none
Windows Phone 8.1 MDM Implementation : Certificate enrollment issue RRS feed

  • Question

  • I am working on windows phone enrollment. Currently stuck at certificate enrollment. I am using JAVA for this.

    I am getting below error in logs :

    5, , , , 56, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Function NCryptOpenKey failed with result (0x80090016). , 2, 1480, NCryptOpenKey, 0x80090016, , , 1, 1.798817395
    16, , , , 113, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Soap Request Message: <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization">
        <s:header>
            <a:action s:mustunderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rst/wstep</a:action>
            <a:messageid>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:messageid>
            <a:replyto>
                <a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>
            </a:replyto>
            <a:to s:mustunderstand="1">http://10.10.25.151:8080/ws/api/wp/enrollservice</a:to>
             , 3, 1480, <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization">
        <s:header>
            <a:action s:mustunderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rst/wstep</a:action>
            <a:messageid>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:messageid>
            <a:replyto>
                <a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>
            </a:replyto>
            <a:to s:mustunderstand="1">http://10.10.25.151:8080/ws/api/wp/enrollservice</a:to>
            , , , , 1, 3.952185989
    17, , , , 5, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Data transmission attempt (1) failed with (2147942487). , 3, 1480, 1, 2147942487, , , 1, 4.278878750
    18, , , , 72, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Enroll End] Error HRESULT: 0x80070057 , 2, 1480, 0x80070057, , , , 1, 4.305893333

    From error code value 0x80070057, it seems that some value is wrong in response that I am sending to device. But, not able to identify it.

    Can you please have a look over the provisioning xml given below and provide some solution for above error?

    Also, can you please guide me for how to process the PKCS#10 certificate request got from device and send proper certificate enrollment response to device?

    Thanks in advance..

    Provisioning XML:

    <wap-provisioningdoc version="1.1">
    <characteristic type="CertificateStore">
       <characteristic type="Root">
    <characteristic type="System">
    <characteristic type="031336C933CC7E228B88880D78824FB2909A0A2F">">
    <parm name="EncodedCertificate" value="Base64 Encoded self signed certificate" />
    </characteristic>
    </characteristic>
    </characteristic>
    <characteristic type="My">
    <characteristic type="User">
    <characteristic type="F9A4F20FC50D990FDD0E3DB9AFCBF401818D5462">">
    <parm name="EncodedCertificate" value="Base64 Encoded client certificate generated on the fly" />
    </characteristic>
    <characteristic type="PrivateKeyContainer" />
    </characteristic>
    </characteristic>
    </characteristic>
    <characteristic type="APPLICATION">
    <parm name="APPID" value="w7" />
    <parm name="PROVIDER-ID" value="MDMServer" />
    <parm name="NAME" value="Test" />
    <parm name="ADDR" value="http://localhost:8080/ws/api/wp/synchML" />
    <parm name="CONNRETRYFREQ" value="6" />
    <parm name="INITIALBACKOFFTIME" value="30000" />
    <parm name="MAXBACKOFFTIME" value="120000" />
    <parm name="BACKCOMPATRETRYDISABLED" />
    <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml" />
    <parm name="SSLCLIENTCERTSEARCHCRITERIA"
    value="Subject=MDMLocalClientCert&amp;Stores=MY%5CUser" />
    <characteristic type="APPAUTH">
    <parm name="AAUTHLEVEL" value="CLIENT" />
    <parm name="AAUTHTYPE" value="DIGEST" />
    <parm name="AAUTHSECRET" value="dummy" />
    <parm name="AAUTHDATA" value="nonce" />
    </characteristic>
    <characteristic type="APPAUTH">
    <parm name="AAUTHLEVEL" value="APPSRV" />
    <parm name="AAUTHTYPE" value="DIGEST" />
    <parm name="AAUTHNAME" value="dummy" />
    <parm name="AAUTHSECRET" value="dummy"/>
    <parm name="AAUTHDATA" value="nonce" />
    </characteristic>
    </characteristic>
    <characteristic type="DMClient"> 
    <characteristic type="Provider">
    <characteristic type="MDMServer">
    <characteristic type="Poll">
    <parm name="NumberOfFirstRetries" value="8" datatype="integer" />
    <parm name="IntervalForFirstSetOfRetries" value="15" datatype="integer" />
    <parm name="NumberOfSecondRetries" value="5" datatype="integer" />
    <parm name="IntervalForSecondSetOfRetries" value="3" datatype="integer" />
    <parm name="NumberOfRemainingScheduledRetries" value="0"
    datatype="integer" />
    <parm name="IntervalForRemainingScheduledRetries" value="1560"
    datatype="integer" />
    </characteristic>
    <parm name="EntDeviceName" value="WP8Device"
    datatype="string" />
    </characteristic>
    </characteristic>
    </characteristic>
    </wap-provisioningdoc>
    Wednesday, August 27, 2014 12:40 PM

All replies