Symptom
When using Relay Server, iOS and Windows Phone 8 devices do not enroll using either Windows Authentication on the IIS enrollment server virtual directory or using Afaria Managed authentication. The initial set of credentials is accepted. Any substitution variables are prompted for and then the enrollment comes back with a message that authentication has failed. Then it reports invalid credentials and prompts for the initial set of credentials again. The IIS log shows a repeated 401 error.
A non-working device log will contain the following incorrect authentication method. NSURLAuthenticationMethodNTLM appears mid way in the snippet of logs below:
Jun 21 12:05:51 Supports-iPad Afaria[290] <Warning>: [AfariaAppDelegate canAuthenticateAgainstProtectionSpace] NSURLAuthenticationMethodServerTrust
Jun 21 12:05:51 Supports-iPad Afaria[290] <Warning>: [EnrollmentCodeSeedDataDownloader connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0
Jun 21 12:05:51 Supports-iPad Afaria[290] <Warning>: [AfariaAppDelegate connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0
Jun 21 12:05:51 Supports-iPad Afaria[290] <Warning>: _serverTrustResolvedWithSuccess, success = 1
Jun 21 12:05:51 Supports-iPad Afaria[290] <Warning>: resolve NSURLAuthenticationMethodServerTrust -> <NSURLCredential: 0x5b3a00>: (null)
Jun 21 12:05:51 Supports-iPad Afaria[290] <Warning>: Cert for host goo.gl trusted
Jun 21 12:05:52 Supports-iPad Afaria[290] <Warning>: [AfariaAppDelegate canAuthenticateAgainstProtectionSpace] NSURLAuthenticationMethodNTLM
Jun 21 12:05:52 Supports-iPad Afaria[290] <Warning>: [EnrollmentCodeSeedDataDownloader connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodNTLM 0
Jun 21 12:05:52 Supports-iPad Afaria[290] <Warning>: [AfariaAppDelegate netUser:0x80 busy:0]
Jun 21 12:05:52 Supports-iPad Afaria[290] <Warning>: [EnrollmentCodeSeedDataDownloader connection:didFailWithError: Error Domain=NSURLErrorDomain Code=-1012 "The operation couldnt be completed. (NSURLErrorDomain error -1012.)" UserInfo=0x23b340 {NSErrorFailingURLKey=https://goo.gl/hFQPr, NSErrorFailingURLStringKey=https://goo.gl/hFQPr}]
Jun 21 12:05:52 Supports-iPad Afaria[290] <Warning>: [AipsController enrollmentCodeSeedDidLoadWith:]
Jun 21 12:05:52 Supports-iPad Afaria[290] <Warning>: AipsController enrollmentCodeSeedDataDidLoadWith: nil and http:(null)
Jun 21 12:05:52 Supports-iPad Afaria[290] <Warning>: enrollmentFinishedWithFailure, errorType: 2
A working device log will show a correct authentication method. NSURLAuthenticationMethodServerTrust is present throughout the log snippet:
Jun 21 11:49:56 Supports-iPad Afaria[172] <Warning>: [AfariaAppDelegate canAuthenticateAgainstProtectionSpace] NSURLAuthenticationMethodServerTrust
Jun 21 11:49:56 Supports-iPad Afaria[172] <Warning>: [EnrollmentCodeSeedDataDownloader connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0
Jun 21 11:49:56 Supports-iPad Afaria[172] <Warning>: [AfariaAppDelegate connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0
Jun 21 11:49:56 Supports-iPad Afaria[172] <Warning>: _serverTrustResolvedWithSuccess, success = 1
Jun 21 11:49:56 Supports-iPad Afaria[172] <Warning>: resolve NSURLAuthenticationMethodServerTrust -> <NSURLCredential: 0x5b3690>: (null)
Jun 21 11:49:56 Supports-iPad Afaria[172] <Warning>: Cert for host goo.gl trusted
Jun 21 11:49:56 Supports-iPad Afaria[172] <Warning>: [AfariaAppDelegate canAuthenticateAgainstProtectionSpace] NSURLAuthenticationMethodServerTrust
Jun 21 11:49:56 Supports-iPad Afaria[172] <Warning>: [EnrollmentCodeSeedDataDownloader connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0
Jun 21 11:49:56 Supports-iPad Afaria[172] <Warning>: [AfariaAppDelegate connection:didReceiveAuthenticationChallenge] NSURLAuthenticationMethodServerTrust 0
Jun 21 11:49:57 Supports-iPad Afaria[172] <Warning>: _serverTrustResolvedWithSuccess, success = 1
Read more...
Environment
- SAP Afaria 7 Service Pack 3
- Relay Server
- iOS device
- Win Phone 8
Product
Keywords
NTLM, http, 401.0, windows auth, authentication, relay server, , KBA , MOB-AFA , Afaria , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.