Issue
- ESMC MDM 7.2 management for iOS devices no longer supports IP based certificates
iOS Issue Only
This issue does not affect Android-only mobile device management (MDM).
For Android-only management, disable the Send iOS related application statuses setting in the ESET Mobile Device Connector Policy.
Details
Due to Apple certificate requirements for iOS management certificate, as of ESMC MDM 7.2, it is no longer possible to use IP based certificate for iOS management.
Upgrade MDM component to the latest version
To ensure your MDM component continues to function properly, we recommend you upgrade to ESMC version 7.2.11.3 by November 1, 2020. Click here for more information on the Apple Push Notification service (APNs) policy.
Solution
Before upgrading to ESMC MDM to version 7.2
Verify that your MDM HTTPS certificate is not IP-based (certificate is not issued to the IP address of the MDM server).
Verify that your MDM HTTPS certificate meets the Apple certificate requirements.
If your MDM HTTPS certificate does not meet the requirements described above, you will first need to obtain a certificate that meets the Apple certificate requirements, and then continue with a manual uninstallation of your ESMC MDM and then installation of ESMC MDM version 7.2.
If both of these requirements are confirmed, continue by uninstalling your ESMC MDM using the following instructions:
Start by uninstalling your ESMC MDM component.
During the uninstallation process select the option to keep the database.
When the uninstallation process is finished you can install the new ESMC MDM 7.2 and connect to your existing database.
- Download the standalone installer for ESMC MDM 7.2 from the ESET download website.
NOTE:
If your MDM is running on MDM Virtual Appliance, you need to download ESMC MDM VA version 7.2 and continue from step 6.
- Execute the installer on the machine that was is running your ESMC MDM.
- During the installation procedure, change the MDM Hostname to a DNS entry of the machine that was running the ESMC MDM. (This DNS entry must match the address the certificate is issued for).
- In the HTTPS certificate field, enter the new certificate you acquired.
- Continue by connection to your existing MDM database.
- Finish the installation process.
- Restart the MDM server.
Open ESET Security Management Web Console (ESMC Web Console) in your web browser and log in.
- Navigate to Policies → ESET Mobile Device Connector and select your existing ESET MDM policy.
- Select Edit on your existing MDC policy, and change the current HTTPS certificate to the new one you used during the installation process. Set the Force certificate change on the date to your current date.
- Select Force from the settings flag and click Finish.
- Navigate to the Computers screen.
- Re-enroll all your mobile devices.
- Navigate to Mobile Devices Dynamic group.
- Click the check box next to Select All.
- Navigate to Actions → Mobile → Re-enroll → Multiple devices via email.
- Once all the devices are re-enrolled, continue the mobile device management as usual.
If you have already upgraded to ESMC MDM 7.2 and your mobile devices are not connecting
Verify that your MDM HTTPS certificate is not IP-based (certificate is not issued to the IP address of the MDM server).
Verify that your MDM HTTPS certificate meets the Apple certificate requirements.
If both of these are confirmed and your mobile devices are still not connecting, contact ESET Customer support.
If your MDM HTTPS certificate does not meet the requirements described above, you will first need to obtain a certificate that meets the Apple certificate requirements, and then continue with a manual uninstallation od your ESMC MDM and then installation of ESMC MDM 7.2.
Start by uninstalling your ESMC MDM component.
During the uninstallation process select the option to keep the database.
When the uninstallation process is finished you can install the new ESMC MDM 7.2 and connect to your existing database.
- Download the standalone installer for ESMC MDM 7.2 from the ESET download website.
NOTE:
If your MDM is running on MDM Virtual Appliance, you need to download ESMC MDM VA version 7.2 and continue from step 7.
- Execute the installer on the machine that was running your ESMC MDM.
- During the installation procedure, change the MDM Hostname to a DNS entry of the machine that was running the ESMC MDM. (This DNS entry must match the address the certificate is issued for).
- In the HTTPS certificate field, enter the new certificate you acquired.
- Continue by connection to your existing MDM database.
- Finish the installation process.
- Restart the MDM server.
Open ESET Security Management Web Console (ESMC Web Console) in your web browser and log in.
- Navigate to Policies → ESET Mobile Device Connector and select your existing ESET MDM policy.
- Select Edit on your existing MDC policy, and change the current HTTPS certificate to the new one you used during the installation process. Set the Force certificate change on the date to your current date.
- Select Force from the settings flag and click Finish.
- Navigate to the Computers screen.
- Re-enroll all your mobile devices.
- Navigate to Mobile Devices Dynamic group.
- Click the check box next to Select All.
- Navigate to Actions → Mobile → Re-enroll → Multiple devices via email.
- Once all the devices are re-enrolled, continue the mobile device management as usual.
Add a comment
Please log in or register to submit a comment.