Unable to use right-click options to lock iOS devices or do other APNS/MDM commands

Article:TECH176365  |  Created: 2011-12-06  |  Updated: 2012-02-29  |  Article URL http://www.symantec.com/docs/TECH176365
Article Type
Technical Solution


When trying to use an iOS right-click option to lock a device, update policies, or even do a wipe command, the following popup window with an error message is seen:


This message has been seen under multiple situations and either of these errors might be seen:

Error sending lock request - see server log for details.

The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketsException: An existing connection was focibly closed by the remote host at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)

"2012-02-09 16:46:42","Error sending lock device request.  Url to command webservice on mobile management server: [https://MMS_FQDN/demandcommandws/demandcommandws.asmx].
( Exception Details: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.


 Symantec Mobile Management 7.1



The Symantec Management Platform server is attempting to connect to the Mobile Management Site Server using the following URL: https://mmsserver.domain.com:443/demandcommandws/demandcommandws.asmx

However, the MMS server is configured to use a different SSL certificate than mmsserver.domain.com, and this causes a security error.


Ideally, the mmsserver.domain.com name should be reachable internally and externally.  However, certain environments have a different externally facing name for the MMS server, which is internet facing only.

As of Symantec Mobile Management 7.1 SP1, there is a new override setting for NS to MMS communication, that can be used to change how the NS tries to reach the MMS server.

  1. Go to Home > Mobile Management
  2. Select Mobile Management Server settings
  3. In the lower pane, select the server name and choose the pencil icon to edit it.
  4. In the NS to MMS communication field, alter the settings as needed.  It could be as simple as selecting the "Ignore SSL Certificate Warnings" option, or configuring the override server connection info to put in a server name that can be reached internally.

Article URL http://www.symantec.com/docs/TECH176365

Terms of use for this information are found in Legal Notices