Jump to content
Welcome to our new Citrix community!
  • 2

XMS unable to connect to Apple DEP


Peter Radler

Question

Hello There,

 

We are using Apple DEP.  Since 8th May the connection to the DEP Account is not working anymore. Nothing was changed in the system. The time and date on XMS ist correct, XMS Server was rebootet, Apple DEP token was recreated and installed, but with the same result.

XenMobile Server is onprem and on Version 10.10 .

Have someone the same problem?

Have raised a Citrix Support ticket, but wanted to ask in the forum too.

 

In the Debug Log i have following found:

2019-05-10T11:58:53.467+0200 |   | ERROR | pool-14-thread-1 | com.sparus.nps.cron.tasks.AppleDepTask | [accountId=2 (XXXXXX)] | Unable to fetch DEP devices: Unexpected HTTP status: 500
com.sparus.nps.EWException: Unexpected HTTP status: 500
    at com.citrix.ios.bulkenrollment.OAuth.getSessionAuthToken(OAuth.java:253) ~[nps.jar:?]
    at com.citrix.ios.bulkenrollment.impl.AppleDepServicesImpl.getSessionAuthToken(AppleDepServicesImpl.java:193) ~[nps.jar:?]
    at com.citrix.ios.bulkenrollment.impl.AppleDepServicesImpl.fetchOrSyncDevices(AppleDepServicesImpl.java:414) ~[nps.jar:?]
    at com.citrix.ios.bulkenrollment.impl.AppleDepServicesImpl.fetchDevices(AppleDepServicesImpl.java:742) ~[nps.jar:?]
    at com.sparus.nps.cron.tasks.AppleDepTask.execTask4BEEnabled(AppleDepTask.java:182) [nps.jar:?]
    at com.sparus.nps.cron.tasks.AppleDepTask.run(AppleDepTask.java:111) [nps.jar:?]
    at com.sparus.nps.cron.Cron$Job.run(Cron.java:226) [nps.jar:?]
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_121-XMS]
    at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_121-XMS]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_121-XMS]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_121-XMS]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_121-XMS]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_121-XMS]
    at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121-XMS]

Link to comment

25 answers to this question

Recommended Posts

  • 0

It looks like that was wrong. VPP apps are still synching and deployed without any issues.
But the automated DEP enrollment does not work and the test connections in XMS also fail. In the logs I can still see the error stated above:

"Unable to fetch DEP devices: Unexpected HTTP status: 500"

 

The recreation of the DEP token didn't solve it, I will raise a ticket with Citrix.

Link to comment
  • 0

I am having the same issue with our DEP connection. It was working fine and then broke and can not resolve the issue. Support hasnt helped much other than tell me they see the same error.  "Unable to fetch DEP devices: Unexpected HTTP status: 500"

 

Is your NetScaler date and time in sync with XenMobile? I've been wondering if this could cause it or if Apple is blocking host names. 

Link to comment
  • 0

I've just noticed the same issue today at four different clients of mine.

All had last connection to Apple DEP at date 9-12-2019 around 6 pm, what about yours last connection date?
What server and patch version are you running?

 

This seems to be a general problem with XenMobile on-prem.

 

2019-12-12T11:52:42.285+0100 | | ERROR | pool-15-thread-1 | com.sparus.nps.cron.tasks.AppleDepTask | [accountId=1 (FMI DEP)] | Unable to fetch DEP devices: Unexpected HTTP status: 500 com.sparus.nps.EWException: Unexpected HTTP status: 500

 

/Michael

Link to comment
  • 0

Last connection date between MDM servers and ABM
(three different mdm servers in one ABM web console):
9-12-2019, 6:09 PM
9-12-2019, 6:11 PM

9-12-2019, 6:09 PM

 

Environment:

XenMobile 10.11 Rolling Patch 1, on premise.

 

Update:
I opened a Citrix Call and sent Server logs and screen shots to the Support team.

Edited by sgriese304
Update with new information
Link to comment
  • 0

Last connection date between MDM servers and ABM
(two different mdm servers in one ABM web console):
9-12-2019, 6:07 PM
9-12-2019, 6:08 PM

Environment:

XenMobile 10.11 on-prem

 

(Also 4 mdm servers in same ABM as above, but they are Cloud CEM instances, and they work perfectly)

 


When I created a support case on 10th Dec. 2019 Citrix answered the following:
We got reports from a few customers about similar issue, at the moment, we running troubleshooting steps on our side to determine if the cause is the same. Seems like the issue is with an Apple certificate and your logs show the same :

Cause='javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target',

We will update once the tests are complete on our side,


 

Link to comment
  • 0
2 hours ago, Jesper Sonne said:

When I created a support case on 10th Dec. 2019 Citrix answered the following:

We got reports from a few customers about similar issue, at the moment, we running troubleshooting steps on our side to determine if the cause is the same. Seems like the issue is with an Apple certificate and your logs show the same :

Cause='javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target',

 

EDIT:

I thought the SSL Handshake error was gone, but it still remains with the http 500 error.

