I have EMM 10.1.2 in dual (internal and external) server setup. Only iOS devices are failing. I have ran the deployment tool and MDM passes but non-MDM fails.
All iOS devices are on 5.x to 5.1.1. The errors on both servers in the McAfee emm software logs are errors with activesnyc and the user/device. I do not know when this started exactly. I was passed this on a few months ago. We were on 9.x emm, went to 10.0. Then I updated to 10.1, few months after 10.1.1 and then right to 10.1.2.
So when I found out about the ios devices not recieving exchange updates (email, calendar, contacts). I created a new test policy with almost no settings. Had the IT person delete profiles on each device, I deleted the user from help desk, deleted and recreated user in new AD group, remove EMM from phone, reinstall emm and re-join to EMM. The phone would take initial updates then after that not.
In deployment help tool I get an error on external server:
reach emm hub server - unable to reach http://hubserver.org/emmhub/about.aspx due to remote server returned an error: 403 forbidden
- I go to the proxy server, type that into the browser, I get a webpage with cert error. Click continue and it goes through, but changes to https://
The other error is with non-MDM cannot connect to server gateway.push.apple.com port 2195 and 2196. But MDM works. If I use MDM does it still use non-mdm cert? I have the ports open both outbound and inbound on firewall between external proxy server and internet. The external server does have a private ip that is NAT'd to get to the outside.
Does there need to be a cert created between the internal and external servers? I am lost with this and have a SR open with McAfee but figured I would post here incase anyone else ran into this as well. Everyone that is important has an iOS device and is not happy they cannot get exchange info.....
You do not need to worry about non-mdm unless you are using iOS 3.x devices.
What version of 9.x were you on exactly and what version did you upgrade to from there?
Please post the specific errors and which server they are found on from the event logs.
Did you install the proxy server after the hub server? you must install the hub first.
On the device under settings/general/profiles, how many profiles are installed and what are thier names?
What happens if you navigate to the self service portal i.e. https://emm.company.com/emmportal from a pc from the internet? Are you able to log in?
1. ok good just wanted to make sure
2. I just asked the guy that installed EMM and I was wrong. We started at 10.0.1. He went to 10.1. Then I took it over. I brought it to 10.1.1 Then after a month to 10.1.2.
3. Yes I have pictures to upload for external and internal errors.
4. I always installed on internal hub server first, then proxy external. What happens if you install it the other way?
5. There are two.
Mobile Device Management
6. I go there and get "This user is invald. Please try again". I use the same credentials when logging in (on internal network) to the hub console web gui no issue.
This is actually affecting all iOS devices in EMM. But my test ipad seems to get email and contacts syncing correctly. But not the calendar. We are running exchange 2003. My test ipad does not show as many errors from #3 above, as the iphone users having issues. When provisioning a phone all the stuff sync's at that time, but then not again it seems. I'm waiting for an IT contact to ask some of his users on what is syncing and what is not...Message was edited by: northvibe on 9/14/12 9:54:35 AM CDT
3) First off, be aware that EMM has a lot of errors and warnings... It's just a part of being an EAS proxy i guess because there are so many connection errors and timeouts and such that are inherant to mobile device connectivity.
External: This is a normal warning and they can be safely ignored. The iOS devicewill send periodic “ping” requests to keep the connection alive, and exchangewill ignore the majority of them.
Internal: They just mean the device failed to complete MDM check inand it continues to try for sometime, unsuccessfully. Reason why the devicecould not check in will vary and it may have been some issue that eventuallywent away such as lack of connectivity or being powered off. If this is happening to all of your devices then it may indicate a server problem, if it's happening to only 1 or a handful it will be issues with the devices.
5) that is as it should be.
6) You should be able to log in with your credentials. The fact that you can't is probably related to the issue. Are users enabled for activesync in exchange?
Can you log into the external server and verify that "SSL Settings" on default site are set to uncheck "require ssl" and ignore, EMMDeviceGateway are uncheck and ignore, EMMPortal are uncheck and ignore, M-S-ActiveSync are require and ignore, P-S-ActiveSync are require and ignore, TDEntWeb are uncheck and ignore, T-C-ActiveSync are require and ignore, and T-S-ActiveSync are require and accept.
You may want to consider just doing a reinstall of the proxy server. It wont hurt anything and will potentially reset any messed up settings.
You might also look through your EAS provy logs here C:\inetpub\logs\LogFiles\W3SVC1 and your active sync logs on the mail server for any indication of problems.Message was edited by: mat.kordell on 9/14/12 11:08:01 AM CDT
3. thanks. Yeah I have run the BES for years and...if there aren't errors, then theres an issue Didn't know this was the case for EMM as well. All ios devices are throwing the activesync errors though.....
6. Yeah when you asked that and I could not...figured there was an issue. I think I verifed on the network, that between proxy and hub, ports 80 and 443 were allowed. Is some cert or anything else needed? From proxy I can get to the web inerface for the hub, but get the cert error and have to click continue.
I am going to go through and check the #6 things you have brought up. Reinstall 10.1 again then upgrade to 10.1.2?
Thank you soooo much for the help. I really appreciate it. I have a SR but they are still looking at logs and with pissed off people I want to be working on something for this to get fixed. They had me run a MED(?) which grabbed a handful of things, maybe it grabbed the EAS proxy logs, but I can read them myself.
MS server activesync
Proxy server Activesync
TrustDigital certless activesync
Trustdigital server activesync
Support had me upgrade hub and proxy to 10.1.3. After update (no reboot needed). I went on test ipad, opened EMM and updated config. So far my calendar is sync'ing now. Added events, removed, showed up on pc desktop and ipad. This is good. BUT we had this work when first provisioned then it would fail after a day or so. We shall see how this goes.
Do you have the ports open between the proxy and aes server? If you look in the install guide it will specify the ports but I think it's just 443. Anyway the proxy actually communicates directly with the aes server.