Secure Hub 10.5 : Enrollment fails with error : "Can't enroll device- WorxHome cannot enroll device because it failed to establish a secure connection with server"
Article ID: CTX234909
Updated On:
Description
Using an older Secure Hub version (confirmed on 10.5, 10.6.0), enrollment fails right after enrollment URL (without being able to get to authentication screen) with the following:
Logs will show the following:
05-03 12:12:29.406 10851 10869 D "SecureHub": "DETAIL ( 5)","FirstSeenCertificatePinningManager:validateWithPinnedCertificate called for host:discovery.mdm.zenprise.com"
05-03 12:12:29.407 10851 10869 E "SecureHub": "ERROR ( 2)","FirstSeenCertificatePinningManager:Trying to connect to ADS server but got invalid server certificate"
05-03 12:12:29.407 10851 11417 W SSLSDKJW: [===> checkChainAgainstTrustManagers: Chain rejected by custom trust manager!
05-03 12:12:29.407 10851 11417 E SSLSDK : [===> android_internal_verifyChainWithTrustManager: The app trust managers don't approve this chain!
05-03 12:12:29.409 10851 11417 E SSLSDKJW: [===> Exception thrown during handshake. Rethrowing inside IOException (if necessary): com.citrix.work.certificatehandling.exceptions.CertificateMismatchException
05-03 12:12:29.411 10851 10869 E "SecureHub": "ERROR ( 2)","ZenpriseHelper:auto-discovery service not available or untrusted"
05-03 12:12:29.407 10851 10869 E "SecureHub": "ERROR ( 2)","FirstSeenCertificatePinningManager:Trying to connect to ADS server but got invalid server certificate"
05-03 12:12:29.407 10851 11417 W SSLSDKJW: [===> checkChainAgainstTrustManagers: Chain rejected by custom trust manager!
05-03 12:12:29.407 10851 11417 E SSLSDK : [===> android_internal_verifyChainWithTrustManager: The app trust managers don't approve this chain!
05-03 12:12:29.409 10851 11417 E SSLSDKJW: [===> Exception thrown during handshake. Rethrowing inside IOException (if necessary): com.citrix.work.certificatehandling.exceptions.CertificateMismatchException
05-03 12:12:29.411 10851 10869 E "SecureHub": "ERROR ( 2)","ZenpriseHelper:auto-discovery service not available or untrusted"
Resolution
Certificate on discovery.mdm.zenprise.com was renewed on 30th of April 2018, which is what caused the issue in the first place.
In order to be able to get past the enrollment URL screen, upgrading Secure Hub is needed.
Known to work version is 10.6.20.
In order to be able to get past the enrollment URL screen, upgrading Secure Hub is needed.
Known to work version is 10.6.20.
Problem Cause
Certificate on discovery.mdm.zenprise.com was renewed on 30th of April 2018, which is what caused the issue in the first place.Issue/Introduction
When attempting to enroll with Secure Hub 10.5, enrollment fails right after the URL screen with invalid certificate
Was this article helpful?
Yes
No
Powered by
