2

概括

我有一台安装了 iOS 7.0 (11A465) 的 iPad Mini。如果我转到“设置 > 常规 > 重置 > 擦除所有内容和设置”并擦除设备,然后在设备上成功安装 MDM 配置文件,则在注册过程中设备会向服务器发送“身份验证”XML 有效负载,但之后它不会按预期发送任何“TokenUpdate”有效负载。所以我无法使用 APNS 向设备发送推送通知。如果我删除 MDM 配置文件并重新安装它,一切正常。而且无论我删除和安装 MDM 配置文件多少次,它都可以正常工作。但是,如果我再次擦除设备,它在第一次尝试时将无法正常工作。

重现步骤

  1. 我通过转到“设置>常规>重置>删除所有内容和设置”来重置设备(iPad Mini iOS 7.0(11A465))
  2. 设备重新初始化后,我设置了 Wi-Fi 连接
  3. 我打开 Safari 并下载 MDM 配置文件 (OTA);该配置文件不包含 SCEP 服务器配置,但内部有一个 PKCS12 自签名证书(我附加了 MDM 配置文件;它是一个名为“mdm.mobileconfig”的文件);该配置文件还包含一个签入 URL
  4. 我成功安装了配置文件
  5. 设备将 XML 有效负载上传到签入 URL,其中包含以下 2 个节点(以及其他节点): MessageType Authenticate
  6. 无论我等待多久,设备都不会上传任何其他内容。但是,我希望设备还至少再上传一个包含以下 2 个节点的 XML 有效负载: MessageType TokenUpdate
  7. 我手动删除 MDM 配置文件
  8. 我重复步骤 3、4 和 5
  9. 这一次,设备还上传了包含设备令牌的预期 XML 有效负载,这很完美,因为它允许我通过 APNS 发送通知
  10. 我现在可以一次又一次完美地重复步骤 7、8、9
  11. 如果我从第 1 步重新开始,第 6 步中描述的错误会再次出现

预期成绩

预期结果是在我的 iPad Mini iOS 7.0 (11A465) 设备上成功安装 MDM 配置文件后始终获取设备令牌,即使在设备重置为出厂设置后也是如此。

实际结果

第一次在全新(出厂设置)设备上安装 MDM 配置文件时,该设备不会将设备令牌上传到签入服务器。

这是移动配置(没有真正的链接或证书)

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>AccessRights</key>
            <integer>8191</integer>
            <key>CheckInURL</key>
            <string>https://checkin.url</string>
            <key>CheckOutWhenRemoved</key>
            <true/>
            <key>IdentityCertificateUUID</key>
            <string>AAAA-AAAA-AAAAA</string>
            <key>PayloadDescription</key>
            <string>Remote management of iOS mobile devices</string>
            <key>PayloadDisplayName</key>
            <string>Mobile Device Management</string>
            <key>PayloadIdentifier</key>
            <string>com.mdm.identifier</string>
            <key>PayloadOrganization</key>
            <string>Organization</string>
            <key>PayloadType</key>
            <string>com.apple.mdm</string>
            <key>PayloadUUID</key>
            <string>aaaaa-aaaaaa-aaaaa-aaaaa</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>ServerURL</key>
            <string>https://server.url</string>
            <key>SignMessage</key>
            <false/>
            <key>Topic</key>
            <string>com.apple.topic</string>
            <key>UseDevelopmentAPNS</key>
            <true/>
        </dict>
        <dict>
            <key>Password</key>
            <string>password</string>
            <key>PayloadCertificateFileName</key>
            <string>certificate.p12</string>
            <key>PayloadContent</key>
            <data>
            XXXXXXXXXXXXXXXXXXXXXXXXXXX
            </data>
            <key>PayloadDescription</key>
            <string>Provides device authentication (certificate or identity).</string>
            <key>PayloadDisplayName</key>
            <string>SSL Certificate</string>
            <key>PayloadIdentifier</key>
            <string>com.identifier.test</string>
            <key>PayloadOrganization</key>
            <string>Organization</string>
            <key>PayloadType</key>
            <string>com.apple.security.pkcs12</string>
            <key>PayloadUUID</key>
            <string>AAAA-AAAA-AAAAA</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Remote management of iOS mobile devices</string>
    <key>PayloadDisplayName</key>
    <string>Mobile Device Management</string>
    <key>PayloadIdentifier</key>
    <string>com.identifier.test</string>
    <key>PayloadOrganization</key>
    <string>Organization</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>aaa-aaaa-aaaa</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

