The error message about the APNS Feedback Service actually does not affect the ability of devices to check in to the MDM server; it is simply a service offered by Apple to check to see if devices we think we are still managing have since unenrolled.
When you changed out your certificates, did you also re-enroll your phone? If not, then you would need to re-enroll before it works. If this is difficult, then perhaps you can go back to using the same APNS push key / certificate as you used in beta and see if that helps?
Can you check the “Management Extender\DeviceReports” folder to see if there are device reports there that are just not being picked up by the Proxy Agent?
If not, perhaps you could look into the iosmdm.log and look for something like this:
APNSSender
Sending 1 mdm push notification(s)
or
iOSMDM
MDM check-in for device XYZ123
And see if there are any errors around those log statements? Or perhaps you could upload your iosmdm.log file and I could take a look at it to figure out what’s going on.
The only time I’ve seen these errors is when there was a problem with my APNS certs. Could it be possible that the APNS certificate does not match the APNS key? Maybe there was a misunderstanding in the Configuration Wizard and you uploaded only an old APNS cert that doesn’t match the newly generated APNS key? Or did you just drop them into the “private” folder directly? You mentioned it worked fine in the past – perhaps you could switch out these new APNS certs for the old ones you used previously and see if that works?
It looks like a few others are running into this same error, and it looks like the root cause is a misconfiguration, a crisscrossed APNS key and APNS certificate.
You can try issuing the following two commands on the command line (requires openssl and shasum executables, I’m running them on a mac):
The modulus of the push key and its certificate should be identical. If they are different, then you know it is a configuration issue. If they are indeed the same and you’re still running into this same error, then let me know and we can keep looking into it.
I manage to solve this issue last weekend after doing the whole MDM installation but with an additional step.
Before re-installing the IOS Management Extender I removed the “openSSL” directory in “C:\Program Files (x86)\BigFix Enterprise\BES Client”.
After reviewing the Install Fixlet, I found that this directory is not removed when we uninstall the Mngt Extender and is not re-installed if the directory exist.
I’m not 100% sure if it was really the problem but after this removal it worked.
I am having a similar problem where it does not look like I can communicate with the Apple APNS server. I was in the beta and had it working well. When going to the full release product, I went through the steps in your wiki to create the certs and I can’t get any devices to show up in my Management Console. I looked through my logs and have found these two lines:
2012-04-09 11:36:28
ERROR
iOSMDM
Error: Cert file does not exist: C:/Program Files (x86)/BigFix Enterprise/Management Extender/MDM Provider/private/push.cer
2012-04-09 11:36:28
FATAL
iOSMDM
Apple push certificates are required before the MDM server can send push notifications to communicate with devices. Missing files: ‘C:/Program Files (x86)/BigFix Enterprise/Management Extender/MDM Provider/private/push_key.pem’, ‘C:/Program Files (x86)/BigFix Enterprise/Management Extender/MDM Provider/private/push.cer’
But I’ve looked in this file location and both of those files are there.
Let me know what your thoughts are on fixing. When going to GA release from beta, I did not rerun the openssl commands to create the cert. I just used the one I created to begin with. Do I need to redo this step?
In the beta, you generated your own push key and CSR, and obtained an APNS cert
you backed up your push_key.pem and push.cer
you upgraded to GA release with a fresh install of the iOS extender
you used the configuration wizard and entered in only your APNS cert from step 1
If this is what happened, then it makes sense you are seeing this SSLError, because your APNS key does not match your APNS cert. Every certificate has a matching private key. If the key doesn’t match the certificate, then APNS will (rightly) close the connection.
The process was changed to generate a key and a CSR upon install. These two match. If you used this CSR to get signed and submit to Apple to get your APNS cert, then in the configuration wizard, you need only enter your cert. But since you are using an older APNS cert, it does not match the key generated on that box, and thus it does not work.
Long story short, I think that if you enter in
both
your old backed up APNS cert and key (from beta) into the configuration wizard (or just plop those two files into place), then it should start working.
(btw, the FATAL log message might have come up before you ran the config wizard? It displays that message on startup. Perhaps on startup they weren’t there yet, but then were found later after you put them in place.)