Windows phone 8.1 mdm enrollment failure

Question

Hi,

I am facing issue getting windows phone 8.1 enrolled. Earlier I was facing issue which got solved by putting correct hashcode values in CertificateStore tag in provisioning xml: 

19, , , , 95, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer Start] Install cert in app container. , 3, 1944, , , , , 1, 10.590278958
20, , , , 98, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer] Uninstalling enrollment cert for OMADM session. , 3, 1944, , , , , 1, 10.590302187
21, , , , 96, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer End] Success , 3, 1944, , , , , 1, 10.590373958
22, , , , 72, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Enroll End] Error HRESULT: 0x80070057 , 2, 1428, 0x80070057, , , , 1, 10.637523020
23, SysConfigEx, SysConfigEx: NetworkInterface, , 0, Unknown, , , , , , , , , 24, 


Now facing below exception:

Device log:

22, , , , 56, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Function NCryptOpenKey failed with result (0x80090016). , 1, 3608, NCryptOpenKey, 0x80090016, , , 1, 42.015833645

24, , , , 5, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Data transmission attempt (1) failed with (2147942487). , 1, 3608, 1, 2147942487, , , 1, 45.715726458



Any idea what is going wrong?

Answer 1

Are you doing anything which modifies the public key of the requested client certificate?

The public key of the client certificate in the response must match the public key from the request otherwise it cannot be paired back up with the private key which the device generated when making the request.

---

Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

Answer 2

Thanks for the reply Eric,

I am not modifying the public key in certificate request sent by device. Please have a look at the code below which uses root certificate(self signed certificate i created ) and generated client cert.

Code:

PKCS10CertificationRequest certRequest = getEncodedClientCertPkcsReq(request); // Extracts pkcs#10 certRequest from device request

X509Certificate rootCert = getRootCertificate(); // gets X509Certificate object from self signed certificate stored on my local file system

X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(rootCert.getSubjectX500Principal());
certGen.setNotBefore(new Date(System.currentTimeMillis()));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
certGen.setSubjectDN(new X500Principal("CN=MDMLocalClientCert"));
certGen.setPublicKey(certRequest.getPublicKey());
certGen.setSignatureAlgorithm("SHA1WithRSA");

X509Certificate issuedCert = certGen.generate(getRootPrivateKey());

And then I am embedding root and client certificate objects Base64 encoded data and hash code in provisioning xml by below code:

String hasVal= org.apache.commons.codec.digest.DigestUtils.shaHex(issuedCert.getEncoded());
String base64DataOfCertificate = new String(Base64.encode(issuedCert.getEncoded()));

Anything I am missing or doing wrong step? Thanks again in advance.

Regards,

Ganesh Shinde

Answer 3

Thanks for the reply Eric,

After few changes in provisioning xml file, now I am able to proceed further but getting some errors. Can you please help?

I am able to see "Account added successfully" message on device but its showing "Attention required" messages in blue color in workplace setting. When clicked on "Attention required" messages, it shows screen with read only email address and server  fields, but values of these fields are "none" means values are not set. I can see NULL values for these fields in device logs as well.

Logs:

26, , , , 7, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Enrollment succeeded with server (xx.xx.xx.xxx). , 2, 2236, xx.xx.xx.xxx, , , , 1, 12.188668750
27, , , , 91, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM DMScheduleAdmin Start] Commandline: C:\Programs\EnrollmentClient\DMScheduleAdmin.exe /SyncPolling , 1, 2552, C:\Programs\EnrollmentClient\DMScheduleAdmin.exe /SyncPolling, , , , 1, 12.319045677
28, , , , 93, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM DMScheduleAdmin End] Success , 2, 2552, , , , , 1, 12.332382656
29, , , , 95, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer Start] Install cert in app container. , 2, 2712, , , , , 1, 12.603171927
30, , , , 97, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer] Installing enrollment cert for OMADM session. , 2, 2712, , , , , 1, 12.603213906
31, , , , 96, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer End] Success , 2, 2712, , , , , 1, 12.750669791
32, , , , 36, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Generated Exchange Device Id (8363F0BCEA7D4D0920DCA52C28BC5B19). , 2, 2236, 8363F0BCEA7D4D0920DCA52C28BC5B19, , , , 1, 13.460362552
33, , , , 85, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Renew Session Start] Renew period: 42; Renew retry interval: 7; Robo mode: 0; Cert Expiration: 2014-09-02T14:27:04.00 , 2, 2236, 42, 7, 0, 2014-09-02T14:27:04.00, 1, 13.473019270
34, , , , 86, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Renew Session End] Success , 1, 2236, , , , , 1, 13.479550156
35, , , , 88, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Expired Start] Cert Expiration: 2014-09-02T14:27:04.00 , 1, 2236, 2014-09-02T14:27:04.00, , , , 1, 13.482643645
36, , , , 89, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Expired End] Success , 1, 2236, , , , , 1, 13.484472343
37, , , , 71, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Enroll End] Success , 2, 2236, , , , , 1, 13.526715260
38, , , , 74, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Client Certificate Renew Start] emailaddress: NULL; servername: ; password: Given; domainusername: NULL. , 1, 1192, NULL, , Given, NULL, 1, 176.430523906
39, , , , 77, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Client Certificate Renew Start Error] MDM Client Certificate Renew Start hit error trying to initiate the asynchronous start to enrollment. HRESULT: 0x80070057 , 1, 1192, 0x80070057, , , , 1, 176.430533854

