Mobile Devices fail to enroll with "Unable to connect with server"

  • 7022923
  • 04-May-2018
  • 17-Oct-2019

Environment

ZENworks Configuration Management 2017 Update 2

Situation

Devices fail to enroll with "Unable to connect with server".  

ERROR (from services-messages.log):

[ZENService] [190] [] [ZENSCEPServlet] [] [Exception occurred while retrieving the certificate for mobile UID: 78676bd8555d9be9447b43b993fdcea43ed62e6e : com.novell.zenworks.datamodel.exceptions.ObjectNotFoundException


Resolution

This is fixed in version 2020 - see KB 7024113 "ZENworks Configuration Management 2020 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7024113


For prior releases:

Run the following script on the primary server running as the CA server to resolve the issue:

novell-zenworks-configure -c DeviceIdentityCertConfigureAction

Once the script is run on the appropriate primary server, the device will be able to enroll without error.

Cause

When upgrading ZCM, the primary server that is running the Certificate Authority - CertAuth role was not upgraded first, resulting in the DeviceCertAuth role not being properly assigned.

Additional Information

Full stack trace from log:

[Exception occurred while retrieving the certificate for mobile UID: 78676bd8555d9be9447b43b993fdcea43ed62e6e : com.novell.zenworks.datamodel.exceptions.ObjectNotFoundException
at com.novell.zenworks.datamodel.services.zoneconfig.ZoneConfigAdminImpl.getZENServerSSLPort(ZoneConfigAdminImpl.java:4186)
at com.novell.zenworks.scep.DeviceCertAuthRoleServerInfo.getSSLPortOfDeviceAuthRoleServer(DeviceCertAuthRoleServerInfo.java:38)
at com.novell.zenworks.scep.ZENSCEPServlet.getCertificateSignedByCA(ZENSCEPServlet.java:268)
at com.novell.zenworks.scep.ZENSCEPServlet.doEnrol(ZENSCEPServlet.java:139)
at org.jscep.server.ScepServlet.service(ScepServlet.java:307)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:616)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at com.googlecode.psiprobe.Tomcat80AgentValve.invoke(Tomcat80AgentValve.java:41)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at com.novell.zenworks.tomcat.ZENRequestValve.synchronousInvoke(ZENRequestValve.java:1740)
at com.novell.zenworks.tomcat.ZENRequestValve.invoke(ZENRequestValve.java:1050)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1104)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1519)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1475)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
] [] [] [] [ZENServer]