cancel
Showing results for 
Search instead for 
Did you mean: 

Afaria Custom Client for Windows Phone 8.1 Devices

Former Member
0 Kudos

Hello,

6 Months Ago, I created successfully the windows Phone 8 Afaria Custom Client.

Is it also possible to create this Afaria client for windows phone 8.1?

I tried to create it in the same way like the custom Client for Windows Phone 8. But I get an error.

After Troubleshooting I saw that the command .\BuildMDILXap.ps1 is not available in "C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.1\Tools\MDILXAPCompile".

I could not find a updated documentation about it.

The reason why I want to update the client is that on wp 8.1 devices the afaria custom client dont get the correct server information anymore.

Is there any  known issue about that? If I have a look into the settings of the client I see the correct enrollment server but no package server...

Thank you and best regards

Michael

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hello,

I created a new client now.

Unfortunately I get the same error like above.

I think something is wrong with the ssl certificate. Can you guys please help me here?

Otherwise I will raise a ticket tomorrow.

BR

Michael

Former Member
0 Kudos

Hi Michael,


In regards to you not being able to see the "Freshest CRL" field-- You should be able to find the Freshest CRL field by navigating to your CA server > Server Manager > Expand Roles > Expand Active Directory Certificate Services > Expand Enterprise PKI > Select the name of your CA > In the middle pain, double click CDP Location #1 > The Freshest CRL field should be located here. Attempt to browse to this URL from your WinPhone device.


Best,

Mandy

Former Member
0 Kudos

Hi Mandy,

I checked the CDP location and found the freshest URL, thanks for that, unfortunately I am not able to browse to this address. But our CA is not reachable from outside and I can see the internal servername inside this link, I think this could not work.

On the CA Server in Request filtering option on the default website and all sub applications "double escaping" is activated.

If I try to open the Link directly on the server, it is downloading a .crl file.

Thanks and best rgerds

Michael

Former Member
0 Kudos

Hi,

I have the same problem when I try to install windows phone hub "Could not retrive settings", if you can help me solve the problem?

BR

Former Member
0 Kudos

Hi Aleksandar,

The two KBAs below provide possible causes along with resolutions for the "Could not retrieve settings" error. Please follow the steps in each to see if either resolve the error for you.

https://launchpad.support.sap.com/#/notes/2336909

https://launchpad.support.sap.com/#/notes/2062977

Best,

Mandy

Former Member
0 Kudos

Ok, I'll try to fix it.

In my situation is a bit different ones.

For me, everything worked as expected for several months now with no changes reported this problem.

Do you have any idea?

Former Member
0 Kudos

Hello, a short update.

The customer told me that he uses windows phone 10 already. Is there any Afaria Client for this OS?
I mentioned that this version is still supported. But is there a Afaria custom client for it?

Thanks and best regards

Michael

tracy_barkley
Employee
Employee
0 Kudos

Michael,

Yes the custom client is still available.  I can check into the documentation and update accordingly but the process is the same.  It sounds more like there is an issue with the Windows SDK.  Which version do you have installed?  Is the PS1 file actually located in the folder you referenced?

Tracy

Former Member
0 Kudos

Hi Tracy,

I think I identified the problem, in the actual Afaria client, I get the error described in this KBA:

https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/smp_custmsg/note_index.htm?note_number=...

This is the reason why I would update the client, which is not necesarry I think now.

I also troubleshooted the KBA, and steps 1,2 and 3 are clear for me. But where can I find this "Certificate Revocation List"?

I think the prblem with the client started because I renewed our public SSL certificate from entrust and now something is missing...

Thank you

Michael

tracy_barkley
Employee
Employee
0 Kudos

Michael,

That very well could be.  And yes, it is unlikely you need a different client.  Certificates may cause problems.  The Certificate revocation list is provided by a CA to give an access point for devices to check if the cert they are using has been revoked.

As the KBA mentions although it may be unclear, you can open the certificate and going to its properties.  On the Details tab, there is a list of crl points as shown in the screenshot.

For step 3, you would open your IIS manager on the CA server.   Click on Mime types, find .crl in that list and make sure it is application/pkix-crl.

You can actally use the browser on the device to make sure you can hit the URL in the details tab (or file location)

The following KBA may assist as well.