Adding provisioning xml:

<wap-provisioningdoc version="1.1">
    <characteristic type="CertificateStore">
        <characteristic type="Root">
            <characteristic type="System">
                <characteristic type="RootCertHashValue">
                    <parm name="EncodedCertificate" value="Base64EncodedRootCertValue" />
                </characteristic>
            </characteristic>
        </characteristic>
        <characteristic type="My">
            <characteristic type="User">
                <characteristic type="UserCertHashValue">
                    <parm name="EncodedCertificate" value="Base64EncodedUserCertValue" />
                </characteristic>
                <characteristic type="PrivateKeyContainer" />
            </characteristic>
        </characteristic>
    </characteristic>
    <characteristic type="APPLICATION">
        <parm name="APPID" value="w01600" />
        <parm name="PROVIDER-ID" value="MDMManagementService" />
        <parm name="NAME" value="MDMCloud" />
        <parm name="ADDR" value="http://<my machine ip>:8080/ws/api/wp/synchML" />
        <parm name="CONNRETRYFREQ" value="6" />
        <parm name="INITIALBACKOFFTIME" value="30000" />
        <parm name="MAXBACKOFFTIME" value="120000" />
        <parm name="BACKCOMPATRETRYDISABLED" />
        <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml" />
        <parm name="SSLCLIENTCERTSEARCHCRITERIA"
            value="Subject=CN%3DMDMLocalClientCer&amp;Stores=My%5CUser" />
        <characteristic type="APPAUTH">
            <parm name="AAUTHLEVEL" value="CLIENT" />
            <parm name="AAUTHTYPE" value="DIGEST" />
            <parm name="AAUTHSECRET" value="ClientPass123" />
            <parm name="AAUTHDATA" value="MDAxMTAwMTE=" />
        </characteristic>
        <characteristic type="APPAUTH">
            <parm name="AAUTHLEVEL" value="APPSRV" />
            <parm name="AAUTHTYPE" value="BASIC" />
            <parm name="AAUTHNAME" value="testclient" />
            <parm name="AAUTHSECRET" value="ServerPass123"/>
        </characteristic>
    </characteristic>
    <characteristic type="DMClient">
        <characteristic type="Provider">
            <characteristic type="MDMManagementService">
                <characteristic type="Poll">
                    <parm name="NumberOfFirstRetries" value="8" datatype="integer" />
                    <parm name="IntervalForFirstSetOfRetries" value="15" datatype="integer" />
                    <parm name="NumberOfSecondRetries" value="5" datatype="integer" />
                    <parm name="IntervalForSecondSetOfRetries" value="3" datatype="integer" />
                    <parm name="NumberOfRemainingScheduledRetries" value="0"
                        datatype="integer" />
                    <parm name="IntervalForRemainingScheduledRetries" value="1560"
                        datatype="integer" />
                </characteristic>
                <parm name="EntDeviceName" value="WP8Device"
                    datatype="string" />
            </characteristic>
        </characteristic>
    </characteristic>    
</wap-provisioningdoc>

Thanks in advance :)

Regards,

Ganesh Shinde

Answer 4

Hi Eric,

I am able to resolve above issue(changed <parm name="APPID" value="w7" />). I can see account added successfully message and also hostname and email id in workplace account. But device is only sending CONNECT request to MDM server and no other request is sent.

Can you please let me know if anything missing or how can I further troubleshoot. Thanks in advance.

Regards,

Ganesh Shinde

Answer 5

The OMA DM / SyncML session must be established over SSL (https://...) so your server needs to be configured to support SSL connection.