这是来自 IPCU 的日志

Oct  2 18:34:06 iPad profiled[183] <Notice>: (Note ) profiled: Service starting...
Oct  2 18:34:06 iPad profiled[183] <Notice>: (Note ) MC: Profile “com.identifier.test” queued for installation.
Oct  2 18:34:07 iPad Preferences[172] <Warning>: void unloadAPTableCellImages(): unloading images
Oct  2 18:34:11 iPad profiled[183] <Notice>: (Note ) MC: Checking for MDM installation...
Oct  2 18:34:11 iPad profiled[183] <Notice>: (Note ) MC: ...finished checking for MDM installation.
Oct  2 18:34:11 iPad profiled[183] <Notice>: (Note ) MC: Beginning profile installation...
Oct  2 18:34:12 iPad profiled[183] <Error>: MKBDeviceLockAssertion: Status missing from response
Oct  2 18:34:12 iPad profiled[183] <Error>: __MKBAssertionFinalize: __MKBAssertionFinalize(0x14d58ba0)
Oct  2 18:34:12 iPad profiled[183] <Error>: MKBDeviceLockAssertion: MKBDeviceLockAssertion  (asserttype:544164 with error 22)
Oct  2 18:34:12 iPad profiled[183] <Notice>: (Error) MC: Could not hold keybag lock assertion. Error: The operation couldn’t be completed. Invalid argument
Oct  2 18:34:12 iPad securityd[83] <Error>:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:12 iPad securityd[83] <Error>:  securityd_xpc_dictionary_handler sbd[95] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:12 iPad securityd[83] <Error>:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:12 iPad securityd[83] <Error>:  securityd_xpc_dictionary_handler sbd[95] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:12 iPad profiled[183] <Error>: TASK-ASSERT: cfurlcache - truncate DB - FAILED to get assertion, going commando!
Oct  2 18:34:13 iPad profiled[183] <Error>: MKBDeviceGetGracePeriod: MKBDeviceGetGracePeriod() => (0,0,0)
Oct  2 18:34:13 iPad profiled[183] <Error>: MKBDeviceGetGracePeriod: MKBDeviceGetGracePeriod() => (0,0,0)
Oct  2 18:34:13 iPad profiled[183] <Error>: get_longlongvalue_for_key: failed to get GracePeriod
Oct  2 18:34:13 iPad profiled[183] <Error>: get_longlongvalue_for_key: failed to get MaxLifetime
Oct  2 18:34:13 iPad profiled[183] <Error>: MKBDeviceSetGracePeriod: MKBDeviceSetGracePeriod(-1,5,-1)
Oct  2 18:34:13 iPad profiled[183] <Error>: MKBDeviceSetGracePeriod: MKBDeviceSetGracePeriod: from AKS 0
Oct  2 18:34:13 iPad keybagd[44] <Error>: 0x297000 __update_system_keybag_block_invoke: Updating System Keybag
Oct  2 18:34:13 iPad keybagd[44] <Error>: 0x297000 KBUpdateSystemKeyBag: Got opaqueStuff from ondisk keybag
Oct  2 18:34:13 iPad keybagd[44] <Error>: 0x297000 KBUpdateSystemKeyBag: Saved new keybag with result 2715424
Oct  2 18:34:13 iPad profiled[183] <Notice>: (Note ) MC: Profile “com.identifier.test” installed.
Oct  2 18:34:13 iPad afcd[157] <Error>: Checking for changed log settings
Oct  2 18:34:13 iPad afcd[157] <Error>: valid 0 value 0
Oct  2 18:34:13 iPad afcd[157] <Error>: Verbose logging disabled
Oct  2 18:34:13 iPad Preferences[172] <Warning>: -[VPNConnectionStore reloadVPN]: The active VPN configuration has changed from (null) to (null)
Oct  2 18:34:13 iPad Preferences[172] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0x14e89fd0:<VPNBundleController: 0x14e89fd0>): _serviceCount(0), serviceCount(0), toggleInRootMenu(0), RootMenuItem(1)
Oct  2 18:34:13 iPad lockdownd[51] <Error>: FAILURE: Failed to open property list at file:///private/var/db/launchd.db/com.apple.launchd/overrides.plist for reading. (The operation couldn’t be completed. No such file or directory)
Oct  2 18:34:13 iPad mc_mobile_tunnel[188] <Notice>: (Note ) MC: mc_mobile_tunnel starting.
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCProfileMonitor::profileCallback Entered token:1
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCLogTap::profileRemoved
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCDataFile::profileRemoved
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCLogTap::profileRemoved
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCProfileMonitor::setStreamEventHandler 
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCXPCService::setStreamEventHandler Registered for notification callback.
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCXPCService::setStreamEventHandler Woken up by notifyd.
