When attempting to enroll a Windows Phone 8 device over SSL into Symantec Mobile Management, the agent fails to authenticate or bypass the initial agent enrollment step.  Upon entering the enrollment URL and valid username and password, the agent almost immediately reports an error.

Error: Could not connect to server.

Environments that require SSL communication from device to the Mobile Management Server must use an SSL certificate installed at the web server.  Certain organizations use a certificate authority that is "in-house" only and not a commonly trusted and public CA.  Windows Phone 8 mobile devices may not trust SSL certificates signed by these type of in-house certificate authorities. 

Pre-installation of the in-house certificate authority root certificate or the web server SSL certificate on a Windows Phone 8 device may not resolve the issue. 

Due to the disposition of Windows Phone 8 and corresponding trusted certificate authorities, Symantec recommends using a public certificate authority trusted by the Windows Phone device.  This commercial SSL certificate should be used on the Mobile Management Server or reverse proxy to handle SSL communication between the device and server. 

Applies To

Symantec Mobile Management 7.2 SP3, SP3 MR1