Windows Phone 8.1 MDM实施:证书注册问题 [英] Windows Phone 8.1 MDM Implementation : Certificate enrollment issue
问题描述
我正致力于Windows手机注册。目前卡在证书注册。我正在使用JAVA。
我在日志中收到以下错误:
5 ,,,, 56,未知,Microsoft-WindowsPhone- Enrollment-API-Provider // win:Info,Function NCryptOpenKey失败,结果为(0x80090016)。 ,2,1480,NCryptOpenKey,0x80090016 ,, 1,1,1798817395
16 ,,,, 113,未知,Microsoft-WindowsPhone-Enrollment-API-Provider // win:Info,Soap Request Message: < s:envelope xmlns:s =" http://www.w3.org/2003/05/soap-envelope"的xmlns:A =" HTTP://www.w3.org/2005/08/addressing"的xmlns:U =" HTTP://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse =" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"的xmlns:WST = QUOT; HTTP://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac =" http://schemas.xmlsoap.org/ws/2006/12/authorization">
< s:header>
&NBSP;&NBSP;&NBSP; < a:action s:mustunderstand =" 1"> http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rst/wstep< / a:action>
&NBSP;&NBSP;&NBSP; < a:messageid> urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749< / a:messageid>
&NBSP;&NBSP;&NBSP; < a:replyto>
&NBSP;&NBSP;&NBSP; &NBSP;&NBSP;&NBSP; < a:地址> http://www.w3.org/2005/08/addressing/anonymous< / a:地址>
&NBSP;&NBSP;&NBSP; < / a:replyto>
&NBSP;&NBSP;&NBSP; < a:to s:mustunderstand =" 1"> http://10.10.25.151:8080 / ws / api / wp / enrollservice< / a:to>
&NBSP; &NBSP;&NBSP;&NBSP; &NBSP; ,3,1480,< s:envelope xmlns:s =" http://www.w3.org/2003/05/soap-envelope"的xmlns:A =" HTTP://www.w3.org/2005/08/addressing"的xmlns:U =" HTTP://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse =" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"的xmlns:WST = QUOT; HTTP://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac =" http://schemas.xmlsoap.org/ws/2006/12/authorization">
< s:header>
&NBSP;&NBSP;&NBSP; < a:action s:mustunderstand =" 1"> http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rst/wstep< / a:action>
&NBSP;&NBSP;&NBSP; < a:messageid> urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749< / a:messageid>
&NBSP;&NBSP;&NBSP; < a:replyto>
&NBSP;&NBSP;&NBSP; &NBSP;&NBSP;&NBSP; < a:地址> http://www.w3.org/2005/08/addressing/anonymous< / a:地址>
&NBSP;&NBSP;&NBSP; < / a:replyto>
&NBSP;&NBSP;&NBSP; < a:to s:mustunderstand =" 1"> http://10.10.25.151:8080 / ws / api / wp / enrollservice< / a:to>
&NBSP; &NBSP;&NBSP;&NBSP; ,,,, 1,3,595181889
17 ,,, 5,未知,Microsoft-WindowsPhone-Enrollment-API-Provider // win:Info,数据传输尝试(1)失败( 2147942487)。 ,3,1480,1,2147942487 ,, 1,1,4278878750
18 ,,,, 72,未知,Microsoft-WindowsPhone-Enrollment-API-Provider // win:Info,[MDM Enroll End ]错误HRESULT:0x80070057,2,1480,0x80070057 ,,,, 1,4,305893333
从错误代码值 0x80070057,似乎某些值在我发送给设备的响应中是错误的。但是,无法识别它。
您可以查看下面给出的配置xml并为上述错误提供一些解决方案吗?
另外,您能否指导我如何处理从设备获得的PKCS#10证书请求并向设备发送适当的证书注册响应?
提前致谢..
