SOTI Pulse Logo

Android 8.1 to 11 upgrade and SHA1 to SHA256 certificate issue

FC
Fabien Cuny
ROBERT BOSCH FRANCE SAS

Hello,
We are updating our fleet of Zebra TC52 from Android 8.1 to Android 11.
 
FYI, our MobiControl Deployment Server (version 14.1) has no internet connection (on-premise solution). It runs on Windows Server 2016.
 
We had previously SHA1 certificate on this server because there was also several Windows CE devices. This is not anymore the case, we have only Android devices connected to this DS. Problems happens when i try to generate SHA256 certificate to the Deployment Server (and all others) from the new SHA256 root certificate generated 2 years ago. Same case with freshly generated root certificate. This fails (Message of type NullReferenceException).

Procedure : in MCAdmin Utility, i clicked on the SHA256 root certificate, clicked on Deployment Server in the Certificate Bindings list, and then "Change" button, then i clicked on "Generate" on the Select Certificate window, and then selected the SHA256 Root CA and "Generate Certificate" and it fails  (Message of type NullReferenceException).

I already logged a case, the perso from Soti did take remote to see what happened, and nothing more... It doesn't helped me.

Have you got an idea ?


Another problem : We also have another small issue: the MobiControl lockscreen keeps coming back when using an application, which is annoying for users entering production statements.

Thanks

sha256 sha1 mobicontrol android 11
3 years ago
SOTI MobiControl
ANSWERS
FC
Fabien Cuny
3 years ago

As a precision, all devices with Android 8.1 are connected with success, i updated just one TC52 to Android 11 and i got a SSL Negociation failed error

Steps in MCAdmin :

MB
Marcus Breitenthaler
3 years ago

Hey Fabien,

i have seen in the Relase notes that there has been fixed a few Certificate Issues.

What Version do you have in Detail ? 14.1.1 ?

You wrote that the Server has no Internet Connection -  are the needed Links to Soti able to Validate the new Certificate with the Soti Servers ?

https://www.soti.net/mc/help/v14.1/en/setup/installing/soti_services.html

What i know is when you create a new Root Certificate it will be validated with Soti....

If you have Devices what Require a SHA2 Certificate.

With Version 15.4.2 is it possible to Use both with on Deplayment Server.

https://docs.soti.net/soti-mobicontrol/release-notes/#SHA

FC
Fabien Cuny
3 years ago

Hello,

The version we have is : 14.1.8.1064

fyi, the connection is open only to following hosts :

  • activate2.soti.net
  • mc-enroll.soti.net
  • mobicontrolservices.soti.net
  • location.soti.net
  • location2.soti.net
  • skins.soti.net

Below, you can find the status of the server, only skins part is missing, but not important for the certificate renewal process.

But also, when I try to regenerate a Root Certificate, i get this error :

But it's generated, i've been able to put SHA256 certificates for the DSE&Web Console part, but not the DS part. The DS service would not start (in the Event Log there was an error saying that the certificate has no private key).

Any ideas ?

MB
Marcus Breitenthaler
3 years ago

Hello Fabien,

can you check on your MobiControl Server if the Services are running:

Soti Remote Control Service

Soti Assist Services (if installed) for only using the WEB Remote you do not have to buy it.

Yoi can have alook into the Logs if there are any other Error Messages: C:\ProgramData\SOTI\ on the Server.

G
GKMOD@SOTI
3 years ago

Hi Fabien,

Other environment, we had permission issue to generate certificate so to isolate the issue I would suggest, if you can try to generate certificate with local administrator account?

FC
Fabien Cuny
3 years ago

Hello,

I've seen with the support, I have upgraded without any issue to MobiControl 15.5. But the certificate issue remains the same !

I tried via an autogenerated CA and Certificate, I can import them well in MCAdmin, but when applied, MCDPSRV service (Mobicontrol DS) wouldn't start.

FYI, I followed this procedure : http://woshub.com/how-to-create-self-signed-certificate-with-powershell/

If you have any solution... It will be warmly welcomed !

G
GKMOD@SOTI
3 years ago

Hi Fabien,

After upgraded to 15.5, it's connected SOTI services? If not, please refer below help, SOTI services part.

And please open the service URL and IP address to connect SOTI services.

https://www.soti.net/mc/help/v15.5/en/setup/installing/system_requirements.html?hl=system%2Crequirement

After connected SOTI services, please try if you can generate root certificate from MCAdmin utility.
also please try self-sign certificate that you generate / imported, if it works.

I will check what user privilege needs to generate root certificate by MCAdmin utility.

Similar Discussions