安装MDM mobileconfig配置文件后，iOS 7全新重置设备不会将TokenUpdate发送到服务器

Question

摘要

我安装了带有iOS 7.0（11A465）的iPad Mini。如果我转到“设置＆gt;常规＆gt;重置＆gt;删除所有内容和设置”并清除设备，然后在设备上成功安装MDM配置文件，则在注册过程中，设备会向服务器发送“验证” “XML有效负载，但之后它不会按预期发送任何”TokenUpdate“有效负载。所以我无法使用APNS向设备发送推送通知。如果我删除MDM配置文件并重新安装它，一切正常。无论我删除和安装多少次MDM配置文件，它总是可以正常工作。但是如果我再次擦除设备，它将无法在第一次尝试时工作。

重现步骤

1. 我通过转到“设置＆gt;常规＆gt;重置＆gt;删除所有内容和设置”重置设备（iPad Mini iOS 7.0（11A465））
2. 设备重新初始化后，我设置了Wi-Fi连接
3. 我打开Safari并下载MDM配置文件（OTA）;配置文件不包含SCEP服务器配置，而是在内部有一个PKCS12自签名证书（我附加了MDM配置文件;它是一个名为“mdm.mobileconfig”的文件）;该个人资料还包含一个登记网址
4. 我成功安装了个人资料
5. 设备将XML有效负载上传到签入URL，该URL包含这2个节点（以及其他节点）： 消息类型 认证
6. 无论我多久等待，设备都不会上传任何其他内容。但是，我希望设备还上传至少一个包含以下2个节点的XML有效负载： 消息类型 TokenUpdate
7. 我手动删除MDM配置文件
8. 我重复步骤3,4和5
9. 这次，设备还会上传包含设备令牌的预期XML有效负载，这是完美的，因为它允许我通过APNS发送通知
10. 我现在能够一次又一次地重复步骤7,8,9再次完美无缺
11. 如果我从第1步开始，第6步中描述的错误重新出现

预期结果

预期的结果是在iPad Mini iOS 7.0（11A465）设备上成功安装MDM配置文件后，即使设备重置为出厂设置，也始终获取设备令牌。

实际结果

我第一次在新的（出厂设置）设备上安装MDM配置文件时，设备不会将设备令牌上传到签入服务器。

这是mobileconfig（不带真实链接或证书）

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>AccessRights</key>
            <integer>8191</integer>
            <key>CheckInURL</key>
            <string>https://checkin.url</string>
            <key>CheckOutWhenRemoved</key>
            <true/>
            <key>IdentityCertificateUUID</key>
            <string>AAAA-AAAA-AAAAA</string>
            <key>PayloadDescription</key>
            <string>Remote management of iOS mobile devices</string>
            <key>PayloadDisplayName</key>
            <string>Mobile Device Management</string>
            <key>PayloadIdentifier</key>
            <string>com.mdm.identifier</string>
            <key>PayloadOrganization</key>
            <string>Organization</string>
            <key>PayloadType</key>
            <string>com.apple.mdm</string>
            <key>PayloadUUID</key>
            <string>aaaaa-aaaaaa-aaaaa-aaaaa</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>ServerURL</key>
            <string>https://server.url</string>
            <key>SignMessage</key>
            <false/>
            <key>Topic</key>
            <string>com.apple.topic</string>
            <key>UseDevelopmentAPNS</key>
            <true/>
        </dict>
        <dict>
            <key>Password</key>
            <string>password</string>
            <key>PayloadCertificateFileName</key>
            <string>certificate.p12</string>
            <key>PayloadContent</key>
            <data>
            XXXXXXXXXXXXXXXXXXXXXXXXXXX
            </data>
            <key>PayloadDescription</key>
            <string>Provides device authentication (certificate or identity).</string>
            <key>PayloadDisplayName</key>
            <string>SSL Certificate</string>
            <key>PayloadIdentifier</key>
            <string>com.identifier.test</string>
            <key>PayloadOrganization</key>
            <string>Organization</string>
            <key>PayloadType</key>
            <string>com.apple.security.pkcs12</string>
            <key>PayloadUUID</key>
            <string>AAAA-AAAA-AAAAA</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Remote management of iOS mobile devices</string>
    <key>PayloadDisplayName</key>
    <string>Mobile Device Management</string>
    <key>PayloadIdentifier</key>
    <string>com.identifier.test</string>
    <key>PayloadOrganization</key>
    <string>Organization</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>aaa-aaaa-aaaa</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

