , , 88, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Expired Start] Cert Expiration: 2014-10-03T16:29:50.00 , 1, 1984, 2014-10-03T16:29:50.00, , , , 1, 11.436121197
    13, , , , 86, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Renew Session End] Success , 3, 1984, , , , , 1, 11.433884791
    14, , , , 85, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Renew Session Start] Renew period: 42; Renew retry interval: 7; Robo mode: 1; Cert Expiration: 2014-10-03T16:29:50.00 , 1, 1984, 42, 7, 1, 2014-10-03T16:29:50.00, 1, 11.428590625
    15, , , , 84, Unknown, , , , , , , , , 2, 
    16, , , , 82, Unknown, , , , , , , , , 2, 
    17, , , , 72, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Enroll End] Error HRESULT: 0x8018000E , 3, 208, 0x8018000E, , , , 1, 3.309774166
    18, , , , 71, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Enroll End] Success , 1, 1984, , , , , 1, 11.444986302
    19, , , , 70, Unknown, , , , , , , , , 2, 
    20, , , , 65, Unknown, , , , , , , , , 3, 
    21, , , , 57, Unknown, , , , , , , , , 2, 
    22, , , , 56, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Function NCryptOpenKey failed with result (0x80090016). , 3, 1984, NCryptOpenKey, 0x80090016, , , 1, 7.552924843
    23, , , , 55, Unknown, , , , , , , , , 2, 
    24, , , , 54, Unknown, , , , , , , , , 11, 
    25, , , , 42, Unknown, , , , , , , , , 5, 
    26, , , , 38, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Failed to get enrollment policy. Using default policy to enroll. , 3, 208, , , , , 1, 3.298324010
    27, , , , 36, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Generated Exchange Device Id (8363F0BCEA7D4D0920DCA52C28BC5B19). , 1, 1984, 8363F0BCEA7D4D0920DCA52C28BC5B19, , , , 1, 11.416563020
    28, , , , 34, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Skip enrollment policy request. Service data is empty. Default policy parameters will be used. , 3, 1984, , , , , 1, 7.512247343
    29, , , , 30, Unknown, , , , , , , , , 2, 
    30, , , , 28, Unknown, , , , , , , , , 2, 
    31, , , , 26, Unknown, , , , , , , , , 2, 
    32, , , , 15, Unknown, , , , , , , , , 5, 
    33, , , , 14, Unknown, , , , , , , , , 5, 
    34, , , , 11, Unknown, , , , , , , , , 2, 
    35, , , , 8, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Using the default certificate hash algorithm to enroll. , 3, 1984, , , , , 1, 7.512259791
    36, , , , 7, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Enrollment succeeded with server (10.10.25.151). , 3, 1984, 10.10.25.151, , , , 1, 10.615524635
    37, , , , 3, Unknown, , , , , , , , , 2, 
    38, Microsoft-WindowsPhone-EnrollmentUX-Provider, , , , , , , , , , , , , 57, 
    39, , , , 2, Unknown, , , , , , , , , 29, 
    40, , , , 1, Unknown, , , , , , , , , 28, 
    41, Microsoft-WindowsPhone-OmaDm-Client-Provider, , , , , , , , , , , , , 50, 
    42, , , , , , , , , , , , , , 39, 
    43, , , , 307, Unknown, , , , , , , , , 16, 
    44, , , , 275, Unknown, , , , , , , , , 3, 
    45, , , , 219, Unknown, , , , , , , , , 3, 
    46, , , , 238, Unknown, , , , , , , , , 3, 
    47, , , , 240, Unknown, , , , , , , , , 3, 
    48, , , , 294, Unknown, , , , , , , , , 5, 
    49, , , , 255, Unknown, , , , , , , , , 4, 
    50, , , , 249, Unknown, , , , , , , , , 2, 
    51, , TIME_FROM_SESSION_INIT_TO_COMPLETION_MARKER, , , , , , , , , , , , 5, 
    52, , , win:Start, 110, Unknown, , , , , , , , , 3, 
    53, , , win:Stop, 111, Unknown, , , , , , , , , 2, 
    54, , RAM_FROM_SESSION_INIT_TO_COMPLETION_MARKER, , , , , , , , , , , , 6, 
    55, , , win:Start, 108, Unknown, , , , , , , , , 3, 
    56, , , win:Stop, 109, Unknown, , , , , , , , , 3, 
    57, SysConfigEx, SysConfigEx: NetworkInterface, , 0, Unknown, , , , , , , , , 24, 
    58, Microsoft-WindowsPhone-EnrollmentClient-Provider, , , , , , , , , , , , , 4, 
    59, , , , 2, Unknown, Microsoft-WindowsPhone-EnrollmentClient-Provider//, GetCommandLine() = (/o "MDMCloud" /c), lpCmdLine = ("MDMCloud" /c), hr = (0). , 1, 1276, /o "MDMCloud" /c, "MDMCloud" /c, 0, , 1, 53.574193437
    60, , , , 3, Unknown, Microsoft-WindowsPhone-EnrollmentClient-Provider//, OMA-DM session for server (MDMCloud) was started and it returned (0). , 3, 1276, MDMCloud, 0, , , 1, 53.593445625
    61, , , , 1, Unknown, Microsoft-WindowsPhone-EnrollmentClient-Provider//, Enrollment client executable is starting. , 1, 1276, , , , , 1, 53.574154062
    62, , , , 12, Unknown, Microsoft-WindowsPhone-EnrollmentClient-Provider//, Enrollment client executable is finishing with hr = (0). , 3, 1276, 0, , , , 1, 53.593456822