Edited by sgriese304
Correction
Link to comment
  • 0

Hi,

 

 i thought i was the only one with this problem because we had several changes with out xenmobile environment,

Changed to new ips in a new dmz and we hide the ips of the clusters behind a new ip. so that only the new ip will connect with the dep servers. (NAT)

 

but if you guys are having the same problem i dont think this is the problem. DEP has already conected with the natted IP. Bad timing :D

 

im XMS on 10.11.0.10 on premise. 

last connection was  at 12/9/2019, 6:08 PM

adding a new DEP causes this error: Unexpected error at com.citrix.ios.bulkenrollment.handlers.impl.DepAccountHandlerImpl.createOrUpdate from createOrUpdate: could not execute statement

 

Regards 

Björn

Link to comment
  • 0

Hello,

 

the same here!

In our environment we had problems with some certificates that didn`t hold up to the new requirements in iOS 13. I think everyone checked this: https://support.apple.com/en-us/HT210176

 

But even with the updated certificates we get those problems (see screenshot adding a DEP Account). The only reason I could think of is a problem within the XMS. 

image001.png

Link to comment
  • 0

DEP connection failed even with new token.

 

Based on business.apple.com, my last connection is 10th Dec 2019

 

Logged a ticket and here is the response:

 

We have an ongoing issue with DEP and Engineering is currently working on it actively.

I'll check with them for an ETA and provide you, currently we don't have an ETA.
 

Link to comment
  • 0
6 hours ago, Karl Schuumller said:

 

Thank you for this information! I think a patch won`t be available soon as there is a “workaround”. Let`s proxy everyone!:91_thumbsup:

The bad guy is defiantly Apple because they changed the way https connections are handled and they NEVER inform MDM vendors about such changes.

Link to comment
  • 0
On 5/10/2019 at 3:32 PM, Peter Radler said:

Hello There,

 

We are using Apple DEP.  Since 8th May the connection to the DEP Account is not working anymore. Nothing was changed in the system. The time and date on XMS ist correct, XMS Server was rebootet, Apple DEP token was recreated and installed, but with the same result.

XenMobile Server is onprem and on Version 10.10 .

Have someone the same problem?

Have raised a Citrix Support ticket, but wanted to ask in the forum too.

 

In the Debug Log i have following found:

2019-05-10T11:58:53.467+0200 |   | ERROR | pool-14-thread-1 | com.sparus.nps.cron.tasks.AppleDepTask | [accountId=2 (XXXXXX)] | Unable to fetch DEP devices: Unexpected HTTP status: 500
com.sparus.nps.EWException: Unexpected HTTP status: 500
    at com.citrix.ios.bulkenrollment.OAuth.getSessionAuthToken(OAuth.java:253) ~[nps.jar:?]
    at com.citrix.ios.bulkenrollment.impl.AppleDepServicesImpl.getSessionAuthToken(AppleDepServicesImpl.java:193) ~[nps.jar:?]
    at com.citrix.ios.bulkenrollment.impl.AppleDepServicesImpl.fetchOrSyncDevices(AppleDepServicesImpl.java:414) ~[nps.jar:?]
    at com.citrix.ios.bulkenrollment.impl.AppleDepServicesImpl.fetchDevices(AppleDepServicesImpl.java:742) ~[nps.jar:?]
    at com.sparus.nps.cron.tasks.AppleDepTask.execTask4BEEnabled(AppleDepTask.java:182) [nps.jar:?]
    at com.sparus.nps.cron.tasks.AppleDepTask.run(AppleDepTask.java:111) [nps.jar:?]
    at com.sparus.nps.cron.Cron$Job.run(Cron.java:226) [nps.jar:?]
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_121-XMS]
    at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_121-XMS]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_121-XMS]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_121-XMS]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_121-XMS]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_121-XMS]
    at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121-XMS]

 

Fix:

The 10.10 Rolling patch 5 has the fix

 

Here is the link :

https://support.citrix.com/article/CTX268947

 

Root cause and detailed information about the issue:

https://support.citrix.com/article/CTX267079

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...