- Jamf Nation Community
- Products
- Jamf Pro
- APNS errors
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2012 11:08 PM
We have been trying to setup or JSS for Mobile Device Managment, we have used the Push Notification Certificate assistant to generate and import our APN certificate into JSS, the JSS says the push notification has gone through but it just sits on pending. We have allowed the ports OUTBOUND TCP 5223, 2195-2196 from our Apple Server to Internet.
When the device enrolls it comes up in Inventory but does not show up all the inventory details, just the UUID of the device. So i went looking in the logs to see if that would provide me with some idea of what is going on and these are the errors i'm getting:
2012-04-11 09:45:06,909 [ERROR] [APNSQueueManager ] - An exception was raised while attempting to send a push notification to device: 35416879c45980ed8c3207ced4cd3e5782011cf6
2012-04-11 09:45:06,909 [ERROR] [APNSQueueManager ] - Exception (class javax.net.ssl.SSLHandshakeException): Received fatal alert: decrypt_error
2012-04-11 09:45:06,909 [ERROR] [APNSQueueManager ] - An exception was raised while attempting to send a push notifications
2012-04-11 09:45:06,909 [ERROR] [APNSQueueManager ] - Exception (class com.jamfsoftware.pushnotification.APNSConnectionException): Writing to APNS Failed
2012-04-11 09:45:07,200 [ERROR] [APNSQueueManager ] - Sleeping for 1 minute then trying again
2012-04-11 09:45:07,776 [ERROR] [APNSFeedbackConnection ] - IOException getting and entering feedback data: Received fatal alert: decrypt_error
2012-04-11 09:46:09,165 [ERROR] [APNSQueueManager ] - An exception was raised while attempting to send a push notification to device: 35416879c45980ed8c3207ced4cd3e5782011cf6
2012-04-11 09:46:09,165 [ERROR] [APNSQueueManager ] - Exception (class javax.net.ssl.SSLHandshakeException): Received fatal alert: decrypt_error
2012-04-11 09:46:09,165 [ERROR] [APNSQueueManager ] - An exception was raised while attempting to send a push notifications
2012-04-11 09:46:09,165 [ERROR] [APNSQueueManager ] - Exception (class com.jamfsoftware.pushnotification.APNSConnectionException): Writing to APNS Failed
2012-04-11 09:46:09,459 [ERROR] [APNSQueueManager ] - Sleeping for 1 minute then trying again
2012-04-11 09:46:10,106 [ERROR] [APNSFeedbackConnection ] - IOException getting and entering feedback data: Received fatal alert: decrypt_error
2012-04-11 09:47:10,919 [ERROR] [APNSQueueManager ] - An exception was raised while attempting to send a push notification to device: 35416879c45980ed8c3207ced4cd3e5782011cf6
2012-04-11 09:47:10,919 [ERROR] [APNSQueueManager ] - Exception (class javax.net.ssl.SSLHandshakeException): Received fatal alert: decrypt_error
2012-04-11 09:47:10,919 [ERROR] [APNSQueueManager ] - An exception was raised while attempting to send a push notifications
2012-04-11 09:47:10,919 [ERROR] [APNSQueueManager ] - Exception (class com.jamfsoftware.pushnotification.APNSConnectionException): Writing to APNS Failed
2012-04-11 09:47:11,210 [ERROR] [APNSQueueManager ] - Sleeping for 1 minute then trying again
2012-04-11 09:47:11,965 [ERROR] [APNSFeedbackConnection ] - IOException getting and entering feedback data: Received fatal alert: decrypt_error
Someone with a similar problem also posted:
https://jamfnation.jamfsoftware.com/discussion.html?id=3994
I have followed the steps of replacing the web server certificate in JSS with the certificate from the JSS's built-in CA
He said he then had to upload a .p12 file and then switch back to the built-in certificate to recreate the keystore which i have tried under
Settings -> Global Management Framework Settings -> Push Notification Certificate
in JSS
Still no joy. We would love to be able to use our *.schoolname.com
wild card certificate in our JSS but it looks like we need to get a server.schoolname.com SSL certificate which we have to pay for so don't think we will go that option anymore.
Any idea's or help would be greatly appreciated.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-21-2012 10:35 PM
JAMF confirmed that there's an issue with incorrect certificate information being stored int eh database. With the error listed above, we went through the process of reversing all the certificate settings and using the built-in JSS CA. We then visited the Apple site and revoked the current APNS Certificate, as well as removed that from the JSS settings. The next process gets a little scary:
1) Open Terminal and enter "mysql -u root -p" (minus quotes).
2) And this is a dangerous bit. We now need to update the database itself.
IMPORTANT: Please consider running a SELECT query on this to before the actual UPDATE query to ensure you get the syntax perfect. Backup your dataabse before you even dream of doing this. No reponsibiliy taken.
Enter the following:
UPDATE jamfsoftware.mobile_device_management_framework_preferences SET push_notification_certificate_keystore = NULL, push_notification_certificate_keystore_password_encrypted = "", push_cert_generation_keystore = NULL, push_cert_generation_keystore_password_encrypted = "";
NOTE: this is all one command, from Update to the semi colon. There is a space after every comma.
3) If this command goes through, it will clean out the old APN information. Now type: exit to close the session.
4) Now we need to restart the Tomcat service. In Terminal, please type:
"sudo launchctl unload /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist" (without quotes)
... Then type:
"sudo launchctl load /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist"
... after the server has restarted, you should be back to pretty much vanilla settings.
5) You now need to generate a brand new APN through the JAMF Nation method. Please log into your Identity Portal with Apple and Revoke the current APN (if you didn't in the step above). Then follow the steps in the JSS by going to "Settings" > "Global Management Framework" > "Settings", and going to the APN tab to generate the new APN.
That will get things working again. As for adding the certificate to Apache/Tomcat and getting everything to work with that... I've had no luck so have used the above to reset back to the default (working) state.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-21-2012 10:35 PM
JAMF confirmed that there's an issue with incorrect certificate information being stored int eh database. With the error listed above, we went through the process of reversing all the certificate settings and using the built-in JSS CA. We then visited the Apple site and revoked the current APNS Certificate, as well as removed that from the JSS settings. The next process gets a little scary:
1) Open Terminal and enter "mysql -u root -p" (minus quotes).
2) And this is a dangerous bit. We now need to update the database itself.
IMPORTANT: Please consider running a SELECT query on this to before the actual UPDATE query to ensure you get the syntax perfect. Backup your dataabse before you even dream of doing this. No reponsibiliy taken.
Enter the following:
UPDATE jamfsoftware.mobile_device_management_framework_preferences SET push_notification_certificate_keystore = NULL, push_notification_certificate_keystore_password_encrypted = "", push_cert_generation_keystore = NULL, push_cert_generation_keystore_password_encrypted = "";
NOTE: this is all one command, from Update to the semi colon. There is a space after every comma.
3) If this command goes through, it will clean out the old APN information. Now type: exit to close the session.
4) Now we need to restart the Tomcat service. In Terminal, please type:
"sudo launchctl unload /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist" (without quotes)
... Then type:
"sudo launchctl load /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist"
... after the server has restarted, you should be back to pretty much vanilla settings.
5) You now need to generate a brand new APN through the JAMF Nation method. Please log into your Identity Portal with Apple and Revoke the current APN (if you didn't in the step above). Then follow the steps in the JSS by going to "Settings" > "Global Management Framework" > "Settings", and going to the APN tab to generate the new APN.
That will get things working again. As for adding the certificate to Apache/Tomcat and getting everything to work with that... I've had no luck so have used the above to reset back to the default (working) state.
