Protection status of MDMCore in ERA Web Console | Troubleshooting steps |
---|---|
HTTPS certificate does not meet criteria required by Apple |
If you are not managing iOS devices, disable the Send iOS related application statuses setting in your MDM policy. If you are managing iOS devices, verify that your https certificate meets the criteria described in documentation https://help.eset.com/esmc_install/71/en-US/mobile.html. |
MDM hostname does not match HTTPS certificate | The Hostname in the HTTPS certificate (Android / iOS) must match the Hostname in the ESET Mobile Device Connector Policy (Android / iOS). If they do not match, change one of them and re-apply the policy to the MDM host device. |
HTTPS certificate is not valid | Check the validity of your HTTPS certificate. If it is expired, generate a new one, upload it to your MDM Policy and save the changes. You may be required to initiate a re-enrollment of your mobile devices. |
HTTPS certificate expires soon | Check the validity of your HTTPS certificate and if the expiration is close, generate a new HTTPS certificate and initiate a certificate exchange. |
HTTPS certificate expired | Generate a new HTTPS certificate and initiate a re-enrollment of your mobile devices. |
HTTPS certificate chain is incomplete. Enrollment is not allowed | In order to complete the certificate chain, export your current HTTPS certificate that is being used by MDM Policy and import it into the certificate store on the MDM host device according to these steps for Windows or Linux. |
Missing APNS certificate | Generate a new APNS certificate and import it into MDC Policy. |
Missing APNS key | |
APNS certificate or APNS key not valid | |
HTTPS certificate change still in progress. The old certificate is still being used | Not all mobile devices are using the new HTTPS certificate. Make sure that all mobile devices will connect to the MDM server during certificate change. |
Multiagent is overloaded. Some clients failed to report their status in the last hour | This is only an informative message. If you see this warning often, consider adding more resources to the MDM host device. |
APNS service certificate validation failed |
The MDM host device does not have the latest Apple / Google CA. Download the required CA (Download Apple CA; Download GCM CA) and import it into certificate store on the MDM host device according to these steps. |
GCM service certificate validation failed | |
APNS Feedback service certificate validation failed | |
APNS service connection problems |
Create a new firewall rule to allow APNS service connection ( |
GCM service connection problems | |
APNS Feedback service connection problems | |
APNS certificate expires soon | Follow the steps as mentioned for I received an email from Apple Push Certification Portal that my APNMS certificate is about to expire. |
MDM policy contains invalid https certificate. The old certificate is still being used. | Replace the HTTPS certificate in the MDMCore policy with a valid one. |
There is problem with connection to remote peer | Follow the instructions below. |
After you execute a "Stop Managing Task" it may take up to 3*(2+number of all mobile devices/20) minutes until the device is removed from ERA Web Console. If the device still shows after this time, or you need to remove the device earlier, follow these steps:
EraMDMCoreSvc
).EraMDMCoreSvc
). systemctl stop eramdmcore.service
mysql -u USERNAME -p
delete from era_mdm_db.dbo.Device where DeviceId = 'XXXXXXXXXXXX'
systemctl start eramdmcore.service
If the troubleshooting steps above do not solve your problem, collect the logs with ESET Log Collector (according to these steps) and contact ESET Support.
This behavior is represented in MDMCore logs as:
Received a NotNow response from device "xxxxxxxxxxxx" for command "a1b2c3e4f5". Stopping command delivery to device until a reconnect.
Figure 1-1
This Alert indicates that the MDMCore is unable to connect to the ERA server. We recommend that you perform troubleshooting locally on MDM host device.
Check the latest MDM log files and act accordingly.
Windows | C:\ProgramData\ESET\RemoteAdministrator\MDMCore\Logs\Proxy |
Linux | /var/log/eset/RemoteAdministrator/MDMCore/Proxy/ |
The possible solutions (based on what you find in log files):
To import HTTPS certificate to OpenSSL cert store on CentOS follow these steps:
/etc/
pki
/ca-trust/source/anchors/
update-ca-trust
/etc/init.d/
eramdmcore
restart
/etc/sysconfig/IPtables
find a line -A INPUT -p tcp -m tcp -- dport 9980:9981 -J ACCEPT
.shutdown -r now
.Ports can be changed only by a re-deployment of ESMC MDM VA.