Http://service.sap.com/sap/support/notes/2118600

And for the rest of the steps  http://service.sap.com/support/notes/2083086

Tracy

Former Member
0 Kudos

Hi Tracy,

Thanks for the two links.

I did the steps for the verification on the enrollment server and I can see in the logs that everything is fine, no Error, no skipped step.

Unfortunately I cannot open the secon Link from you.

I also see that in the Afaria client on the device, when I go to "Settings" The enrollment Server details are filled, but the package server details are empty... it seems that the client didn't get enough information from the server?!

Thank you Tracy

BR
Michael

tracy_barkley
Employee
Employee
0 Kudos

Michael,

I hand typed the link and left out part. My apologies.

http://service.sap.com/sap/support/notes/2083086

The last digits are the KBA number so you can also just enter that on http://support.sap.com

It is failing getting all the settings,most likely due to the CRLs.   Check out this link which has screenshots of the actual CRL locations in the CA.

Tracy

Former Member
0 Kudos

Hi Tracy,

I checked everything in your links, unfortunately it didn't solved the problem.

I tried a new enrollment, but now i get everytime if I want to enroll my windows phone "We can't connect at the moment because (jargon alert) we're having trouble getting authenticated by the server. Wait for a little while and try again". I tried it several times, but cannot enroll anymore, also on other tenants it seems that enrollment of WP8 is not working with the same error...

Do you have seen this error before? I can not find anything in the KB...

Thank you

Michael

Former Member
0 Kudos

Hi Michael,

Can you please tell us what configurations you have in place for the Certificate Authority page of the Afaria Admin (Afaria Admin > Server > Configuration > Server > Certificate Authority)?

Additionally, what Afaria version/service pack/hotfix level are you current running?

Thanks,

Mandy Spivey
SAP Product Support

Former Member
0 Kudos

Hi Mandy,

We have Afaria 7 SP09 installed without HF until now.

In the certification authority configuration we used:

CA type: SCEP

Server Address: the internal IP of the CA.

nothing else is configured.

If I make the connectivity test, I get "Passed" iOS and Android enrollment and managing is still working.

Thank you and best regards

Michael

Former Member
0 Kudos

Ok,

The enrollment is working again, I restarted all services and now its working again...

But now I have still the sam issue like before, let me describe the issue in detail again:

1. Device is enrolled

2. The device gets the custom Afaria App installed.

3. The Afaria App asks if it is ok to collect settings of the device (I tapped "Allow")

4. If I tap on Sync, an error Occours "could not retrieve settings"

5. If I take a look into the Settings of the Afaria App on the devie, I only can see the enrollment server information, Package Server information is completely empty.

6. When I open the Info menue of the App, I can see:

Enrollment Server "Failed request at "Date"

Package Server "Failed request at "Date"

Hope you can help me here.

Thanks and best regards

Michael

Former Member
0 Kudos

Hi Michael,


In the past, this issue has usually been caused by one of two things:

  1. The Windows Phone is not able to access the SSL certificate’s CRL distribution points.
  2. The unsigned Afaria client is not fully seeded with server information before the client is signed.


Since you’ve followed KBA 2062977 to ensure that (1) is not a problem, then I would suggest resigning and deploying a new signed Afaria client to see if that causes a change in behavior here. You can do that by following the steps mentioned in the KBA below. Make sure that when you preform step (6) in the KBA, you download a new unsigned client from your Afaria Admin. Do not use an old/existing one for this step. Also, prior to performing step (6), make sure that your Package Server config page is configured appropriately (Afaria Admin > Server > Configuration > Component > Package Server).

http://service.sap.com/sap/support/notes/1957661


Best,

Mandy

Former Member
0 Kudos

Hi Mandy,

Before I create the Afaria App completely new, I chcked the KBA 2062977 again.

The first 3 Points are completely the same as described and also working from my windows Phone, that means:

I connect to the relay server and checked the "CRL Distribution Points" for our public SSL certificate.

When I browse to the URL from Entrust, I can download the .crl file and

This is the output I got from .crl viewer on my device.

So this seems ok I think. The MIME Type is also correct on every Server which has the SSL cert in the MMC.

But if I connect to the CA and check the Delta CRL location, I have two of them:

And no of them both have the "Freshest CRL" Field available. Is maybe this the problem?

Thanks and best regards

Michael