Hello, Thank you for your reply. Actually, yes I installed the certificate on the IIS and now it s running on port 443; its ENSv2 on premise the installation completed successfully and there are 3 services up but according to the documentation the url https://localhost/api/ens/alive or https://ensfqdn/alive should work but it doenst seem to work in my case. Even I tried to complete the boxer assignment anc configure the ens server like described it doesnt work. Maybe there is an issue reaching the cns server on the internet. Can you please advise where to look or am missing something? Thanks a lot.

Hello again,

Trying to follow up the troubleshoot link and the logs I found this log on the AutoDiscoveryChecker :

Hello again,

Trying to follow up the troubleshoot link and the logs I found this log on the AutoDiscoveryChecker :

According to https://kb.vmware.com/s/article/82522 you have to verify that the server have certificate trust to https://awtrustdiscovery.awmdm.com/autodiscovery/HostRegistry.aws?URL=cns.awmdm.com 

If I remember correctly, you should be able to navigate to  https://ensfqdn/mailnotificationservice/api/ens/alive.

You should also have three logfiles in the installation folder /logs, do you have any errors in those logfiles?

Hello;

Thank your for your time and your reply;

Actually, yes I am able to navigate to this url and it's telling thats it is alive.

I have questions please:

Do I click on retrieve token if I am using on premise ENS ? And the api token generated where do i put it because starting from the version 21.04 it doesn't show on the boxer side where to put the api token generated?

Is the EWS url mandatory to activate the ENS on premise service?

The certificate unfortunately is not trusted even from mobile when I try to reach https://awtrustdiscovery.awmdm.com/autodiscovery/HostRegistry.aws?URL=cns.awmdm.com the phone shows that is not trusted how can I manage to tell the server to trust this certificate?

Thanks a lot for the help.

BR,

Do I click on retrieve token if I am using on premise ENS ?
Yes you do, after configure the ENS URL and EWS URL in boxer config.

Is the EWS url mandatory to activate the ENS on premise service?
Yes, ENS are using EWS to setup the subscription on users mailboxes. Beacuse activesync dont have that feature (as far as I know😉)

The certificate unfortunately is not trusted even from mobile when I try to reach https://awtrustdiscovery.awmdm.com/autodiscovery/HostRegistry.aws?URL=cns.awmdm.com the phone shows that is not trusted how can I manage to tell the server to trust this certificate?
It is only required that ENS server have trust to awtrustdiscovery, because this one is used to automatically renew the cns-certificates every year. And that is described here: https://kb.vmware.com/s/article/82522?lang=en_US
I think you can export the root chain if you navigate to the page and bypass the certificate warning, and then download the certificate and import it to windows certificate store. 

Hello; 

Thank's a lot for your help.

The token was retrieved successfully on the boxer assignment. But I didn't configure yet the EWS url I thought this is optional but I'll try to do it and let you know.

For the certificate issue I already followed the kb you sent and added the pinned certificates as described but I don't know now if it s trusted from the server or not because on the logs of the autodiscovery checker it s always saying that the root certificate isn't trusted.

Just I am confused about the ENS api token who was generated after the installation completed successfully we dont put it anywhere in the UEM console?

Thank you for your time and your help;

Best Regards,

Hello;

I would like to thank you for your help and your time responding to me. I just updated the root CA and configured the EWS url and now it's working fine.

Just in the apple ios devices when the notifcation content is configured to sender subject and preview on the notification they get only the sender and subject I don't know why.

Thank you again for your help.

Best regards;

Great to hear that you got it to work!

And in previous versions of boxer and UEM console you had to manually enter the api code that were generate during ENS installation. But from some versions ago, this is done automatically when click "retrieve token" in boxer config.