服务器上未收到MDM签入请求

Question

我已遵循MDM协议来定义以下步骤：

1）创建包含服务器地址的.p12证书。此证书用于.mobileconfig文件。

2）服务器由自定义CA证书签名，该证书在安装.mobileconfig之前已安装在设备上。

3）服务器正在侦听HTTP Put消息。

发生了什么： 设备成功安装CA证书，然后从同一MDM服务器安装配置文件（.mobileconfig）（因此https握手成功，至少从safari中获取）。

安装完成后，我希望设备收到https PUT消息，但是没有收到此请求。

我已附加设备日志：

Jan  1 13:50:43 iPad-minQA profiled[116] <Notice>: (Note ) MC: Profile “com.apple.mgmt.External.MV9BR98H24” queued for installation.
Jan  1 13:50:43 iPad-minQA Preferences[272] <Error>:  SecTrustEvaluate  [leaf IssuerCommonName SubjectCommonName]
Jan  1 13:50:43 iPad-minQA Preferences[272] <Error>:  SecTrustEvaluate  [leaf IssuerCommonName SubjectCommonName]
Jan  1 13:50:44 iPad-minQA assertiond[67] <Error>: assertion failed: 13G35: assertiond + 30600 [0B862A7D-6E8B-3778-AD17-C7694ECD5BCD]: 0x16
Jan  1 13:50:44 iPad-minQA Unknown[67] <Error>: 
Jan  1 13:50:45 iPad-minQA profiled[116] <Notice>: (Note ) MC: Checking for MDM installation...
Jan  1 13:50:45 iPad-minQA profiled[116] <Notice>: (Note ) MC: ...finished checking for MDM installation.
Jan  1 13:50:48 iPad-minQA profiled[116] <Error>: MKBGetDeviceConfigurations: aks_get_configuration result: 0
Jan  1 13:50:48 iPad-minQA profiled[116] <Error>: MKBGetDeviceConfigurations: aks_get_configuration result: 0
Jan  1 13:50:48 iPad-minQA SpringBoard[58] <Warning>: throwing out icon because it isn't visible in the model : node=<SBApplicationIcon: 0x14d774540; nodeID: "com.apple.facetime"> com.apple.facetime
Jan  1 13:50:48 iPad-minQA SpringBoard[58] <Warning>: throwing out icon because it isn't visible in the model : node=<SBApplicationIcon: 0x14d7645c0; nodeID: "com.apple.camera"> com.apple.camera
Jan  1 13:50:48 iPad-minQA keybagd[45] <Error>: 0x16e1bb000 KBUpdateKeyBag: Saved new keybag with result 0
Jan  1 13:50:48 iPad-minQA SpringBoard[58] <Warning>: ===^^^ WE WILL UPDATE ZKW!
Jan  1 13:50:48 iPad-minQA SpringBoard[58] <Warning>: Reply Error: Connection interrupted
Jan  1 13:50:48 iPad-minQA afcd[255] <Error>: valid 0 value 0
Jan  1 13:50:49 iPad-minQA corecaptured[293] <Warning>: CCXPCService::setStreamEventHandler Woken up by notifyd.
Jan  1 13:50:49 iPad-minQA corecaptured[293] <Warning>: CCProfileMonitor::profileCallback Entered token:5
Jan  1 13:50:49 iPad-minQA wirelessproxd[59] <Warning>: Leaking old log directory path because it was set after logging has begun: /var/mobile/Library/Logs/Bluetooth for facilities: (null)
Jan  1 13:50:49 iPad-minQA SpringBoard[58] <Warning>: |GAXGeneral|info| whitelistedApps and appSelfLockIDs both nil.  No need to enable GAX (Single App Mode)
Jan  1 13:50:49 iPad-minQA assertiond[67] <Error>: assertion failed: 13G35: assertiond + 30600 [0B862A7D-6E8B-3778-AD17-C7694ECD5BCD]: 0x16
Jan  1 13:50:49 iPad-minQA tccd[106] <Notice>: Refusing client without bundle identifier (/System/Library/PrivateFrameworks/MusicLibrary.framework/Support/medialibraryd)
Jan  1 13:50:49 iPad-minQA tccd[106] <Notice>: Refusing client without bundle identifier (/System/Library/PrivateFrameworks/MusicLibrary.framework/Support/medialibraryd)
Jan  1 13:50:50 iPad-minQA Preferences[272] <Warning>: /BuildRoot/Library/Caches/com.apple.xbs/Sources/ExternalAccessory/ExternalAccessory-329.40.4/EAAccessoryManager.m:__51-[EAAccessoryManager _checkForConnectedAccessories]_block_invoke-632 ending background task
Jan  1 13:52:23 iPad-minQA corecaptured[293] <Warning>: CCProfileMonitor::freeResources done
Jan  1 13:52:23 iPad-minQA corecaptured[293] <Warning>: Got an XPC error: Connection invalid
Jan  1 13:52:23 iPad-minQA corecaptured[293] <Warning>: CCLogTap::profileRemoved, Owner: com.apple.driver.AppleBCMWLANCore0, Name: DriverLogs
Jan  1 13:52:23 iPad-minQA corecaptured[293] <Warning>: CCLogTap::profileRemoved, Owner: com.apple.driver.AppleBCMWLANCore0, Name: FirmwareBusLogs
Jan  1 13:52:23 iPad-minQA corecaptured[293] <Warning>: CCLogTap::profileRemoved, Owner: com.apple.driver.AppleBCMWLANCore0, Name: DatapathEvents
Jan  1 13:57:46 iPad-minQA timed[62] <Notice>: (Note ) CoreTime: Received time 01/01/2017 11:57:46±0.03 from "NTP"
Jan  1 13:57:46 iPad-minQA timed[62] <Notice>: (Note ) CoreTime: Want active time in 20.41min. Need active time in 8312.08min. Remaining retry interval: 14.995156min.
Jan  1 13:57:46 iPad-minQA UserEventAgent[26] <Error>: validateAndAddDefaults(com.apple.timed): End Time (inf) > now (504964666.7) + BACKGROUND_TASK_AGENT_JOB_WINDOW_MAX_TIME_FROM_NOW_SEC (3024000.0) + BACKGROUND_TASK_AGENT_JOB_TIME_ERROR_MARGIN (300.0)
Jan  1 13:57:46 iPad-minQA timed[62] <Notice>: (Error) CoreTime: Error requesting proactive time check job
Jan  1 14:00:07 iPad-minQA syslogd[25] <Notice>: ASL Sender Statistics