---

这是来自IPCU的日志

Oct  2 18:34:06 iPad profiled[183] <Notice>: (Note ) profiled: Service starting...
Oct  2 18:34:06 iPad profiled[183] <Notice>: (Note ) MC: Profile “com.identifier.test” queued for installation.
Oct  2 18:34:07 iPad Preferences[172] <Warning>: void unloadAPTableCellImages(): unloading images
Oct  2 18:34:11 iPad profiled[183] <Notice>: (Note ) MC: Checking for MDM installation...
Oct  2 18:34:11 iPad profiled[183] <Notice>: (Note ) MC: ...finished checking for MDM installation.
Oct  2 18:34:11 iPad profiled[183] <Notice>: (Note ) MC: Beginning profile installation...
Oct  2 18:34:12 iPad profiled[183] <Error>: MKBDeviceLockAssertion: Status missing from response
Oct  2 18:34:12 iPad profiled[183] <Error>: __MKBAssertionFinalize: __MKBAssertionFinalize(0x14d58ba0)
Oct  2 18:34:12 iPad profiled[183] <Error>: MKBDeviceLockAssertion: MKBDeviceLockAssertion  (asserttype:544164 with error 22)
Oct  2 18:34:12 iPad profiled[183] <Notice>: (Error) MC: Could not hold keybag lock assertion. Error: The operation couldn’t be completed. Invalid argument
Oct  2 18:34:12 iPad securityd[83] <Error>:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:12 iPad securityd[83] <Error>:  securityd_xpc_dictionary_handler sbd[95] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:12 iPad securityd[83] <Error>:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:12 iPad securityd[83] <Error>:  securityd_xpc_dictionary_handler sbd[95] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:12 iPad profiled[183] <Error>: TASK-ASSERT: cfurlcache - truncate DB - FAILED to get assertion, going commando!
Oct  2 18:34:13 iPad profiled[183] <Error>: MKBDeviceGetGracePeriod: MKBDeviceGetGracePeriod() => (0,0,0)
Oct  2 18:34:13 iPad profiled[183] <Error>: MKBDeviceGetGracePeriod: MKBDeviceGetGracePeriod() => (0,0,0)
Oct  2 18:34:13 iPad profiled[183] <Error>: get_longlongvalue_for_key: failed to get GracePeriod
Oct  2 18:34:13 iPad profiled[183] <Error>: get_longlongvalue_for_key: failed to get MaxLifetime
Oct  2 18:34:13 iPad profiled[183] <Error>: MKBDeviceSetGracePeriod: MKBDeviceSetGracePeriod(-1,5,-1)
Oct  2 18:34:13 iPad profiled[183] <Error>: MKBDeviceSetGracePeriod: MKBDeviceSetGracePeriod: from AKS 0
Oct  2 18:34:13 iPad keybagd[44] <Error>: 0x297000 __update_system_keybag_block_invoke: Updating System Keybag
Oct  2 18:34:13 iPad keybagd[44] <Error>: 0x297000 KBUpdateSystemKeyBag: Got opaqueStuff from ondisk keybag
Oct  2 18:34:13 iPad keybagd[44] <Error>: 0x297000 KBUpdateSystemKeyBag: Saved new keybag with result 2715424
Oct  2 18:34:13 iPad profiled[183] <Notice>: (Note ) MC: Profile “com.identifier.test” installed.
Oct  2 18:34:13 iPad afcd[157] <Error>: Checking for changed log settings
Oct  2 18:34:13 iPad afcd[157] <Error>: valid 0 value 0
Oct  2 18:34:13 iPad afcd[157] <Error>: Verbose logging disabled
Oct  2 18:34:13 iPad Preferences[172] <Warning>: -[VPNConnectionStore reloadVPN]: The active VPN configuration has changed from (null) to (null)
Oct  2 18:34:13 iPad Preferences[172] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0x14e89fd0:<VPNBundleController: 0x14e89fd0>): _serviceCount(0), serviceCount(0), toggleInRootMenu(0), RootMenuItem(1)
Oct  2 18:34:13 iPad lockdownd[51] <Error>: FAILURE: Failed to open property list at file:///private/var/db/launchd.db/com.apple.launchd/overrides.plist for reading. (The operation couldn’t be completed. No such file or directory)
Oct  2 18:34:13 iPad mc_mobile_tunnel[188] <Notice>: (Note ) MC: mc_mobile_tunnel starting.
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCProfileMonitor::profileCallback Entered token:1
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCLogTap::profileRemoved
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCDataFile::profileRemoved
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCLogTap::profileRemoved
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCProfileMonitor::setStreamEventHandler 
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCXPCService::setStreamEventHandler Registered for notification callback.