The Subject CN of the servers' SSL Certificate must match the host name specified in the ADDR parameter from the initial provisioning.

If you're using an enterprise CA or self-signed certificate for the servers' SSL certificate then you must configure the root certificate on the device during initial provisioning. 

---

Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

Answer 6

Hi Eric,

I have made sure that the last 3 points you mentioned are implemented. Still I am facing issues in initiating SynchML session. After enroll done successfully, device is sending CONNECT request to MDM server and no other request is sent.

Any other guess from your side? I am not getting any fruitful information in logs as well to troubleshoot.

Regards,

Ganesh Shinde

Answer 7

Are you still using IP address for your server?  ... can you try using fully qualified domain name? 

---

Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

Answer 8

Hi Eric,

I am using IP address in ADDR field of provisioning XML. I do not have server with DNS resolvable domain name for my development. Is it mandatory to give domain name in ADDR field?

I tried giving domain name of server where webservice to cater synchML request is not present(just to try out domain name suggestion you gave) but device is not sending any request other than CONNECT to that server.

Also protocol document mentions some Server requirements for OMA DM like:

1. Secure Sockets Layer (SSL) must be on the OMA DM server, and it must provide server certificate-based authentication, data integrity checking, and data encryption. If the certificate is not issued by a commercial certification authority whose root certificate is preinstalled in the phone, you must provision the company's root certificate in the phone's ROOT store.
2. To authenticate the client, you must use either Basic or MD5 client authentication at the application level. At the SSL level, use client certificate-based authentication.

I have implemented this as well. But not sure why device is not sending any SynchML request.

Adding Device logs for complete enrollment process.

Device logs:

 