供应XML:
< wap-provisioningdoc version =" 1.1">
< characteristic type =" CertificateStore">
< characteristic type =" Root">
< characteristic type =" System">
< characteristic type =" 031336C933CC7E228B88880D78824FB2909A0A2F"> ;">
< parm name =" EncodedCertificate" value =" Base64编码自签名证书" />
$
< / characteristic>
< / characteristic>
< / characteristic>
< characteristic type =" My">
<特征类型="用户">
<特征类型=" F9A4F20FC50D990FDD0E3DB9AFCBF401818D5462">" ;>
$
< parm name =" EncodedCertificate" value =" Base64"动态生成的编码客户端证书" />
$
< / characteristic>
< characteristic type =" PrivateKeyContainer" />
$
< / characteristic>
< / characteristic>
< / characteristic>
< characteristic type =" APPLICATION">
< parm name =" APPID"值= QUOT; W7" />
$
< parm name =" PROVIDER-ID"值= QUOT; MDMServer" />
$
< parm name =" NAME"值= QUOT;试验" />
$
< parm name =" ADDR"值= QUOT; HTTP://本地主机:8080 / WS / API / WP / synchML" />
$
< parm name =" CONNRETRYFREQ"值= QUOT; 6英寸/>
$
< parm name =" INITIALBACKOFFTIME"值= QUOT; 30000" />
$
< parm name =" MAXBACKOFFTIME"值= QUOT; 120000" />
$
< parm name =" BACKCOMPATRETRYDISABLED" />
$
< parm name =" DEFAULTENCODING"值= QUOT;应用/ vnd.syncml.dm + WBXML" />
$
< parm name =" SSLCLIENTCERTSEARCHCRITERIA"
value =" Subject = MDMLocalClientCert& amp; Stores = MY%5CUser" />
$
<特征类型=" APPAUTH">
< parm name =" AAUTHLEVEL"值= QUOT; CLIENT" />
$
< parm name =" AAUTHTYPE"值= QUOT; DIGEST" />
$
< parm name =" AAUTHSECRET"值= QUOT哑QUOT; />
$
< parm name =" AAUTHDATA"值= QUOT;随机数" />
$
< / characteristic>
<特征类型=" APPAUTH">
< parm name =" AAUTHLEVEL"值= QUOT; APPSRV" />
$
< parm name =" AAUTHTYPE"值= QUOT; DIGEST" />
$
< parm name =" AAUTHNAME"值= QUOT哑QUOT; />
$
< parm name =" AAUTHSECRET" value =" dummy" />
< parm name =" AAUTHDATA"值= QUOT;随机数" />
$
< / characteristic>
< / characteristic>
< characteristic type =" DMClient">
<特征类型="提供商">
<特征类型=" MDMServer">
<特征类型=" Poll"&b;
< parm name =" NumberOfFirstRetries"值= QUOT; 8英寸数据类型= QUOT;整数" />
$
< parm name =" IntervalForFirstSetOfRetries"值= QUOT; 15"数据类型= QUOT;整数" />
$
< parm name =" NumberOfSecondRetries"值= QUOT; 5英寸数据类型= QUOT;整数" />
$
< parm name =" IntervalForSecondSetOfRetries"值= QUOT; 3英寸数据类型= QUOT;整数" />
$
< parm name =" NumberOfRemainingScheduledRetries" value =" 0"
datatype =" integer" />
$
< parm name =" IntervalForRemainingScheduledRetries" value =" 1560"
datatype =" integer" />
$
< / characteristic>
< parm name =" EntDeviceName" value =" WP8Device"
datatype =" string" />
< / characteristic>
< / characteristic>
< / characteristic>
< / wap-provisioningdoc>
Hello Sapna
此论坛处理与开放规范文档问题相关的请求。开放式规范可在以下网址找到:http://msdn2.microsoft.com/en-us/library/cc203350.aspx。
您的问题似乎与开放规范文档集无关,因为Windows手机MDM实施不是基于MS-MDM \ MS-MDE规范。
我建议你试试以下论坛让您的问题得到解答 -
Windows Phone开发论坛 -
http://social.msdn.microsoft .com /论坛/ wpapps / en-US / home?category = wpapps
有关活动目录或证书颁发机构的一般帮助,
< span style ="color:#1f497d; font-family:'Calibri','sans-serif'; font-size:11pt"> Windows Server目录服务:
http://social.technet.microsoft.com/Forums/w indowsserver / en-US / home?forum = winserverDS
谢谢
I am working on windows phone enrollment. Currently stuck at certificate enrollment. I am using JAVA for this.
