ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Any Android GCM mobile device (MDM) command selectively wipes and remove MDM management

book

Article ID: 161993

calendar_today

Updated On:

Products

Mobility Device Management Mobility Suite

Issue/Introduction

After an apparently successful Android enrollment into Mobility, the administrator attempts to send a lock or any other Google Cloud Messaging (GCM) command to the device.  This command always causes Mobile Device Management (MDM) to be removed from the device and the MDM client is uninstalled. Exception=IOError: [Errno 2] No such file or directory: '/usr/local/nukona/openscep/lib/op
enscep/cacert.pem',device_hash=<removed>

The directory may change depending on whether a custom installation path was specified during the Mobility installation. 


 

Cause

The ‚Äčopenscep-certs-2.0-88.noarch and GPLv2-openscep-trunk-4.x86_64 RPMs did not populate the OpenSCEP application directory with the required certificates.  This is most likely due the following:
  • Re-installation of Mobility after removing its directories from the server without fully removing all of the Mobility RPMs
  • The Mobility installation was performed with limited privileges, a non root user
  • Special folder permissions or hardening time-outs


 

Resolution

The following steps will resolve all of the above causes:

  1. Backup the front end's (FE) certificates and settings.cfg files by running a command like:
    mkdir /tmp/backup
    cp /usr/local/nukona/etc/settings.cfg /tmp/backup
    cp /usr/local/nukona/certs/configurator/* /tmp/backup

Note: If LOCAL file storage is used and not BLOB, a backup of the /vol1/nukona directory is recommended. See TECH228357 to identify whether BLOB or LOCAL is used in the settings.cfg file.

  1. Mount the server’s corresponding installation ISO to the system, as root:
    mkdir /mnt/iso
    mount -o loop /root/
    /symantec_appcenter_5.2.2_linuxML.iso /mnt/iso

Tip: For step-by-step instructions on how to transfer the installation ISO to the Mobility FE see: HOWTO110248 ; To find the currently installed version of Mobility navigate to the Admin console and click About Mobility Manager.

  1. Remove the openscep RPM’s from the system, as root:
    sudo yum -y remove openscep-certs-2.0-88.noarch GPLv2-openscep-trunk-4.x86_64

Note: This will also remove MDMCore, which will be re-added in the later steps.  If the RPM package names have changed, run rpm -qa | grep openca for a list of the updated package names.

4.       Change the active directory to the ISO’s mount point:
cd /mnt/iso

5.       Re-bootstrap the FE by entering the following, as root:
sudo ./setup.sh --install --config /tmp/backup/settings.cfg --ssl-cert /tmp/backup/sign.crt --ssl-key /tmp/backup/sign.key --ssl-bundle /tmp/backup/gd_bundle.crt

Note: Custom directories should be automatically detected by the installer.  If they are not, add the following syntax to the command: --cachedir <dir> --logdir <dir> --installdir <dir>

6.       Confirm that the required certificates were added to the OpenSCEP directory:
ls -al /usr/local/nukona/openscep/lib/openscep/

 

 

Attachments