weixin_39622655
weixin_39622655
2020-12-09 12:59

Enrollment failed

Observed Results

The enviroment is

  • Ubuntu 16.04 Server
  • Apache
  • MySQL
  • PHP
  • GLPI
  • Mosquitto
  • Mosquitto auth plugin
  • Lets encrypt CA certificate
  • using only TLSv1.2
  • Android 6 (cell phone) HTC One M8
  • Flyve Mobile Device Management 2.0.0-dev
  • FusionInventory 9.2+2.0-RC1

image Android MDM Agent version update27 Nov 2017 from Google Play Store image

I have enable the "Enable explicit enrolment failures" option image

On the other hand: 1. I can successfully send an inventory to my instance using fusion inventory agent. 2. I am able to make a curl -X GET using the new users API user_token

Steps to reproduce the problem; I create an invitation on flyvemdm and open mdm Android agent and I receive in the app an "Internal error, please try again" message image

Using adb logcat on org.flyve.mdm.agent i get the following log messages: android.log

#### Expected behavior

I jut cant get to enroll the device using Android MDM agent

该提问来源于开源项目:flyve-mdm/android-mdm-agent

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

10条回答

  • weixin_39622655 weixin_39622655 4月前

    Hello I tried the new version and these are the results:

    Failded to enroll device: The app inform: "Internal Error, please try again"

    The logs are the following:

    android.log

    点赞 评论 复制链接分享
  • weixin_39622655 weixin_39622655 4月前

    I performed a GLPI reinstall and update with the following environment: - Flyve Mobile Device Management | 2.0.0-dev - FusionInventory | 9.2+1.0 - Updated composer to version 1.6.4 on Ubuntu 16.04

    And the Android enrollement succeded.

    I tested also some fleet policies: (NG) = Not good - File deployment - OK - Disable Airplane mode - NG - Wifi hotspot and tethering - NG (it disables completely wifi) - Disable screen capture - NG - Disable SMS - NG

    点赞 评论 复制链接分享
  • weixin_39805255 weixin_39805255 4月前

    Hi,

    Are you installing the mdm agent as system app?

    Some system apps are more system than others.

    "signatureOrSystem" permissions are no longer available to all apps residing en the /system partition. Instead, there is a new /system/priv-app directory, and only apps whose APKs are in that directory are allowed to use signatureOrSystem permissions without sharing the platform cert. This will reduce the surface area for possible exploits of system- bundled applications to try to gain access to permission-guarded operations.

    The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is says in the documentation: it indicates that the application apk was bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED has been introduced that reflects the actual right to access these permissions.

    Reference: https://stackoverflow.com/a/20104400

    点赞 评论 复制链接分享
  • weixin_39805255 weixin_39805255 4月前

    btw, I edited your comments
    I replaced the log messages with a file attached. Try to do the same for the next reports.

    点赞 评论 复制链接分享
  • weixin_39622655 weixin_39622655 4月前

    The process I am using to install the mdm agent app it's using google store (as a beta tester). Do you recommend another process?

    I also review the security settings and the mdm agent appears as a device manager.

    点赞 评论 复制链接分享
  • weixin_39520210 weixin_39520210 4月前

    Hello thanks for the review!

    We have 2 types of policies:

    • System policies (you need to be root or install or /system/app||priv-app)
    • Admin policies (you can run directly from Google Play)

    This is the list:

    Admin policies

    • Password enabled
    • Password quality
    • Password minimum length
    • Password minimum lower case
    • Password minimum upper case
    • Password minimum non letter
    • Password minimum letters
    • Password minimum numeric
    • Password minimum symbols
    • Maximum failed passwords for wipe
    • Maximum time to lock
    • Storage encryption
    • Disable camera
    • Deploy app
    • Remove app
    • Deploy file
    • Remove file
    • Disable screen capture
    • Use TLS
    • Disable statusbar
    • Disable speakerphone
    • Disable bluetooth
    • Disable wifi
    • Disable mobile line

    System policies

    • Disable NFC (system)
    • Disable Usb Mtp (system)
    • Disable Usb Ptp (system)
    • Disable Usb Adb (system)
    • Disable create VPN Profiles
    • Disable airplane mode (system)
    • Disable GPS (system)
    • Disable Hostpot/Tethering (system)
    • Disable roaming (system)
    • To disable the airplane mode you need to be root or install on system you can find more information about how to install on system here: http://flyve.org/android-mdm-agent/howtos/installation

    • Disable screen capture - requiere API level 21 but I'll double check this policy to be sure is working fine

    • Disable SMS - This policy is not fully implemented at this moment we think this policy will be available on the next release

    点赞 评论 复制链接分享
  • weixin_39622655 weixin_39622655 4月前

    great thanks for the reference, I think we can close this issue

    点赞 评论 复制链接分享
  • weixin_39520210 weixin_39520210 4月前

    Hello thanks for the review, please check if the new version of the agent still has this problem:

    https://play.google.com/apps/testing/org.flyve.mdm.agent

    Thanks!

    点赞 评论 复制链接分享
  • weixin_39622655 weixin_39622655 4月前

    I received the same internal error message.

    Here are some logs of the application using ADB android.log

    点赞 评论 复制链接分享
  • weixin_39520210 weixin_39520210 4月前

    Thanks for the complete report, today I make a new version with an improvement about your issue but I cannot reproduce exactly on my environment, please review again:

    https://play.google.com/apps/testing/org.flyve.mdm.agent

    点赞 评论 复制链接分享

为你推荐