I am frequently asked for some additional specifics regarding how to configure the Enable Authentication Check functionality in Symantec Mobile Management Solution. So, here is a screenshot (domain names changed) showing a valid configuration. In the example below I have allowed members of two groups to enroll mobile iOS devices - 'Can Enroll 1' & 'Can Enroll 2'
A couple of important notes:
1) Under 'AD/LDAP Server', do NOT use a fully qualified domain name (fqdn)
2) Whenever changes are made to this configuration, it is important that you restart the 'Symantec Mobile Management Service Agent' if you want the changes to be put in place immediately. If you do not restart this service, the changes should be applied to your Mobile Management server within 30 minutes (or thereabouts).
3) Ensure you are using MMS 7.1 MR1 or later as there was a bug in the original release version which cause AD authentication to fail in certain use-case scenarios.
Make sure that the Extension is written down in the dedicated field only. If the extension is part of the value for the Domain field or the Extension field is even blank, you will get an Authentication Errors on the mobile device.
Hi Mark,
I'm using MMS 7.1 MR1 and my screen looks very different from yours.
Any ideas? Is it worth trying to reconfigure the solution?
-EDIT-
I should note that my setup seems to get to LDAP ok, but it doesn't recognise the group users as authorised.