none
Error on device enrollment with federated enrollment used RRS feed

  • Question

  • Hi, 

    We are developing windows mdm solution. We are trying to use federated enrollment. Currently device enrollment gives error after authentication process. Shown error was "There was a problem configuring your device (0x80090015). In windows event log under "DeviceManagement-Enterprise-Diagnostics-Provider" last successful operation says "MDM Enroll: OMA-DM client configuration succeeds".

    After that it gives the following error: "MDM Enroll: Client failed to set up the manual MDM client certificate renewal schedule. Result: (Provider's public key is invalid.).".

    We double check that sent certificate's public key is matching the csr's public key.

    Please help, because there is very little information and none of them helps to solve our problem.

    csr request that client sends to server was: MIICzjCCAboCAQAwSzFJMEcGA1UEAxNAMERBNkZGQjMtN0M1MC00QTQ1LUFFMDYtNDEyQjFBITA1MzVBNkM2NjAwMDVDNDE5RDE3QkMxOTUzMjBEMTc1ADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvrkVuiq5WWgNch9pujU/7rkI1ejOt+0eN9X5yl3zG++6xyUFXhv3q6dCmk8t0R02pnufjJ6ToxV9nEl0+mVGuv96o7shihJUwP6x6V38xoRaw52XIHpCdOrIMBnXMaiglaHqm837W4P2DNQ+BRf6N9af3Bnk3/KDJ0T7vsejRQ8cQtSj6esMaH9dKscDz7UsmkozfOqvugDfktXnApDqwA4nrdfe9/SZb1GZ/347BCTWAehz6q/crmJemZyuwGX+I0Rg5ivNp30aGSfBo9m2wXq1g96wB0m5TS/PZVXdOw8UiPsKptuw4KqE7T3ot4U3Ae3fEHpFVd3fVkRDUn7bUCAwEAAaBCMEAGCSqGSIb3DQEJDjEzMDEwLwYKKwYBBAGCN0IBAAQhMDUzNUE2QzY2MDAwNUM0MTlEMTdCQzE5NTMyMEQxNzUAMAkGBSsOAwIdBQADggEBAAqBxut4xM/xUSJa0rIFCF37FbAwZtSh0nmb0MIkjmnofwsq4QmJyWcVDJjQHxi8tIhMqb5UBRfru6DZFoDZNW6TIgyS5bW2pnbJMPh2nuL4vQcA88lcHXsvSXuKcb6DYrBNlBtLpPLrI+zsTLCLdJCSleNsaobLDJNtct0PnHkLReSx3B++aqAWjF3nm3ZisZ/rPeCe/G54f98SplJ8tLVpmm4k0Nyiv16rvBGRzTmV4EfQRJn+0ucxy/uRMEcUsThDDLx+zyYW42nrxTIqUBRe5j4qMmAVAplkT3pJ7rx/3k98on6+K6XpRw8I05ld4Mzbgr+c9iFOdpjRAanx1nI=

    Below is the wap provisioning xml that we sent to device in that step.

