Video Screencast Help

Error enrolling IOS device

Created: 09 Nov 2011 | 15 comments

I am setting Symantec Mobile Device Management and am trying to enroll my first iOS device and I get the following error when I attempt to enroll the device. I can see that the device has been found by the server (Looking in Mobile Management inventory I see basic info about my iPad)

 Any assistance would be helpful

URL: http://<MyMDMServer>/MobileEnrollment/MobileConfig...

Server Error in '/MobileEnrollment' Application.

Unexpected end of file.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

 Exception Details: System.Xml.XmlException: Unexpected end of file.

 Source Error:

 An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

 Stack Trace:

[XmlException: Unexpected end of file.]

   System.Xml.EncodingStreamWrapper.ReadBOMEncoding(Boolean notOutOfBand) +2065002

   System.Xml.EncodingStreamWrapper..ctor(Stream stream, Encoding encoding) +171

   System.Xml.XmlUTF8TextReader.SetInput(Stream stream, Encoding encoding, XmlDictionaryReaderQuotas quotas, OnXmlDictionaryReaderClose onClose) +104

   System.Runtime.Serialization.XmlObjectSerializer.ReadObject(Stream stream) +105

   MobileConfig._Default.Page_Load(Object sender, EventArgs e) +1166

   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25

   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42

   System.Web.UI.Control.OnLoad(EventArgs e) +132

   System.Web.UI.Control.LoadRecursive() +66

   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428

Microsoft .net framework version 2.0.50727.4961 ; ASP.Net version 2.0.50727.4955 

Comments 15 CommentsJump to latest comment

mclemson's picture

If you installed SP1 on your 2008 R2 server, you will need to follow this KB to provide a fix:

If that doesn't apply, another common error is that the certificate you received from Apple does not start with, e.g.  What's the Certificate Subject on the iOS MDM Enrollment page?

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner

Rubensann's picture

Hi Mike,

The Certificate Subject is:

Recently upgrade to IOS 5 and now the error is "Safari was unable to install Profile"

GregWick's picture

I am seeing this as well.  Just on ios 5 devices.  Enrolls ok but when trying to go to mobileenrollment/mobileconfig.aspx I get the same error.

Trigger's picture

Was speaking to one of the guys yesterday and they mentioned that you need MR1 for iOS5. Was released 2 days ago

Rubensann's picture

I just check, I have Mobile Management 7.1 MR1 already installed


fabian.szalatnay's picture

mclemson, am I getting this right that the AppleID must always begin with

So I shouldn't use "" for example?

I'm talking about the Provisioning Portal from Apple, "Bundle Identifier (App ID Suffix)".

mclemson's picture


Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner

donparfet's picture

the server does not have sp1 installed, but I tried that fix anyway with no change to the error I receive when attempting to enroll a device.

to answer your second question,  the Certificate Subject on the iOS MDM Enrollment page is

Lori2's picture

Not only must the form be correct as in  


but it must exactly match (case sensitive) the certificate itself.  The case sensitivity has tripped up some.  Open the certificate to double check or copy and paste directly from your certificate details page. 

mclemson's picture

Who has the issue here?  Am I already helping you in another thread, Rubensann?  I'm a bit confused.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner

mclemson's picture

I'd recommend to the OP that you reinstall the MMS SS components.  Remove it as an MMS SS, run the uninstall policy, confirm the services are removed from the MMS SS, then add it as an MMS SS, and run the uninstall policy.  Ensure that Message Queueing Service, IIS 7 w/ IIS 6 compatibility, ASP.NET, and .NET 3.5.1 are installed as roles/features before reinstalling.

The MobileConfig.aspx error is caused by having .NET missing when you installed the MMS SS components.

Does this resolve your issue?

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner

mclemson's picture

To reuse a SS you'll need to run a few steps.  Be sure to send a basic inventory from the former MMS SS, then delete the MMS SS's GUID from the the tables, like so:

SELECT * FROM MobileManagementServer_IISInfo

SELECT * FROM MobileManagementServer_TunnelServer

SELECT * FROM MobileManagementServer_Information

DELETE FROM MobileManagementServer_TunnelServer WHERE MachineGuid='A0AD587A-5B7C-4496-9E8E-15D84C44F5A1'

DELETE FROM MobileManagementServer_Information WHERE MachineGuid='A0AD587A-5B7C-4496-9E8E-15D84C44F5A1'

DELETE FROM MobileManagementServer_IISInfo WHERE MachineGuid='A0AD587A-5B7C-4496-9E8E-15D84C44F5A1'

Inserting your MachineGuid where applicable.

Then modify the policy's schedule so that it can be run from the client.  I just do a 00:00 scheduled time for yesterday, plus "User can run," plus a scheduled window.  Otherwise 'Run Once ASAP' will prevent you from re-running the Install policy on the SS.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner

nessaja's picture


I removed the MMS from the Server list, edited the uninstall poliy to remove the MMS-Install.
Rebotted the Server and checked the folder %programm files%\symantec and the Services. All of them was removed.

After that, I added the Server to the MMS-Site-Server List and edited the install policy. The installation runs sucessfully. Did i have to do the steps bevor? SELECT*.......?

But after reinstall I get the "MDM Enrollment" error. All certificates are correctly (SSL, CA, APNS).
I also upload this three certificates to the iPads with the cert payload.
The enrollment stopped while the profile will be added, at the end of the sign in process (Settings-->Generell-->Profile).
I don't know what I can do?!?!

nessaja's picture

I postedt already in another thread, my issue is fiexed (for now) the enrollment works fine.
After reinstall I forgot to apply this howto