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCProfileMonitor::profileCallback Entered token:0
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCLogTap::profileRemoved
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCDataFile::profileRemoved
Oct  2 18:34:14 iPad corecaptured[186] <Warning>: CCLogTap::profileRemoved
Oct  2 18:34:14 iPad mdmd[184] <Notice>: (Note ) MDM: mdmd starting...
Oct  2 18:34:14 iPad mdmd[184] <Notice>: (Note ) MDM: Looking for managed app states to clean up
Oct  2 18:34:14 iPad mdmd[184] <Notice>: (Note ) MDM: Waiting for push token to be assigned to this device...
Oct  2 18:34:14 iPad mdmd[184] <Notice>: (Note ) MDM: Network reachability has changed.
Oct  2 18:34:14 iPad mdmd[184] <Notice>: (Note ) MDM: Network reachability has changed.
Oct  2 18:34:14 iPad securityd[83] <Error>:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:14 iPad securityd[83] <Error>:  securityd_xpc_dictionary_handler sbd[95] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:14 iPad securityd[83] <Error>:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:14 iPad securityd[83] <Error>:  securityd_xpc_dictionary_handler sbd[95] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:14 iPad awdd[185] <Error>: CoreLocation: CLClient is deprecated. Will be obsolete soon.
Oct  2 18:34:22 iPad profiled[183] <Error>: TASK-ASSERT: cfurlcache - ProcessCacheTask - FAILED to get task-assertion, going commando with 1 items to process.
Oct  2 18:34:23 iPad mc_mobile_tunnel[188] <Notice>: (Note ) MC: mc_mobile_tunnel shutting down.
Oct  2 18:34:25 iPad mdmd[184] <Notice>: (Note ) MDM: Timed out waiting for push token. Continuing...
Oct  2 18:34:25 iPad mdmd[184] <Notice>: (Note ) MDM: Waiting for push token to be assigned to this device...
Oct  2 18:34:29 iPad mdmd[184] <Notice>: (Note ) MDM: mdmd stopping.
Oct  2 18:34:36 iPad profiled[183] <Notice>: (Note ) profiled: Service stopping.
Oct  2 18:34:44 iPad wifid[15] <Error>: WiFi:[402420884.811876]: Enable WoW requested by "apsd"
Oct  2 18:34:44 iPad awdd[189] <Error>: CoreLocation: CLClient is deprecated. Will be obsolete soon.
Oct  2 18:34:47 iPad securityd[83] <Error>:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:47 iPad securityd[83] <Error>:  securityd_xpc_dictionary_handler sbd[95] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Oct  2 18:34:47 iPad mdmd[191] <Notice>: (Note ) MDM: mdmd starting...
Oct  2 18:34:47 iPad mdmd[191] <Notice>: (Note ) MDM: Looking for managed app states to clean up
Oct  2 18:34:47 iPad profiled[192] <Notice>: (Note ) profiled: Service starting...
Oct  2 18:34:47 iPad mdmd[191] <Notice>: (Note ) MDM: Network reachability has changed.
Oct  2 18:34:47 iPad mdmd[191] <Notice>: (Note ) MDM: Network reachability has changed.
Oct  2 18:34:47 iPad mdmd[191] <Notice>: (Note ) MDM: Push token received.
Oct  2 18:34:51 iPad mdmd[191] <Notice>: (Note ) MDM: mdmd stopping.
Oct  2 18:34:58 iPad profiled[192] <Notice>: (Note ) profiled: Service stopping.
Oct  2 18:35:39 iPad cplogd[180] <Warning>: Exiting.
Oct  2 18:36:01 iPad backboardd[28] <Notice>: ALS: SetDisplayFactor: factor=0.0500
Oct  2 18:36:16 iPad backboardd[28] <Notice>: ALS: SetDisplayFactor: factor=0.0000
Oct  2 18:36:16 iPad kernel[0] <Debug>: AppleMultitouchN1SPI: updating power statistics
Oct  2 18:36:16 iPad backboardd[28] <Notice>: MultitouchHID: detection mode: 3->255
Oct  2 18:36:16 iPad kernel[0] <Debug>: ALS: AppleARMBacklight::setBacklightEnableGated 0 (set level to 0x36e)
Oct  2 18:36:16 iPad backboardd[28] <Notice>: Posting 'com.apple.iokit.hid.displayStatus' notifyState=0
Oct  2 18:36:16 iPad SpringBoard[33] <Warning>: [MPUNowPlayingController] Not registered for now playing notifications. Ignoring call to -unregisterForNotifications.
Oct  2 18:36:16 iPad profiled[193] <Notice>: (Note ) profiled: Service starting...
Oct  2 18:36:16 iPad touchsetupd[115] <Warning>: WPTransfer deallocing
Oct  2 18:36:17 iPad cplogd[194] <Warning>: Starting.
Oct  2 18:36:17 iPad kernel[0] <Debug>: ALS: AppleARMBacklight::handleMessageGated - framebufferState -> 0
4

0 回答 0