Endpoint Security Complete

The client wants iPad/iPhone users to be able to access company email only when the MDM agent is installed so the plan is to create a generic EAS payload. So, when entering the EAS host.

I get an erroneous email address

If I add the optional Domain name eg xyz then the email address is presented as xyz\username@webmail.xyz.com.au

Has anyone else come across this and is there a fix?

TIA 

Mark

Let's say your e-mail address is bob.smith@company.com.  Bob's AD username is rsmith.  Bob's ActiveSync URL is mail.company.com.  Finally, Bob's domain is ad.company.com.

Bob needs to enroll his iOS device using bob.smith@company.com as his username.  This will ensure the correct e-mail address is used with the EAS profile.

Mike

Many thanks for this. I shall give it whirl as soon as I can.

Mark

Mike: I have tried this in one of my lab environments and it doesn't work. I enrolled successfully with an email address, created an EAS payload with no domain name, as it's optional, and other fields blank as I want a generic profile.

The email address is coming across as \@{servername FQDN}. No idea what is coming across as username as it's greyed out.

Information is not parsing correctly.

Mark

Do you have the SP1 for MMS loaded up? From memory the generic EAS profile didn't work in our environment until we loaded the SP1.

I remember when the profile first comes down to the device it looks wrong domain\username@mobileservername.com but it must interrogate the exchange server after that as the e-mail address will change to the correct one and then mail comes down.

P.S. If it's working correctly, you should see the username listed in the mail profile even ifit's greyed out. You're not trying to drop the EAS as an initial payload by any chance?

@Ashuter

Yes, SP1 is installed. Curiously, this is now working and it does as you describe; the profile looks wrong until authenticated then it's all good.

Incidentally, this was with the domain name field populated and enrolling with username not username@domain. I haven't tried an empty domain field and enrolling with username@domain

@Ashuter 

I get the part where it fixes itself after some time and the email starts working. Why is this though and its not ideal since helpdesk will be talking people through this setup over the phone, if its fails at the start it looks flimsy, if it works thereafter of not.

Also why does it not work if push it as an initial exchange payload?

@reactionz - It won't work as an initial payload as the EAS profile wants to use your enrollment userID as the exchange username. As the device isn't enrolled by that time, it can't.

As for the "fixing itself", that honestly should be seemless the first time you click mail after entering your exchange password. I haven't had any dramas with that perseonally. Is it not working for you?

@Mark - Is your issue resolved now? I noticed earlier it said you wanted to use the e-mail address as enrollment as opposed to the short name.

Is this resolved now that you've enrolled according to my post, with the username as the e-mail address?

This issue is now resolved in Symantec Mobile Management 7.2

Hey guys, if I remove the EAS payload from the initial enrollement and push it out later it all works fine.

Just upgraded to 7.2 and still experiencing the same issue if I add it back to be part of the initial payload.

On that note - I also push out a Wi-Fi payload. This seems to not install the cert that the Wi-Fi requires. If you add the connection manually it works fine, but with MDM its not authenticating at all. Anyone experienced this before?

@mclemson using the email address as the username comes up with a login failure.

Adding additional certs or profiles as part of enrollment is only to enable the agent to enroll.  It is not intended for email, EAS, Wi-Fi, or other profiles.

If you require LDAP authentication, this should still be valid since bob@company.com should be a valid AD credential.

If you are refering to the Wi-Fi problem I'm having then its not the case, the Wi-Fi payload gets pushed out after the initial instal.

Hi All,

I have the same problem about creating a generic EAS payload. I tired to download the latest veresion of SIM to get SMM 7.2. However, it didn't appear on the download list and just found SMM 7.1 SP2. Anyone know how to get it?

Thanks.

To upgrade any of Altiris solutions you need to use SIM and check for the updates, or check the install new product.

I suggest you to wait a couple of days for SMM 7.2 MR1 as it supports Google GCM