VMware Workspace ONE Community
rmann100
Contributor
Contributor
‎08-09-2022 08:53 AM
Jump to solution

Enrolling iOS via Web enrollment An error has occured... Something unexpected happened

Airwatch WorkSpace One UEM, 22.3.0.18 (2203), IOS devices, Error message = "An error has occured... Something unexpected happened. if this issue persists contact your IT administrator" and a picture of a beach. We are trying to enroll any iOS devices via web portal and it lets us enter our Group ID, UserID and Password, then when it gets to the download profile this error pops up. have tried multiple devices. we have recently undergone a server migration from server 2008 to 2019 on version 1909 and then upgraded from 1903 to 2203. Same results if we use the HUB app. 

0 Kudos
1 Solution

Accepted Solutions
Noordan
Hot Shot
Hot Shot
‎08-15-2022 12:24 AM
Jump to solution

One thing you can do in a testing purpose is to disable "Sign Profiles" and try enroll to see if that works.

If that works I think you have to find exactly which certificate the logs are referring to. And when you have find that you have to check that you have access to CRL lists for that certificate and the servers also need to have the full chain. Those two things is common issues if the servers are on-prem and if the server don't have unrestricted outbound internet access.

I think you can see some certificate related stuffs in the CAPI2 logs in event viewer. 

View solution in original post

6 Replies
Noordan
Hot Shot
Hot Shot
‎08-11-2022 05:32 AM
Jump to solution

Do you have "Sign Profiles" enabled in the console settings?
You can find that setting here: Groups & Settings / All settings / Devices & Users / Apple / profiles.

I have seen some similar issue if we have Sign profiles enabled and the server don't have the whole certificate chain of the public certificate or if the server can't reach the crl list for the public certificate.

Can you see any errors in the logfiles on the DS-server?

Tags (1)
0 Kudos
rmann100
Contributor
Contributor
‎08-11-2022 08:19 AM
Jump to solution

Thank you for your reply -

We do have "sign profiles" enabled.

in the Device Services log I see the following: "Error    WanderingWiFi.AirWatch.DeviceServices.BusinessImpl.IOSDeviceBusiness.ProcessDeviceCheckInAsync    Unsuccessful device authentication, invalid signature in Token Update with certificate [Subject]" then the certificate details. this error occurs several times in the logs."

This particular Certificate is not found in the Console server (we are on prem) should it be do you know? 

0 Kudos
Noordan
Hot Shot
Hot Shot
‎08-11-2022 11:49 PM
Jump to solution

What certificate are the log complaining about? 
Internal AW certificate, a public certificate, or a self-signed certificate?

0 Kudos
rmann100
Contributor
Contributor
‎08-12-2022 08:12 AM
Jump to solution

I am assuming a public because I cannot find the Serial in our local server's certificate stores and does not match any self signed. Thanks 

Tags (1)
0 Kudos
Noordan
Hot Shot
Hot Shot
‎08-15-2022 12:24 AM
Jump to solution

One thing you can do in a testing purpose is to disable "Sign Profiles" and try enroll to see if that works.

If that works I think you have to find exactly which certificate the logs are referring to. And when you have find that you have to check that you have access to CRL lists for that certificate and the servers also need to have the full chain. Those two things is common issues if the servers are on-prem and if the server don't have unrestricted outbound internet access.

I think you can see some certificate related stuffs in the CAPI2 logs in event viewer. 

rmann100
Contributor
Contributor
‎08-17-2022 03:01 PM
Jump to solution

Thank you! this was the issue "Sign Certificates"
0 Kudos