Unable to enrol iOS devices and it fails during MAM enrolment.
Article ID: CTX316526
Updated On:
Description
Error Seen on Secure Hub application : “Access to your company network is unavailable"
In the Secure Hub logs you will see the following errors:
" 2021-05-03T11:22:22.570+0200 ",<MDM>,ERROR (2),+[X1NetworkRequest sendRequestWithAuthLoop:withRequestParams:completionBlock:failure:andSessionManager:]_block_invoke,"Auth Error with code Error Domain=com.citrix.Receiver.AuthManager Code=11 "CAMAuthManErrorCodeHttpError" UserInfo={NSUnderlyingError=0x281d07c90 {Error Domain=NSURLErrorDomain Code=-1001 "The request timed out."
" 2021-05-03T11:22:22.587+0200 ",RECEIVER_UI,ERROR (2),-[UICoordinator showErrorMessage:options:delegate:dismissed:],"Root cause for the error is : The request timed out.",Active,com.apple.main-thread,103,Secure Hub,/Users/jenkins/jenkins/workspace/iOS_SecureHub/AppStore/Me@Work/Coordinator/UICoordinator.m,700
" 2021-05-03T11:22:22.698+0200 ",<Me@WorkCommon>,WARNING (3),-[MdmClientCert wipeConfiguration:],"wipeConfiguration called because MDM subsystem requested wipe",-,com.apple.root.default-qos,a513,Secure Hub,/Users/jenkins/jenkins/workspace/iOS_SecureHub/AppStore/ctxLibs/me@WorkCommon/me@WorkCommon/MdmClientCert.m,240
Also from the ADC trace you will notice that iOS devices are trying to communicate over HTTP2 protocol instead of HTTP.
Resolution
Or create another httpProfile for the XM NSG and disable http2 in the profile.
Problem Cause
From the ADC Collector file, we see that ADC admin has enabled HTTP2 in the default httpProfile on the NSG Vserer.set ns httpProfile nshttp_default_profile -dropInvalReqs ENABLED -http2 ENABLED
set ns httpProfile nshttp_default_strict_validation -http2 ENABLED
It seems like we may have a compatibility issue with iOS alone when ADC uses http2.