    <?xml version="1.0" encoding="UTF-8" standalone="no"?>

    <wap-provisioningdoc version="1.1">
    <characteristic type="CertificateStore">
    <characteristic type="Root">
    <characteristic type="System">
    <characteristic type="68AB95B4F6E80B48CFE6D65C0925C7E0F48D3BE2">
    <parm name="EncodedCertificate" value="...cleared certificate that signs client certificate..."/>
    </characteristic>
    </characteristic>
    </characteristic>
    </characteristic>
    <characteristic type="CertificateStore">
    <characteristic type="My">      
    <characteristic type="User">
    <characteristic type="08DABB457E6E92EC7470C909BC10099587A2BBD7">
    <parm name="EncodedCertificate" value="MIIDbjCCAlagAwIBAgIGAWnPlV+FMA0GCSqGSIb3DQEBCwUAMGMxDjAMBgNVBAMMBUNhbmFuMQ0wCwYDVQQLDARTb2Z0MQ8wDQYDVQQKDAZMaW1yYWQxDzANBgNVBAcMBkFua2FyYTETMBEGA1UECAwKU29tZS1TdGF0ZTELMAkGA1UEBhMCVFIwIBcNMTkwMzI4MTcxMTA2WhgPMjExOTAzMzAxNjExMDZaMEsxSTBHBgNVBAMTQDBEQTZGRkIzLTdDNTAtNEE0NS1BRTA2LTQxMkIxQSEwNTM1QTZDNjYwMDA1QzQxOUQxN0JDMTk1MzIwRDE3NQAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC765FboquVloDXIfabo1P+65CNXozrftHjfV+cpd8xvvusclBV4b96unQppPLdEdNqZ7n4yek6MVfZxJdPplRrr/eqO7IYoSVMD+seld/MaEWsOdlyB6QnTqyDAZ1zGooJWh6pvN+1uD9gzUPgUX+jfWn9wZ5N/ygydE+77Ho0UPHELUo+nrDGh/XSrHA8+1LJpKM3zqr7oA35LV5wKQ6sAOJ63X3vf0mW9Rmf9+OwQk1gHoc+qv3K5iXpmcrsBl/iNEYOYrzad9GhknwaPZtsF6tYPesAdJuU0vz2VV3TsPFIj7CqbbsOCqhO096LeFNwHt3xB6RVXd31ZEQ1J+21AgMBAAGjPjA8MA4GA1UdDwEB/wQEAwIFoDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUFBwMQMA0GCSqGSIb3DQEBCwUAA4IBAQCU9AJv4V3wCtW9/2w/B5wBuAOZhATEvLq/tSfSIAviIqRBSnBR8lmN8M14nuva3lAuNx3IiNYma4JiQLJ148lIDDQB2EPnJ5Ts+liod77sfZrSOg7Hn/2irRtMjta3kirrIGVxYJAcZzxDxPUfYb0Y7/tuRJM/9Flv2szd3yA8kpRY8hsxMxVUlGsm/9yNwQ6SYEikBJlG38/eRu+gQDC2VhxQPiFlAE19sjKHLBMO48KHF4ycX2V3OBzURg0EGurMD2yGsYC4Rpym6w78Ssc75SPk03NWwfGMcwVXipTq9geGpIpY07szUMEQajXmYAUPkofxSyBqG7PM7/cuG9pq"/>
    </characteristic>
    <characteristic type="PrivateKeyContainer"/> 
    </characteristic>
    <characteristic type="WSTEP">
    <characteristic type="Renew">
    <parm datatype="boolean" name="ROBOSupport" value="false"/>
    <parm datatype="integer" name="RenewPeriod" value="60"/>
    <parm datatype="integer" name="RetryInterval" value="4"/>
    </characteristic>
    </characteristic>
    </characteristic>
    </characteristic>
    <characteristic type="APPLICATION">
    <parm name="APPID" value="w7"/>
    <parm name="PROVIDER-ID" value="LimradMdm"/>
    <parm name="NAME" value="b.c"/>
    <parm name="ADDR" value="https://limrad.com:8443/limgate/admin/emm/windows/Enrollment"/>
    <parm name="CONNRETRYFREQ" value="6"/>
    <parm name="INITIALBACKOFFTIME" value="30000"/>
    <parm name="MAXBACKOFFTIME" value="120000"/>
    <parm name="BACKCOMPATRETRYDISABLED"/>
    <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml"/>
    <parm name="SSLCLIENTCERTSEARCHCRITERIA" value="Subject=CN%3D0DA6FFB3-7C50-4A45-AE06-412B1A!0535A6C660005C419D17BC195320D175&amp;Stores=My%5CUser"/>
    <characteristic type="APPAUTH">
    <parm name="AAUTHLEVEL" value="CLIENT"/>
    <parm name="AAUTHTYPE" value="DIGEST"/>
    <parm name="AAUTHSECRET" value="password1"/>
    <parm name="AAUTHDATA" value="QmluYXJ5Tm9uY2U="/>
    </characteristic>
    <characteristic type="APPAUTH">
    <parm name="AAUTHLEVEL" value="APPSRV"/>
    <parm name="AAUTHTYPE" value="BASIC"/>
    <parm name="AAUTHNAME" value="admin"/>
    <parm name="AAUTHSECRET" value="limrad"/>
    </characteristic>
    </characteristic>
    <characteristic type="DMClient">
    <characteristic type="Provider">
    <!-- ProviderID in DMClient CSP must match to PROVIDER-ID in w7 APPLICATION characteristics -->
    <characteristic type="LimradMdm">
    <parm datatype="string" name="UPN" value="test@okta1.com"/> 
    <characteristic type="Poll">
    <parm datatype="integer" name="NumberOfFirstRetries" value="8"/>
    <parm datatype="integer" name="IntervalForFirstSetOfRetries" value="15"/>
    <parm datatype="integer" name="NumberOfSecondRetries" value="5"/>
    <parm datatype="integer" name="IntervalForSecondSetOfRetries" value="3"/>
    <parm datatype="integer" name="NumberOfRemainingScheduledRetries" value="0"/>
    <parm datatype="integer" name="IntervalForRemainingScheduledRetries" value="1560"/>
    <parm datatype="boolean" name="PollOnLogin" value="true"/>
    </characteristic>
    <parm datatype="string" name="EntDeviceName" value="DESKTOP-C25O6HM"/>
    </characteristic>
    </characteristic>
    </characteristic>
    </wap-provisioningdoc>

    Saturday, March 30, 2019 5:21 PM