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCXPCService::setStreamEventHandler Woken up by notifyd.
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCProfileMonitor::profileCallback Entered token:0
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCLogTap::profileRemoved
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCDataFile::profileRemoved
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCLogTap::profileRemoved
Oct  2 18:34:14 iPad mdmd[184] <Notice>: (Note ) MDM: mdmd starting...
Oct  2 18:34:14 iPad mdmd[184] <Notice>: (Note ) MDM: Looking for managed app states to clean up
Oct  2 18:34:14 iPad mdmd[184] <Notice>: (Note ) MDM: Waiting for push token to be assigned to this device...
Oct  2 18:34:14 iPad mdmd[184] <Notice>: (Note ) MDM: Network reachability has changed.
Oct  2 18:34:14 iPad mdmd[184] <Notice>: (Note ) MDM: Network reachability has changed.
Oct  2 18:34:14 iPad securityd[83] <Error>:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:14 iPad securityd[83] <Error>:  securityd_xpc_dictionary_handler sbd[95] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:14 iPad securityd[83] <Error>:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:14 iPad securityd[83] <Error>:  securityd_xpc_dictionary_handler sbd[95] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:14 iPad awdd[185] <Error>: CoreLocation: CLClient is deprecated. Will be obsolete soon.
Oct  2 18:34:22 iPad profiled[183] <Error>: TASK-ASSERT: cfurlcache - ProcessCacheTask - FAILED to get task-assertion, going commando with 1 items to process.
Oct  2 18:34:23 iPad mc_mobile_tunnel[188] <Notice>: (Note ) MC: mc_mobile_tunnel shutting down.
Oct  2 18:34:25 iPad mdmd[184] <Notice>: (Note ) MDM: Timed out waiting for push token. Continuing...
Oct  2 18:34:25 iPad mdmd[184] <Notice>: (Note ) MDM: Waiting for push token to be assigned to this device...
Oct  2 18:34:29 iPad mdmd[184] <Notice>: (Note ) MDM: mdmd stopping.
Oct  2 18:34:36 iPad profiled[183] <Notice>: (Note ) profiled: Service stopping.
Oct  2 18:34:44 iPad wifid[15] <Error>: WiFi:[402420884.811876]: Enable WoW requested by "apsd"
Oct  2 18:34:44 iPad awdd[189] <Error>: CoreLocation: CLClient is deprecated. Will be obsolete soon.
Oct  2 18:34:47 iPad securityd[83] <Error>:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:47 iPad securityd[83] <Error>:  securityd_xpc_dictionary_handler sbd[95] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:47 iPad mdmd[191] <Notice>: (Note ) MDM: mdmd starting...
Oct  2 18:34:47 iPad mdmd[191] <Notice>: (Note ) MDM: Looking for managed app states to clean up
Oct  2 18:34:47 iPad profiled[192] <Notice>: (Note ) profiled: Service starting...
Oct  2 18:34:47 iPad mdmd[191] <Notice>: (Note ) MDM: Network reachability has changed.
Oct  2 18:34:47 iPad mdmd[191] <Notice>: (Note ) MDM: Network reachability has changed.
Oct  2 18:34:47 iPad mdmd[191] <Notice>: (Note ) MDM: Push token received.
Oct  2 18:34:51 iPad mdmd[191] <Notice>: (Note ) MDM: mdmd stopping.
Oct  2 18:34:58 iPad profiled[192] <Notice>: (Note ) profiled: Service stopping.
Oct  2 18:35:39 iPad cplogd[180] <Warning>: Exiting.
Oct  2 18:36:01 iPad backboardd[28] <Notice>: ALS: SetDisplayFactor: factor=0.0500
Oct  2 18:36:16 iPad backboardd[28] <Notice>: ALS: SetDisplayFactor: factor=0.0000
Oct  2 18:36:16 iPad kernel[0] <Debug>: AppleMultitouchN1SPI: updating power statistics
Oct  2 18:36:16 iPad backboardd[28] <Notice>: MultitouchHID: detection mode: 3->255
Oct  2 18:36:16 iPad kernel[0] <Debug>: ALS: AppleARMBacklight::setBacklightEnableGated 0 (set level to 0x36e)
Oct  2 18:36:16 iPad backboardd[28] <Notice>: Posting 'com.apple.iokit.hid.displayStatus' notifyState=0
Oct  2 18:36:16 iPad SpringBoard[33] <Warning>: [MPUNowPlayingController] Not registered for now playing notifications. Ignoring call to -unregisterForNotifications.
Oct  2 18:36:16 iPad profiled[193] <Notice>: (Note ) profiled: Service starting...
Oct  2 18:36:16 iPad touchsetupd[115] <Warning>: WPTransfer deallocing
Oct  2 18:36:17 iPad cplogd[194] <Warning>: Starting.
Oct  2 18:36:17 iPad kernel[0] <Debug>: ALS: AppleARMBacklight::handleMessageGated - framebufferState -> 0