    Any guess from your side? Thanks again in advance :)

    Regards,

    Ganesh Shinde


    Tuesday, September 9, 2014 12:38 PM
  • Issue is resolved for me and I think it was with self signed certificate. For testing, I have created many self signed certificates with same CN and added that in my JVM which I think was creating issue. Issue got resolved when I did fresh setup of DM server on new machine.

    Regards,

    Ganesh Shinde

    • Marked as answer by Ganesh14Shinde Wednesday, September 17, 2014 5:00 AM
    Tuesday, September 16, 2014 2:10 PM
  • Hi Ganesh, Eric, 

    I try to do the same on a Windows Phone 8.1 and I hope you can help me :x I'm testing it on Lumia 532 DualSim device.

    I'm trying to bootstrap the phone via OMA-CP by sending theses informations :

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE characteristic-list PUBLIC "-//WAPFORUM//DTD PROV 1.0//EN" "http://www.wapforum.org/DTD/prov.dtd">
    <wap-provisioningdoc version="1.1">   
    <characteristic type="APPLICATION">      
       <parm name="APPID" value="w7" />      
       <parm name="PROVIDER-ID" value="login" />      
       <parm name="NAME" value="Bootstrap" />      
       <parm name="ADDR" value="http://mydomain/dmomaenabler/dmomaenabler/commands" />      
       <parm name="TO-NAPID" value="operator" />        
       <characteristic type="APPAUTH">         
          <parm name="AAUTHLEVEL" value="APPSRV" />         
          <parm name="AAUTHTYPE" value="BASIC" />         
          <parm name="AAUTHNAME" value="login" />         
          <parm name="AAUTHSECRET" value="******" />      
       </characteristic>      
       <characteristic type="APPAUTH">         
          <parm name="AAUTHLEVEL" value="CLIENT" />             
          <parm name="AAUTHTYPE" value="DIGEST" />         
          <parm name="AAUTHNAME" value="login" />         
          <parm name="AAUTHSECRET" value="******" />         
          <parm name="AAUTHDATA" value="PjBWM10wTSwtMiwxR0QzQQ==" />      
       </characteristic>   
    </characteristic>   
    <characteristic type="NAPDEF">      
       <parm name="NAPID" value="operator" />      
       <parm name="BEARER" value="GSM-GPRS" />      
       <parm name="NAME" value="Bootstrap" />      
       <parm name="NAP-ADDRESS" value="myoperator" />      
       <parm name="NAP-ADDRTYPE" value="APN" />   
    </characteristic>
    </wap-provisioningdoc>

    But it works only after a phone factory reset, and after this, message fails ... and Im not even sure the configuration is written to the phone.

    Then when I try to initiate an OMA DM session between our server and the phone, nothing happens. 

    I have few questions, I would be very thanksful if somebody can answer me :

    1- How do I push a certificate on the phone, because OMA-DM connection seems to be over SSL

    2- Does the OMA CP bootstrap message works As Is on the phone ?

    3- Do you see any step I could miss in my workflow ?

    I have no errors information on the logs provided by Field Medic app in the OMA DM etl, and I see nothing changing in the provisionning content.

    Thank you very much !


    • Edited by DukeFarell Wednesday, April 6, 2016 3:39 PM
    Wednesday, April 6, 2016 3:39 PM