Post

Replies

Boosts

Views

Activity

App installation fails on user enrollement device
When I registered an MDM profile and tried to install an application via MDM on a device on which user enrollment was completed, an error occurred. Is there any countermeasure for this? errors message { "CommandUUID": "5xxxx4x8-95bb-4f62-8bb3-1d7e2b044137", "EnrollmentID": "7***9774-0373-404B-90CC-5FE8F9B59696", "ErrorChain": [ { "ErrorCode": 12008, "ErrorDomain": "MDMErrorDomain", "LocalizedDescription": "MDM要求が無効です。", "USEnglishDescription": "The MDM request is invalid." } ], "RejectionReason": "PurchaseMethodNotSupported", "Status": "Error" }
0
0
258
Apr ’24
I want to know the format of the MDM profile sent in User Enrollment.
I performed the following process in User Enrollment, but it seems that the registration process cannot be performed because the profile format is incorrect or the parameters are invalid. General > Access your account with VPN and device management Redirect to authentication screen as MDM server is accessed Set credentials and redirect session[:token] = "xxxxxxxxxx" redirect_to "apple-remotemanagement-user-login://authentication-results?access-token=" + session[:token] Submit MDM profile <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>EncryptedPayloadContent</key> <data> MIINqgYJKoZIhvcNAQcDoIINmzCCDZcCAQAxggOeMIH/AgEAMGgwWjELMAkGA1UEBhMC VVMxEzARBgNVBAoTCkFwcGxlIEluYy4xFTATBgNVBAsTDEFwcGxlIGlQaG9uZTEfMB0G A1UEAxMWQXBwbGUgaVBob25lIERldmljZSBDQQIKAzNmefeeFseQqzANBgkqhkiG9w0B AQEFAASBgKS2ch7zsM9M/UflrnAzjjlpcKFzKTR2vRBIeTQ6ZUM79ZFQBkhB/TAsi3NO tkYIy0Kr/xQD86PDlXpF48JDtuhgB0aQ+Dr28/IIpcTnvR9wE1SFFydnHOoXf5sUvMrZ 9JyhlfGeUGGjfV4dYSVTNv41DFXfjksG9qDZTEHYzyC3MIIBFQIBADB+MHkxCzAJBgNV BAYTAlVTMRMwEQYDVQQKEwpBcHBsZSBJbmMuMSYwJAYDVQQLEx1BcHBsZSBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eTEtMCsGA1UEAxMkQXBwbGUgaVBob25lIENlcnRpZmljYXRp ...... </data> <key>PayloadDescription</key> <string>Test</string> <key>PayloadDisplayName</key> <string>test</string> <key>PayloadIdentifier</key> <string>localhost.mdm</string> <key>PayloadOrganization</key> <string>Test</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>16a91248-230c-423c-9dd9-a1480e911b9b</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist> EncryptedPayloadContent <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <array> <dict> <key>AssignedManagedAppleID</key> <string>hogehoge@test.link</string> <key>CheckInURL</key> <string>https://test.link/api/ios/checkin</string> <key>CheckOutWhenRemoved</key> <true/> <key>EnrollmentMode</key> <string>BYOD</string> <key>IdentityCertificateUUID</key> <string>fc7532ea-7fd7-4942-80ba-9fafa0ac5f0a</string> <key>PayloadDescription</key> <string>Test</string> <key>PayloadDisplayName</key> <string>test</string> <key>PayloadIdentifier</key> <string>localhost.mdm</string> <key>PayloadOrganization</key> <string>Test</string> <key>PayloadType</key> <string>com.apple.mdm</string> <key>PayloadUUID</key> <string>9eebe196-17d5-4613-953b-b60e7111282e</string> <key>PayloadVersion</key> <integer>1</integer> <key>ServerURL</key> <string>https://test.link/api/ios/mdm</string> <key>SignMessage</key> <true/> <key>Topic</key> <string>com.apple.mgmt.External.16a8b279-c4a9-4a33-9f1e-e155ab8161fd</string> <key>UseDevelopmentAPNS</key> <false/> </dict> <dict> <key>PayloadContent</key> <dict> <key>Challenge</key> <string>dfbd7b151e5c1c03f8a59e775f393791ca618201</string> <key>GetCACaps</key> <array> <string>POSTPKIOperation</string> <string>Renewal</string> <string>AES</string> <string>SHA-256</string> </array> <key>Key Type</key> <string>RSA</string> <key>Key Usage</key> <integer>5</integer> <key>Keysize</key> <integer>1024</integer> <key>Name</key> <string>CA</string> <key>Subject</key> <array> <array> <array> <string>O</string> <string>Test</string> </array> </array> <array> <array> <string>CN</string> <string>e1af8f64-be70-46d3-97b7-fb70e8e0f0f8</string> </array> </array> </array> <key>URL</key> <string>https://test.link/api/scep</string> </dict> <key>PayloadDescription</key> <string>Test</string> <key>PayloadDisplayName</key> <string>Test</string> <key>PayloadIdentifier</key> <string>localhost.encryption-cert-request</string> <key>PayloadOrganization</key> <string>Test</string> <key>PayloadType</key> <string>com.apple.security.scep</string> <key>PayloadUUID</key> <string>fc7532ea-7fd7-4942-80ba-9fafa0ac5f0a</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> </plist>
