I installed Workspace One UEM 1907 on-premise (with one server in LAN and one server in DMZ), and one UAG server (3.7.2) in DMZ.
I can configure Content gateway -> the service start in UAG. I can configure Tunnel Proxy -> the service start in UAG. But when I configure Tunnel Per App in the console, the service not start in UAG (error 500 during API call).
Hi, I saw this error too. I reuploaded the SSL certificate for per App Server Authentication again in the console and after that it worked. But I am not sure where this error comes from.
On the AW_MDM_API.log of the DMZ server I have a strange error:
2019/12/13 15:19:44.366 WSP1UEM-DMZ ***** [0000000-0000000] (83) Error WanderingWiFi.AirWatch.BusinessImpl.TunnelTrafficRules.TunnelServerTrafficRulesBusiness.CreateTunnelTrafficRulesConfigForServer *** EXCEPTION *** System.AggregateException: Une ou plusieurs erreurs se sont produites. à System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) à WanderingWiFi.AirWatch.BusinessImpl.Tunnel.Clients.TunnelClient.SendToMicroservice(HttpMethod method, Uri uri, Object body) à WanderingWiFi.AirWatch.BusinessImpl.Tunnel.Clients.TunnelClient.GetServerTrafficRules(String tunnelConfigUuid) à WanderingWiFi.AirWatch.BusinessImpl.TunnelTrafficRules.TunnelServerTrafficRulesBusiness.GetTunnelServerConfigFromMicroservice(GatewayDetails gatewayDetails) à WanderingWiFi.AirWatch.BusinessImpl.TunnelTrafficRules.TunnelServerTrafficRulesBusiness.CreateTunnelTrafficRulesConfigForServer(GatewayDetails gatewayDetails, String userPasswordKey) System.Net.Http.HttpRequestException: Une erreur s'est produite lors de l'envoi de la demande.System.Net.WebException: La connexion sous-jacente a été fermée : Impossible d'établir une relation de confiance pour le canal sécurisé SSL/TLS. à System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) à System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)System.Security.Authentication.AuthenticationException: Le certificat distant n'est pas valide selon la procédure de validation. à System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) à System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) Method: AirWatch.Security.Cryptography.X509Certificates.CertificateProvider.Get; LocationGroupID: 570; UserID: 52; UserName: Administrator; Returns: [Subject] CN=AirWatch Device Services Root
Afterwards make sure that the secure channel installer (you find it in the console All Settings>System>Advanced>SecureChannelCertificate) is installed on the Device Service Server. That could cause the Error you see in the log I guess. Try again to configure the tunnel on UAG to see if the error still exists. (UAG needs to communicate to Device Service Server on 443 for the api call).
Another idea: upload the certificate chain of the certificate of the device service server in the configuration for tunnel service on the UAG to make sure there is no SSL error on communication between them.