Answer 1

我设法最终使它工作..主要问题是apple配置器2缺少安装MDM配置文件所需的必填字段。

我在这里添加了一个最小的配置文件示例，需要为成功安装生成（请确保您的.mobileconfig文件中包含以下所有字段）：

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>AccessRights</key>
            <integer>8191</integer>
            <key>CheckInURL</key>
            <string>https://192.168.0.12:8081/checkin</string>
            <key>CheckOutWhenRemoved</key>
            <false/>
            <key>IdentityCertificateUUID</key>
            <string>{IdentityCertificateUUID}</string>
            <key>PayloadDescription</key>
            <string>Configures Mobile Device Management</string>
            <key>PayloadDisplayName</key>
            <string>Mobile Device Management</string>
            <key>PayloadIdentifier</key>
            <string>com.apple.mgmt.External.{PUSH_GUID}.mdm</string>
            <key>PayloadOrganization</key>
            <string>bla bla</string>
            <key>PayloadType</key>
            <string>com.apple.mdm</string>
            <key>PayloadUUID</key>
            <string>{PayloadUUID}</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>ServerURL</key>
            <string>https://192.168.0.12:8081/server</string>
            <key>SignMessage</key>
            <true/>
            <key>Topic</key>
            <string>com.apple.mgmt.External.{PUSH_GUID}</string>
        </dict>
        <dict>
            <key>Password</key>
            <string>{password}</string>
            <key>PayloadCertificateFileName</key>
            <string>Identity.p12</string>
            <key>PayloadContent</key>
            <data>
            {certificate data}
            </data>
            <key>PayloadDescription</key>
            <string>Adds a PKCS#12-formatted certificate</string>
            <key>PayloadDisplayName</key>
            <string>Identity.p12</string>
            <key>PayloadIdentifier</key>
            <string>com.apple.mgmt.External.{PUSH_GUID}.credential</string>
            <key>PayloadOrganization</key>
            <string>{PayloadOrganization}</string>
            <key>PayloadType</key>
            <string>com.apple.security.pkcs12</string>
            <key>PayloadUUID</key>
            <string>{PayloadUUID}</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Security managment profile installation.</string>
    <key>PayloadDisplayName</key>
    <string>BLA BLA</string>
    <key>PayloadIdentifier</key>
    <string>com.apple.mgmt.External.{PUSH_GUID}</string>
    <key>PayloadOrganization</key>
    <string>BLA BLA</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>{PayloadUUID}</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>