Authentication stops working after upgrading to Symantec Mobile Management 7.2 SP1

Article:TECH197019  |  Created: 2012-09-20  |  Updated: 2013-09-09  |  Article URL http://www.symantec.com/docs/TECH197019
Article Type
Technical Solution


Issue



After upgrading Symantec Mobile Management to 7.2 SP1, enrollment authentication fails to work.


Environment



Symantec Mobile Management 7.2 SP1


Cause



Prior to Mobile Management 7.2 SP1, authentication checks only occurred on the Mobile Management site server, and was limited to a single domain. As of 7.2 SP1, the authentication check can occur on the local Mobile Management site server, a different site server, or on the Symantec Management Platform server, and includes support for multiple domains.

The default setting for the Mobile Management Server assumes the services are installed to the Symantec Management Platform server. These might require changing based on the destination of the Mobile Management Server installation.


Solution



Make sure the Mobile Management site server has been upgraded to the latest release.

  1. Go to Home > Mobile Management, Settings > Mobile Management Servers.
  2. Servers running the old services will show "Yes" for the Upgrade Available field. Select the desired server and choose the action menu or right-click option to Upgrade it.
  3. Note that the upgrade can take some time, depending on your environment. Do not proceed to the next step before the upgrade is complete, as the configuration options will not be in place.
  4. Edit the web.config file that controls where Mobile Management looks for the authentication credentials. On the Mobile Management Server, go to "C:\Program Files (x86)\Symantec\Mobile Management\Enrollment\web.config" and open the file with an XML-friendly editor, such as Notepad. The file contains the programmatic XML and also instructions to guide you. Back up this file before you make any changes.
  5. In the file, find the entry that begins with: "<authservice url=" and configure the url field using the following examples:
    • For authentication to happen locally, via the Mobile Management site services:
      <authservice url="/MobileEnrollment/VerifyUserCredentials.aspx" requiretrustedcert="false" ldapencryption="false" />
    • For authentication to happen on the Management Platform server:
      <authservice url="http://[server]/Altiris/MobileManagement/SSI/VerifyUserCredentials.aspx" requiretrustedcert="false" ldapencryption="false" />
    • For authentication to happen on a different Mobile Management Server, such as one not blocked by a firewall:
      <authservice url="http://[server]/MobileEnrollment/VerifyUserCredentials.aspx" requiretrustedcert="false" ldapencryption="false" />

    In each situation, [server] should be a resolvable address to the Symantec Management Platform or a Mobile Management Server, which could be the netbios name, fqdn, or even localhost. For the local authentication, the example URL is relative to the server making the request. This can be changed to an absolute URL to the same server, using localhost or the fqdn of the server, with http or https, as needed.

Additional information on the requiretrustedcert and ldapencryption options are found in the web.config file on the Mobile Management Server.


Supplemental Materials

SourceETrack
Value2886023


Article URL http://www.symantec.com/docs/TECH197019


Terms of use for this information are found in Legal Notices