2
0
358
Mar ’24
Not sure if declarative management is enabled
I am sending DeclarativeManagement with the MDM command, but it seems that it is not valid even if I send it to declaration-items What can you think of? iOS 16 MDM Command <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Command</key> <dict> <key>Data</key> <data> eyJTeW5jVG9rZW5zIjp7IlRpbWVzdGFtcCI6IjIwMjMtMTAtMThUMTE6MDY6MDJaIiwi RGVjbGFyYXRpb25zVG9rZW4iOiJiNjU0NDAyN2EzMTVjZDAwODVkNGNmMDgxNzQ2MjRj MmQxNDI0NDQ4MDQzMGE4N2IxNzZhMjcyN2U3MzY2MDA5In19 </data> <key>RequestType</key> <string>DeclarativeManagement</string> </dict> <key>CommandUUID</key> <string>3398d0c0-8b36-4647-86ab-6a63f26d1576</string> <key>UDID</key> <string>XXXXXXX-ZZZZZZZZZZZZZz</string> </dict> </plist> declaration-items Rersponse(json) { "DeclarationsToken": "1429e356-c51a-42a3-aff2-22963df30202", "Declarations": { "Assets": [ ], "Management": [ { "Type": "com.apple.management.organization-info", "Identifier": "e07d18d6-4ec6-432a-b474-9b8816d029a2", "ServerToken": "4922d69c-c231-426d-9598-c3acb612069e", "Payload": { "Email": "email@example.com", "Name": "Acme Inc", "URL": "https://www.example.com" } } ], "Configurations": [ { "Type": "com.apple.configuration.legacy", "Identifier": "84fe24b1-ac21-4a29-b279-70f715b3ac82", "ServerToken": "0283b145-5791-4d7a-8a8e-7690e3a6db98", "Payload": { "ProfileURL": "https://gist.githubusercontent.com/jessepeterson/5a633f627bfc23f74153add89aee07f1/raw/f27458e05fd01b8ff9e7872a54aa2d543131afaa/cert-profile.mobileconfig" } }, { "Type": "com.apple.configuration.passcode.settings", "Identifier": "1f0ce810-6c6b-4021-86ae-2844396e58f8", "ServerToken": "791e16ff-2011-4468-a201-de531d0c2326", "Payload": { "RequirePasscode": true, "RequireComplexPasscode": false, "RequireAlphanumericPasscode": false } }, { "Type": "com.apple.configuration.management.status-subscriptions", "Identifier": "004b8c95-3500-4ac8-9480-54311a462929", "ServerToken": "888a4935-ef8d-4286-8c39-776fd8675f57", "Payload": { "StatusItems": [ { "Name": "device.identifier.serial-number" }, { "Name": "device.identifier.udid" }, { "Name": "device.model.family" }, { "Name": "device.model.identifier" }, { "Name": "device.model.marketing-name" }, { "Name": "device.operating-system.build-version" }, { "Name": "device.operating-system.family" }, { "Name": "device.operating-system.marketing-name" }, { "Name": "device.operating-system.supplemental.build-version" }, { "Name": "device.operating-system.supplemental.extra-version" }, { "Name": "device.operating-system.version" }, { "Name": "mdm.app" }, { "Name": "passcode.is-compliant" }, { "Name": "passcode.is-present" }, { "Name": "test.array-value" }, { "Name": "test.boolean-value" }, { "Name": "test.dictionary-value" }, { "Name": "test.error-value" }, { "Name": "test.integer-value" }, { "Name": "test.real-value" }, { "Name": "test.string-value" } ] } } ], "Activations": [ { "Type": "com.apple.activation.simple", "Identifier": "90cb68bc-c37d-40cc-8cef-b462947329b2", "ServerToken": "26985dc4-b0a0-43ef-afae-6ad3e89d5b9d", "Payload": { "StandardConfigurations": [ "e07d18d6-4ec6-432a-b474-9b8816d029a2", "84fe24b1-ac21-4a29-b279-70f715b3ac82", "1f0ce810-6c6b-4021-86ae-2844396e58f8", "004b8c95-3500-4ac8-9480-54311a462929" ] } } ] } }
2
0
542
Oct ’23
About `EnforceRoutes`
There is an item for EnforceRoutes in the following URL https://developer.apple.com/documentation/devicemanagement/vpn/ikev2?changes=latest_minor I don't quite understand "If true, all the VPN's non-default routes take precedence over any locally defined routes." in the function description of this item. I would appreciate it if you could let me know how I can check this.
0
0
408
May ’23
I want to activate eSIM with MDM command
We are investigating whether eSIM activation is possible. Do you know how to set the SM-DP+ address, activation, and confirmation code? I referred to the following, but I did not know how to set the activation code. https://developer.apple.com/documentation/devicemanagement/refreshcellularplanscommand/command
1
0
470
Dec ’22