Line #, Provider Name, Task Name, Opcode Name, Id, Process, Event Name, Message, Cpu, ThreadId, Message (Field 1), Field 2, Field 3, Field 4, Count, Time (s)
3, , , , 113, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Soap Request Message: <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization">
<s:header>
<a:action s:mustunderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rst/wstep</a:action>
<a:messageid>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:messageid>
<a:replyto>
<a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>
</a:replyto>
<a:to s:mustunderstand="1">http://10.10.25.151:8080/ws/api/wp/enrollservice</a:to>
, 0, 1984, <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization">
<s:header>
<a:action s:mustunderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rst/wstep</a:action>
<a:messageid>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:messageid>
<a:replyto>
<a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>
</a:replyto>
<a:to s:mustunderstand="1">http://10.10.25.151:8080/ws/api/wp/enrollservice</a:to>
, , , , 1, 10.499925572
4, , , , 112, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Soap Response Message: <s:envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:header> <action s:mustunderstand="1"> http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rstrc/wstep </action> <a:relatesto>urn:uuid:81a5419a-496b-474f-a627-5cdd33eed8ab </a:relatesto> <o:security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustunderstand="1"> <u:timestamp u:id="_0"> <u:created>2013-08-02t00:32:59.420z</u:created> <u:expires>2015-08-02t00:37:59.420z</u:expires> </u:timestamp> </o:security> </s:header> <s:body> <requestsecuritytokenresponsecollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <requestsecuritytokenresponse> <tokentype> http://schemas.microsoft.com/5.0.0.0/configurationmanager/enrollment/deviceenrollmenttoken </tokentype> <requestedsecuritytoken> , 3, 1984, <s:envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:header> <action s:mustunderstand="1"> http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rstrc/wstep </action> <a:relatesto>urn:uuid:81a5419a-496b-474f-a627-5cdd33eed8ab </a:relatesto> <o:security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustunderstand="1"> <u:timestamp u:id="_0"> <u:created>2013-08-02t00:32:59.420z</u:created> <u:expires>2015-08-02t00:37:59.420z</u:expires> </u:timestamp> </o:security> </s:header> <s:body> <requestsecuritytokenresponsecollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <requestsecuritytokenresponse> <tokentype> http://schemas.microsoft.com/5.0.0.0/configurationmanager/enrollment/deviceenrollmenttoken </tokentype> <requestedsecuritytoken> , , , , 1, 10.615109479
5, , , , 97, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer] Installing enrollment cert for OMADM session. , 3, 880, , , , , 1, 11.164222968
6, , , , 96, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer End] Success , 3, 880, , , , , 1, 11.277500104
7, , , , 95, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Cert Installer Start] Install cert in app container. , 3, 880, , , , , 1, 11.164180833
8, , , , 93, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM DMScheduleAdmin End] Success , 0, 3768, , , , , 1, 10.921007968
9, , , , 92, Unknown, , , , , , , , , 6, 
10, , , , 91, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM DMScheduleAdmin Start] Commandline: C:\Programs\EnrollmentClient\DMScheduleAdmin.exe /SyncPolling , 0, 3768, C:\Programs\EnrollmentClient\DMScheduleAdmin.exe /SyncPolling, , , , 1, 10.908130000
11, , , , 89, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Expired End] Success , 1, 1984, , , , , 1, 11.438004791
12, , , , 88, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Expired Start] Cert Expiration: 2014-10-03T16:29:50.00 , 1, 1984, 2014-10-03T16:29:50.00, , , , 1, 11.436121197
13, , , , 86, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Renew Session End] Success , 3, 1984, , , , , 1, 11.433884791
14, , , , 85, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Schedule Enrollment Cert Renew Session Start] Renew period: 42; Renew retry interval: 7; Robo mode: 1; Cert Expiration: 2014-10-03T16:29:50.00 , 1, 1984, 42, 7, 1, 2014-10-03T16:29:50.00, 1, 11.428590625
15, , , , 84, Unknown, , , , , , , , , 2, 
16, , , , 82, Unknown, , , , , , , , , 2, 
17, , , , 72, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Enroll End] Error HRESULT: 0x8018000E , 3, 208, 0x8018000E, , , , 1, 3.309774166
18, , , , 71, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Enroll End] Success , 1, 1984, , , , , 1, 11.444986302
19, , , , 70, Unknown, , , , , , , , , 2, 
20, , , , 65, Unknown, , , , , , , , , 3, 
21, , , , 57, Unknown, , , , , , , , , 2, 
22, , , , 56, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Function NCryptOpenKey failed with result (0x80090016). , 3, 1984, NCryptOpenKey, 0x80090016, , , 1, 7.552924843
23, , , , 55, Unknown, , , , , , , , , 2, 
24, , , , 54, Unknown, , , , , , , , , 11, 
25, , , , 42, Unknown, , , , , , , , , 5, 
26, , , , 38, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Failed to get enrollment policy. Using default policy to enroll. , 3, 208, , , , , 1, 3.298324010
27, , , , 36, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Generated Exchange Device Id (8363F0BCEA7D4D0920DCA52C28BC5B19). , 1, 1984, 8363F0BCEA7D4D0920DCA52C28BC5B19, , , , 1, 11.416563020
28, , , , 34, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Skip enrollment policy request. Service data is empty. Default policy parameters will be used. , 3, 1984, , , , , 1, 7.512247343
29, , , , 30, Unknown, , , , , , , , , 2, 
30, , , , 28, Unknown, , , , , , , , , 2, 
31, , , , 26, Unknown, , , , , , , , , 2, 
32, , , , 15, Unknown, , , , , , , , , 5, 
33, , , , 14, Unknown, , , , , , , , , 5, 
34, , , , 11, Unknown, , , , , , , , , 2, 
35, , , , 8, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Using the default certificate hash algorithm to enroll. , 3, 1984, , , , , 1, 7.512259791
36, , , , 7, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Enrollment succeeded with server (10.10.25.151). , 3, 1984, 10.10.25.151, , , , 1, 10.615524635
37, , , , 3, Unknown, , , , , , , , , 2, 
38, Microsoft-WindowsPhone-EnrollmentUX-Provider, , , , , , , , , , , , , 57, 
39, , , , 2, Unknown, , , , , , , , , 29, 
40, , , , 1, Unknown, , , , , , , , , 28, 
41, Microsoft-WindowsPhone-OmaDm-Client-Provider, , , , , , , , , , , , , 50, 
42, , , , , , , , , , , , , , 39, 
43, , , , 307, Unknown, , , , , , , , , 16, 
44, , , , 275, Unknown, , , , , , , , , 3, 
45, , , , 219, Unknown, , , , , , , , , 3, 
46, , , , 238, Unknown, , , , , , , , , 3, 
47, , , , 240, Unknown, , , , , , , , , 3, 
48, , , , 294, Unknown, , , , , , , , , 5, 
49, , , , 255, Unknown, , , , , , , , , 4, 
50, , , , 249, Unknown, , , , , , , , , 2, 
51, , TIME_FROM_SESSION_INIT_TO_COMPLETION_MARKER, , , , , , , , , , , , 5, 
52, , , win:Start, 110, Unknown, , , , , , , , , 3, 
53, , , win:Stop, 111, Unknown, , , , , , , , , 2, 
54, , RAM_FROM_SESSION_INIT_TO_COMPLETION_MARKER, , , , , , , , , , , , 6, 
55, , , win:Start, 108, Unknown, , , , , , , , , 3, 
56, , , win:Stop, 109, Unknown, , , , , , , , , 3, 
57, SysConfigEx, SysConfigEx: NetworkInterface, , 0, Unknown, , , , , , , , , 24, 
58, Microsoft-WindowsPhone-EnrollmentClient-Provider, , , , , , , , , , , , , 4, 
59, , , , 2, Unknown, Microsoft-WindowsPhone-EnrollmentClient-Provider//, GetCommandLine() = (/o "MDMCloud" /c), lpCmdLine = ("MDMCloud" /c), hr = (0). , 1, 1276, /o "MDMCloud" /c, "MDMCloud" /c, 0, , 1, 53.574193437
60, , , , 3, Unknown, Microsoft-WindowsPhone-EnrollmentClient-Provider//, OMA-DM session for server (MDMCloud) was started and it returned (0). , 3, 1276, MDMCloud, 0, , , 1, 53.593445625
61, , , , 1, Unknown, Microsoft-WindowsPhone-EnrollmentClient-Provider//, Enrollment client executable is starting. , 1, 1276, , , , , 1, 53.574154062
62, , , , 12, Unknown, Microsoft-WindowsPhone-EnrollmentClient-Provider//, Enrollment client executable is finishing with hr = (0). , 3, 1276, 0, , , , 1, 53.593456822

