Hi everyone.
After upgrading AirWatch to 21.05, I noticed the mechanism for supplying the ENS token has changed. I created a new child OG for BYOD devices recently and the Boxer payload is having issues retrieving the ENS token from the ENS server itself (new method).
Port 443 is definitely accessible both ways and I can reach the https://ensserver.domain/MailNotificationService/api/ens/alive URL from the console fine.
However I noticed this is the error in the AWMemApi log on the console when the retrieval fails:
(19) Error WanderingWiFi.AirWatch.BusinessImpl.ENS.EnsTenantApiClient+d__7.MoveNext Exception while retrieving token from the given ENS2 Server Address [https://ensserver.domain/MailNotificationService/api/ens]. ensHttpPostResponseContent = [] Exception = [WanderingWiFi.AirWatch.BusinessImpl.Cryptography.SigningServiceIdentityCertificateException: Identity certificate not found or does not have private key
I was wondering if anyone else has gotten this issue? I'm not certain what certificate the error is referring to. Luckily the parent OG ENS functionality still works (token when entered in on earlier versions must still be present in the DB).
Thanks
I had such a problem, try to check if you are satisfied with the telnet from the API server or using powershell.
tnc -cn fqdnserverens -port 443
If the server responds from an IP address in the Public Range and the connection fails to open. This means you don't have traffic to the API server passed through.
I recommend that you add an entry to the host file on the API server this month. So that the ENS server is routed via the ip address from the private pool.
It sends the traffic internal. Waiting for network team to open 443 between device servers and ENS server now 🙂 Will update!
Hi Pro2type,
Did the port-opening solve your problem?