Delivering MDM DeviceLock Payload

Asked 2/3, 2012 at 13:50 Answered 7/5, 2019 at 2:46

Solved ios apple-push-notifications mdm payload

We were able to get an response with Status as Idle after send the first payload as mdm:. Now we want to send a simple device lock payload. we followed the exact same process to send the payload but the response returned was blank.

We are following the certificate use as follows: 1. On the MDM server, To send mdm commands we use MDM Vendors APNS certificate with identifier as com.apple.mgmt.myapp.(This identifier is set as topic in configuration profile). 2. In the configuration profile, we are setting the credentials as the p12 file which is returned by the MDM Client.

I am getting the below error..: MC|Failed to parse profile data. Error:

    NSError 0x1c58c2f0:
    Desc   : Invalid Profile
    US Desc: Invalid Profile
    Domain : MCProfileErrorDomain
    Code   : 1000
    Type   : MCFatalError


    <Warning>: MDM|Command Status: Error
    Error: NSError 0x1c58c2f0:
    Desc   : Invalid Profile
    US Desc: Invalid Profile
    Domain : MCProfileErrorDomain
    Code   : 1000
    Type   : MCFatalError

Confession answered 2/3, 2012 at 13:50 Comment(6)

I am sending the devicelock payload the same way how I sent the mdm:PushMagic ... its it correct? – Confession 5/3, 2012 at 7:44

Below is the transaction taking place.. I am sending a device lock command to the device in response, but still the device says no command from server.. :( – Confession 5/3, 2012 at 8:36

Mar 5 03:32:23 iPad-01 mdmd[3637] <Warning>: MDM|mdmd starting... Mar 5 03:32:23 iPad-01 mdmd[3637] <Warning>: MDM|Polling MDM server lion.myserver.net/main.php for commands Mar 5 03:32:23 iPad-01 mdmd[3637] <Warning>: MDM|Network reachability has changed. Mar 5 03:32:26 iPad-01 mdmd[3637] <Warning>: MDM|Transaction completed. Status: 200 Mar 5 03:32:26 iPad-01 mdmd[3637] <Warning>: MDM|Transaction completed. Status: 200 Mar 5 03:32:26 iPad-01 mdmd[3637] <Warning>: MDM|Server has no commands for this device. Mar 5 03:32:28 iPad-01 mdmd[3637] <Warning>: MDM|mdmd stopping... – Confession 5/3, 2012 at 8:36

After sending the DeviceLock Payload, I get the below error: <Warning>: <APSCourier: 0x1cd51970>: Failed to parse JSON message payload for topic 'com.apple.mgmt.mycomp.mdm': Unexpected end of input while parsing string at line number 1, column 116 – Confession 5/3, 2012 at 11:3

Did you manage to solve this? Can you help me on the same issue! – Dictum 9/10, 2012 at 14:17

@Sahil: where are you stuck in the process.. that way I can assist you.. – Confession 17/10, 2012 at 6:18

You do not send the device lock profile using APNS. The device 'phones home' after it receives the MDM payload via APNS and your server sends back XML (NOT JSON!) to the device containing the device lock command.

Nich answered 5/3, 2012 at 23:7 Comment(10)

Thanks a lot! But how do I send back XML to the device using php. I have set a main.php file in server url of the configuration profile. The device responds back for mdm:PushMagic to the main.php file where the status is Idle. Now how should I communicate the device. Meaning how to send the xml directly to the device? PLEASE PLEASE HELP! – Confession 7/3, 2012 at 5:12

Abstractec... Thanks Thanks a lot.. I got the command executed successfully... :) – Confession 7/3, 2012 at 7:47

When the device responds with the 'Idle' message you send back the XML for the command that you want the device to execute. When the device responds to that command, you can send back another command if you want to or send back a zero-length response body with a 200 HTTP status to indicate to the device that there are no more commands for it. – Nich 7/3, 2012 at 10:17

Thanks a lot Abstractec.. What do you think about #9631183 – Confession 9/3, 2012 at 7:59

Abstractec, you were very helpful to me and I am able to query the device.. Now I need to send a command wherin suppose I want to set a restriction payload or an email payload.. Do I need to send this payload same way as I query the device? Also do all the existing payloads must be included within the payload? Please help! – Confession 13/3, 2012 at 7:12

Abstractec, what should be in the <data> tag under <payload> tag when we use 'InstallProfile' RequestType.. Please help – Confession 15/3, 2012 at 7:28

it needs to be the contents of the <dict> containing the PayloadContent of the profile you wish to install which has been Base64 encoded. – Nich 15/3, 2012 at 11:30

Meaning, If I want to apply new restriction then I encode the contents within the restriction dict.. Like contents to be encoded will start from <key>PayloadDescription</key><string>Configures device restriction.</string><key>PayloadDisplayName</key>...... and goes upto <key>safariForceFraudWarning</key><false/> ? – Confession 16/3, 2012 at 9:40

I want to update the configuration profile with new restrictions and suppose email configuration.. I send a InstallProfile Command.. its says Remove the profile 'xxx' before installing this profile.. So do I need to first remove the profile and then install new ... or a way to update the existing configuration profile exist? Please help... – Confession 16/3, 2012 at 11:55

Hi Abstractec, what do you think about stackoverflow.com/questions/9821675/mdm-over-the-air-enrollment Please help – Confession 22/3, 2012 at 11:50

The payload should be Base64 encoded of *.mobileconfig file content, with the top level 'dict' node.

The actual xml sent to device is defined in the iOS MDM protocol reference. The command type is 'InstallProfile'

Tieratierce answered 11/5, 2012 at 20:39 Comment(1)

I tried this but I get the >>>>>> MC: Failed to parse profile data. Error: NSError: Desc : Invalid Profile US Desc: Invalid Profile Domain : MCProfileErrorDomain Code : 1000 Type : MCFatalError <<<<<<<< Any idea whats wrong? – Dictum 9/10, 2012 at 14:16

If the device sends 'Idle' then it means you are correctly waking up the device using your APNS. Next all you would need is to send DeviceLock command to device. Its need not be base64 encoded , just send this plist response and check .

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>CommandUUID</key>
    <string>DeviceLock</string>
    <key>Command</key>
    <dict>
        <key>RequestType</key>
        <string>DeviceLock</string>
        <key>Message</key>
        <string>Locking the device. Contact +91 9999999999</string>
    </dict>
</dict>
</plist>

Submersed answered 7/5, 2019 at 2:46 Comment(0)

Recommended topics

Hot tags