Delivering MDM DeviceLock Payload

5
votes

We were able to get an response with Status as Idle after send the first payload as mdm:. Now we want to send a simple device lock payload. we followed the exact same process to send the payload but the response returned was blank.

We are following the certificate use as follows: 1. On the MDM server, To send mdm commands we use MDM Vendors APNS certificate with identifier as com.apple.mgmt.myapp.(This identifier is set as topic in configuration profile). 2. In the configuration profile, we are setting the credentials as the p12 file which is returned by the MDM Client.

I am getting the below error..: MC|Failed to parse profile data. Error: 

    NSError 0x1c58c2f0:
    Desc   : Invalid Profile
    US Desc: Invalid Profile
    Domain : MCProfileErrorDomain
    Code   : 1000
    Type   : MCFatalError


    <Warning>: MDM|Command Status: Error
    Error: NSError 0x1c58c2f0:
    Desc   : Invalid Profile
    US Desc: Invalid Profile
    Domain : MCProfileErrorDomain
    Code   : 1000
    Type   : MCFatalError
3
iosapple-push-notificationsmdmpayload
I am sending the devicelock payload the same way how I sent the mdm:PushMagic ... its it correct? - Manmay
Below is the transaction taking place.. I am sending a device lock command to the device in response, but still the device says no command from server.. :( - Manmay
Mar 5 03:32:23 iPad-01 mdmd[3637] <Warning>: MDM|mdmd starting... Mar 5 03:32:23 iPad-01 mdmd[3637] <Warning>: MDM|Polling MDM server lion.myserver.net/main.php for commands Mar 5 03:32:23 iPad-01 mdmd[3637] <Warning>: MDM|Network reachability has changed. Mar 5 03:32:26 iPad-01 mdmd[3637] <Warning>: MDM|Transaction completed. Status: 200 Mar 5 03:32:26 iPad-01 mdmd[3637] <Warning>: MDM|Transaction completed. Status: 200 Mar 5 03:32:26 iPad-01 mdmd[3637] <Warning>: MDM|Server has no commands for this device. Mar 5 03:32:28 iPad-01 mdmd[3637] <Warning>: MDM|mdmd stopping... - Manmay
After sending the DeviceLock Payload, I get the below error: <Warning>: <APSCourier: 0x1cd51970>: Failed to parse JSON message payload for topic 'com.apple.mgmt.mycomp.mdm': Unexpected end of input while parsing string at line number 1, column 116 - Manmay
Did you manage to solve this? Can you help me on the same issue! - Sahil Khanna

3 Answers

4
votes

You do not send the device lock profile using APNS. The device 'phones home' after it receives the MDM payload via APNS and your server sends back XML (NOT JSON!) to the device containing the device lock command.

1
votes

The payload should be Base64 encoded of *.mobileconfig file content, with the top level 'dict' node.

The actual xml sent to device is defined in the iOS MDM protocol reference. The command type is 'InstallProfile'

0
votes

If the device sends 'Idle' then it means you are correctly waking up the device using your APNS. Next all you would need is to send DeviceLock command to device. Its need not be base64 encoded , just send this plist response and check .

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>CommandUUID</key>
    <string>DeviceLock</string>
    <key>Command</key>
    <dict>
        <key>RequestType</key>
        <string>DeviceLock</string>
        <key>Message</key>
        <string>Locking the device. Contact +91 9999999999</string>
    </dict>
</dict>
</plist>