Any guess from your side? Thanks again in advance :)

Regards,

Ganesh Shinde

Answer 9

Issue is resolved for me and I think it was with self signed certificate. For testing, I have created many self signed certificates with same CN and added that in my JVM which I think was creating issue. Issue got resolved when I did fresh setup of DM server on new machine.

Regards,

Ganesh Shinde

Answer 10

Hi Ganesh, Eric, 

I try to do the same on a Windows Phone 8.1 and I hope you can help me :x I'm testing it on Lumia 532 DualSim device.

I'm trying to bootstrap the phone via OMA-CP by sending theses informations :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE characteristic-list PUBLIC "-//WAPFORUM//DTD PROV 1.0//EN" "http://www.wapforum.org/DTD/prov.dtd">
<wap-provisioningdoc version="1.1">   
<characteristic type="APPLICATION">      
   <parm name="APPID" value="w7" />      
   <parm name="PROVIDER-ID" value="login" />      
   <parm name="NAME" value="Bootstrap" />      
   <parm name="ADDR" value="http://mydomain/dmomaenabler/dmomaenabler/commands" />      
   <parm name="TO-NAPID" value="operator" />        
   <characteristic type="APPAUTH">         
      <parm name="AAUTHLEVEL" value="APPSRV" />         
      <parm name="AAUTHTYPE" value="BASIC" />         
      <parm name="AAUTHNAME" value="login" />         
      <parm name="AAUTHSECRET" value="******" />      
   </characteristic>      
   <characteristic type="APPAUTH">         
      <parm name="AAUTHLEVEL" value="CLIENT" />             
      <parm name="AAUTHTYPE" value="DIGEST" />         
      <parm name="AAUTHNAME" value="login" />         
      <parm name="AAUTHSECRET" value="******" />         
      <parm name="AAUTHDATA" value="PjBWM10wTSwtMiwxR0QzQQ==" />      
   </characteristic>   
</characteristic>   
<characteristic type="NAPDEF">      
   <parm name="NAPID" value="operator" />      
   <parm name="BEARER" value="GSM-GPRS" />      
   <parm name="NAME" value="Bootstrap" />      
   <parm name="NAP-ADDRESS" value="myoperator" />      
   <parm name="NAP-ADDRTYPE" value="APN" />   
</characteristic>
</wap-provisioningdoc>

But it works only after a phone factory reset, and after this, message fails ... and Im not even sure the configuration is written to the phone.

Then when I try to initiate an OMA DM session between our server and the phone, nothing happens. 

I have few questions, I would be very thanksful if somebody can answer me :

1- How do I push a certificate on the phone, because OMA-DM connection seems to be over SSL

2- Does the OMA CP bootstrap message works As Is on the phone ?

3- Do you see any step I could miss in my workflow ?

I have no errors information on the logs provided by Field Medic app in the OMA DM etl, and I see nothing changing in the provisionning content.

Thank you very much !