I am getting below error in logs :
5, , , , 56, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Function NCryptOpenKey failed with result (0x80090016). , 2, 1480, NCryptOpenKey, 0x80090016, , , 1, 1.798817395
16, , , , 113, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Soap Request Message: <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization">
<s:header>
<a:action s:mustunderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rst/wstep</a:action>
<a:messageid>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:messageid>
<a:replyto>
<a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>
</a:replyto>
<a:to s:mustunderstand="1">http://10.10.25.151:8080/ws/api/wp/enrollservice</a:to>
, 3, 1480, <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization">
<s:header>
<a:action s:mustunderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollment/rst/wstep</a:action>
<a:messageid>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:messageid>
<a:replyto>
<a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>
</a:replyto>
<a:to s:mustunderstand="1">http://10.10.25.151:8080/ws/api/wp/enrollservice</a:to>
, , , , 1, 3.952185989
17, , , , 5, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, Data transmission attempt (1) failed with (2147942487). , 3, 1480, 1, 2147942487, , , 1, 4.278878750
18, , , , 72, Unknown, Microsoft-WindowsPhone-Enrollment-API-Provider//win:Info, [MDM Enroll End] Error HRESULT: 0x80070057 , 2, 1480, 0x80070057, , , , 1, 4.305893333
From error code value 0x80070057, it seems that some value is wrong in response that I am sending to device. But, not able to identify it.
Can you please have a look over the provisioning xml given below and provide some solution for above error?
Also, can you please guide me for how to process the PKCS#10 certificate request got from device and send proper certificate enrollment response to device?
Thanks in advance..
Provisioning XML:
<wap-provisioningdoc version="1.1"><characteristic type="CertificateStore">
<characteristic type="Root">
<characteristic type="System">
<characteristic type="031336C933CC7E228B88880D78824FB2909A0A2F">">
<parm name="EncodedCertificate" value="Base64 Encoded self signed certificate" />
</characteristic>
</characteristic>
</characteristic>
<characteristic type="My">
<characteristic type="User">
<characteristic type="F9A4F20FC50D990FDD0E3DB9AFCBF401818D5462">">
<parm name="EncodedCertificate" value="Base64 Encoded client certificate generated on the fly" />
</characteristic>
<characteristic type="PrivateKeyContainer" />
</characteristic>
</characteristic>
</characteristic>
<characteristic type="APPLICATION">
<parm name="APPID" value="w7" />
<parm name="PROVIDER-ID" value="MDMServer" />
<parm name="NAME" value="Test" />
<parm name="ADDR" value="http://localhost:8080/ws/api/wp/synchML" />
<parm name="CONNRETRYFREQ" value="6" />
<parm name="INITIALBACKOFFTIME" value="30000" />
<parm name="MAXBACKOFFTIME" value="120000" />
<parm name="BACKCOMPATRETRYDISABLED" />
<parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml" />
<parm name="SSLCLIENTCERTSEARCHCRITERIA"
value="Subject=MDMLocalClientCert&Stores=MY%5CUser" />
<characteristic type="APPAUTH">
<parm name="AAUTHLEVEL" value="CLIENT" />
<parm name="AAUTHTYPE" value="DIGEST" />
<parm name="AAUTHSECRET" value="dummy" />
<parm name="AAUTHDATA" value="nonce" />
</characteristic>
<characteristic type="APPAUTH">
<parm name="AAUTHLEVEL" value="APPSRV" />
<parm name="AAUTHTYPE" value="DIGEST" />
<parm name="AAUTHNAME" value="dummy" />
<parm name="AAUTHSECRET" value="dummy"/>
<parm name="AAUTHDATA" value="nonce" />
</characteristic>
</characteristic>
<characteristic type="DMClient">
<characteristic type="Provider">
<characteristic type="MDMServer">
<characteristic type="Poll">
<parm name="NumberOfFirstRetries" value="8" datatype="integer" />
<parm name="IntervalForFirstSetOfRetries" value="15" datatype="integer" />
<parm name="NumberOfSecondRetries" value="5" datatype="integer" />
<parm name="IntervalForSecondSetOfRetries" value="3" datatype="integer" />
<parm name="NumberOfRemainingScheduledRetries" value="0"
datatype="integer" />
<parm name="IntervalForRemainingScheduledRetries" value="1560"
datatype="integer" />
</characteristic>
<parm name="EntDeviceName" value="WP8Device"
datatype="string" />
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>
Hello Sapna
This forum handles requests related to Open Specifications documentation issues. The Open Specifications can be found at: http://msdn2.microsoft.com/en-us/library/cc203350.aspx. Your question does not appear to be related to the Open Specifications documentation set as windows phone MDM implementation is not based on MS-MDM\MS-MDE specifications.
I suggest you try the following forums to get your question answered -
Windows Phone Development forums - http://social.msdn.microsoft.com/Forums/wpapps/en-US/home?category=wpapps
For general assistance on active directory or certificate authority, Windows Server Directory Services: http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS
Thanks
这篇关于Windows Phone 8.1 MDM实施:证书注册问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
