Hello All,
I am currently seeing different behavior when I am attempting to push and update using Schedule OS Update in conjunction with software cadence updates. The two paths are:
15.6.1 -> 16.0 (achieved by setting software cadence to 0)
15.6.1 -> 15.7 (achieved by setting software cadence to 1)
Scenario 1 works perfectly, checking available updates return iOS 16 and its product key, allowing me to send it down in a schedule OS update command, which the device then responds with a populated Update Results, indicating that the device has begun updating. This can be confirmed on the device
Scenario 2 allows the checking on the available update returning iOS 15.7 and it's associated product key (iOSUpdate19H12). I then send this down with a schedule OS update command. The device responds with and Acknowledge message with an empty Update Results. Checking the device the download has not begun but the download button becomes greyed out.
Are there additional setting that need to be changed to allow for this update to occur?
Edit: I should also add both of the schedule OS update commands are sent with default behavior.
Post
Replies
Boosts
Views
Activity
Hello All,
I am currenlty on iOS version 16.0.2, and have begun seeing some unexpected behaviour when attempting to update a per-app vpn settings. The error I am currently seeing in the following.
`Error chain content: domain = NEConfigurationErrorDomain, error code = 2, description = "configuration is invalid: Duplicate perApp UUID" ( "n/a" ).
This is the initial profile I had sent down to the device (cut for brevity) and installed with no issues.
<string>globalhttpproxy.profile</string>
<key>PayloadUUID</key>
<string>d285f433-2650-457c-875d-19d3f82379eb</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadDescription</key>
<string>Connectivity Profile set by BEM Web</string>
<key>PayloadDisplayName</key>
<string>Connectivity Profile</string>
<key>PayloadOrganization</key>
<string>testlab.local</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadIdentifier</key>
<string>globalhttpproxy.profile.VPN.59ad7127f4a64ee49aefcd275f90559f</string>
<key>PayloadUUID</key>
<string>54cda92e-902b-4676-97ee-14955f16e646</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadType</key>
<string>com.apple.vpn.managed.applayer</string>
<key>PayloadDescription</key>
<string>VPN Policy</string>
<key>PayloadDisplayName</key>
<string>VPN</string>
<key>PayloadOrganization</key>
<string>testlab.local</string>
<key>UserDefinedName</key>
<string>par_app_ipsec</string>
<key>VPNType</key>
<string>IPSec</string>
<key>VPNUUID</key>
<string>5d9fe1dd-8bf4-479a-a1e7-a8bec8f23846</string>
<key>IPSec</key>
Profile was sent down with no issues.
When attempting to update the profile as I had done previously the above error occured.
<string>globalhttpproxy.profile</string>
<key>PayloadUUID</key>
<string>bdc7a8f8-d6a4-48b6-941d-565d1610d90b</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadDescription</key>
<string>Connectivity Profile set by BEM Web</string>
<key>PayloadDisplayName</key>
<string>Connectivity Profile</string>
<key>PayloadOrganization</key>
<string>testlab.local</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadIdentifier</key>
<string>globalhttpproxy.profile.VPN.2b5f8f8a52d843bab3aaf0ce3c195815</string>
<key>PayloadUUID</key>
<string>dc18e2cd-78a0-41a4-b852-f87643ad324a</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadType</key>
<string>com.apple.vpn.managed.applayer</string>
<key>PayloadDescription</key>
<string>VPN Policy</string>
<key>PayloadDisplayName</key>
<string>VPN</string>
<key>PayloadOrganization</key>
<string>testlab.local</string>
<key>UserDefinedName</key>
<string>par_app_iKev2</string>
<key>VPNType</key>
<string>IKEv2</string>
<key>VPNUUID</key>
<string>5d9fe1dd-8bf4-479a-a1e7-a8bec8f23846</string>
<key>IKEv2</key>
<dict>
I had kept the same VPNUUID to prevent the need for me to reinstall the per-app vpns that had come down previously.
Has the rules around updating VPN/profiles changed with 16.0? Or do connectivity profiles now need to be removed before they are updated?
Kind Regards,
Hamer
Hello, I am currently testing the com.apple.configuration.app.managed declaration, and have failed to get it to work with either VPP OR Enterprise apps.
(Testing is being conducted on an iPhone XR with iOS 17.3.1)
VPP:
Initially errors where returned due to not having a license for the device, so I have set it up to fetch a license before the declaration is return to the device. Said declaration is as follows (I have attempted to switch from Device to User VPP type, as well as attempting to use BundleID or AppStoreID but all have the same result:
{
"Identifier": "BBC_Test_Install",
"Payload": {
"AppStoreID": "377382255",
"InstallBehavior": {
"Install": "Required",
"License": {
"VPPType": "Device"
}
}
},
"ServerToken": "...",
"Type": "com.apple.configuration.app.managed"
}
The configuration above successfully applies on to the device, and can be seen in the configurations tab in Settings. The install is unsuccessful however, as the app.managed subscription item returns the following result:
"app" : {
"managed" : {
"list" : [
{
"state" : "failed",
"declaration-identifier" : "BBC_Test_Install",
"identifier" : "uk.co.bbc.newsuk",
"name" : "BBC News - UK & World Stories"
}
]
}
}
The device does not provide any additional information, it was initially returning the following reason when I did not request a licence before the install:
"code" : "Error.LicenseNotFound"
but this has disappeared now that a licence is requested before hand. No other information can be gleaned so I am at a bit of a loss. It should be noted, I am wipping my device between each test, just to try and get it working on a "fresh" application before attempting to deal with updating the declaration.
Enterprise:
This also does not seem to be behave, the configuration states a successful application, but it cant be seen in the declrations tab within general settings:
"active" : true,
"identifier" : "Enterprise_Test_Install",
"valid" : "valid",
"server-token" : "..."
The associated configuration is as follows:
{
"Identifier": "Enterprise_Test_Install",
"Payload": {
"InstallBehavior": {
"Install": "Required"
},
"ManifestURL": "https://my.domain/web/mdm/ios/enterpriseplistgenerator/bundle.id"
},
"ServerToken": "...",
"Type": "com.apple.configuration.app.managed"
}
I have had previous success installing enterprise apps through MDM commands so I would have assumed the ManifestURL should have worked the same. The above URL does cause the device to make a secondary request for the application manifest, which returns the following:
<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>https://my.domain/web/mdm/ios/enterpriseipa/bundle.id</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>bundle.id</string>
<key>kind</key>
<string>software</string>
<key>subtitle</key>
<string>testapp</string>
<key>title</key>
<string>testapp</string>
</dict>
</dict>
</array>
</dict>
</plist>
Which the device then does nothing with (app.managed does not report back anything). When installing the enterprise app through MDM commands the above plist does cause the device to make a secondary call to fetch the applications IPA.
Some additional information, help, or insight would be useful, as from my perspective the declaration does not seem to work at all.
Hello all, this may not be the right place to get answers for this but not sure where else to put it. Currently we are using the Apple Software lookup service to fetch available iOS updates that can be used to push updates through Declarative Management. This works fine however we have are now running into an issue https://gdmf.apple.com/v2/pmv, does not have a valid SSL certificate, which during the prototyping phase was fine as we turned off SSL cert validation to get the feature to work. Now that we are moving to make this a formal development we need to turn this on, but obviously with the URL having an invalid cert this causes all requests to throw invalid certificate errors (specifically that the root cert isn't trusted, this can also be seen when navigating to the url in a browser. Specifically it returns NET::ERR_CERT_AUTHORITY_INVALID) Is there any chance that the SSL cert for this API can be fixed?