Windows 8.1 MDM发现问题。 [英] windows 8.1 MDM discovery problem.

问题描述

首先，请告诉我是否有更好的论坛发布此问题。



我正在尝试为Windows 8.1实施MDM支持而我是陷入发现阶段。我在myserver.mydomain.com上有一台MDM服务器，我已完成以下操作：
$


    - 在Windows 8.1机器上，为了模仿DNS并测试windows mdm客户端，我设置本地主机将enterpriseenrollment.mysever.mydomain.com映射到我的服务器IP。这是为了弥补dns阶段，因为用户提供了user@myserver.mydomain.com
的电子邮件地址进行注册，然后内置客户端将enterpriseenrollment.myserver.mydomain.com作为发现服务器进行尝试。 />
    - 在myserver，我们确保它在https://enterpriseenrollment.myserver.mydomain.com/EnrollmentServer/Discovery.svc上实现发现SOAP响应，因此根据文档返回正确的发现消息。

    - 我们为enterpriseenrollment.myserver.mydomain.com提供了自我证明的证书。
    - 我们还确保我们设置Windows受信任的根证书颁发机构，以将enterpriseenrollment.myserver.mydomain.com的自签名证书添加到其可信证书列表中。


但我们仍然遇到发现问题。发生的事情是我们在发现服务器上获得了两条GET消息（文档中没有提到），然后我们得到一条包含输入发现肥皂信封的帖子消息，然后我们返回正确的响应。
但是之后客户端不会发送更多的肥皂请求，它会弹出一条消息"我们现在无法连接到您需要的服务。检查你的网络连接或稍后再试一次"这意味着它仍然不满意发现
响应消息。

我还在这里附加了输入/输出soap交换：



输入：

< s：信封xmlns：a =" http：//www.w3.org/2005/08/addressing" xmlns：s =" http：//www.w3.org/2003/05/soap-envelope">

  &NBSP; &NBSP; &NBSP; < s：标题>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < a：操作s：mustUnderstand =" 1"> http：//schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/Discover< / a：操作>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < a：MessageID> urn：uuid：748132ec-a575-4329-b01b-6171a9cf8478< / a：MessageID>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < a：回复>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < a：地址> http：//www.w3.org/2005/08/addressing/anonymous< / a：地址>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < / a：ReplyTo>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < a：To s：mustUnderstand =" 1"> https://EnterpriseEnrollment.myserverl.mydomain.com:443/EnrollmentServer / Discovery.svc< / a：To>

  &NBSP; &NBSP; &NBSP; < / s：标题>

  &NBSP; &NBSP; &NBSP; < s：正文>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < Discover xmlns =" http：//schemas.microsoft.com/windows/management/2012/01/enrollment">

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < request xmlns：i =" http：//www.w3.org/2001/XMLSchema-instance">

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < EmailAddress> user@myserverl.mydomain.com< / EmailAddress>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < RequestVersion> 1.0< / RequestVersion>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < / request>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < / Discover>

  &NBSP; &NBSP; &NBSP; < / s：正文>

< / s：信封>
$


输出：

< s：Envelope xmlns：s =" http：//www.w3.org/2003/05/soap-envelope" xmlns：a =" http：//www.w3.org/2005/08/addressing">

< s：标题>

< a：操作s：mustUnderstand =" 1"> http：//schemas.microsoft .com / windows / management / 2012/01 / enrollment / IDiscoveryService / DiscoverResponse< / a：Action>

< ActivityId> d9eb2fdd-e38a-46ee-bd93-aea9dc86a3b8< / ActivityId>

< a：RelatesTo> urn：uuid：748132ec-a575 -4329-b01b-6171a9cf8478< / a：RelatesTo>

< / s：Header>

< s：Body xmlns：xsi =" http：//www.w3.org/2001/XMLSchema-instance" xmlns：xsd =" http：//www.w3.org/2001/XMLSchema">

< DiscoverResponse xmlns =" http://schemas.microsoft.com/windows/management/2012/01/enrollment">

< ; DiscoverResult> &NBSP; &NBSP;   

< AuthPolicy> federated< / AuthPolicy> &NBSP;   

< EnrollmentPolicyServiceUrl> https://myserverl.mydomain.com/getcertpolicy< / EnrollmentPolicyServiceUrl> &NBSP;  

< EnrollmentServiceUrl> https://myserverl.mydomain.com/enrolldevice< / EnrollmentServiceUrl> &NBSP; &NBSP; &NBSP;  

< AuthenticationServiceUrl> https://myserverl.mydomain.com/authenticateservice< / AuthenticationServiceUrl>

< / DiscoverResult>

< / DiscoverResponse>

< / s：Body>

< / s：Envelope>

First of all, let me know if there is a better forum to post this question.

I am trying to implement MDM support for windows 8.1 and I am stuck at discovery phase. I have an MDM server at myserver.mydomain.com and I have done the following:

   - On the windows 8.1 machine, to mimic DNS and to test windows mdm client, I set up local host to map enterpriseenrollment.mysever.mydomain.com to my server IP. This is to make up for dns phase as the user gives the email address of user@myserver.mydomain.com to enroll, then built-in client trys the enterpriseenrollment.myserver.mydomain.com as discovery server.
   - At myserver we made sure it implements discovery soap respone at https://enterpriseenrollment.myserver.mydomain.com/EnrollmentServer/Discovery.svc and hence returns the proper discovery message as per documentation.
   - We have a self-sgined certificate for enterpriseenrollment.myserver.mydomain.com
   - We also made sure that the we set Windows Trusted Root Certificate Authority to have the self-signed certificate of enterpriseenrollment.myserver.mydomain.com added to the list of its trusted certificates

But we still have problem with discovery. What happens is that we get two GET messages on discovery server (which is not mentioned in the documentation) and then we get a post message which has the input discovery soap envelope  and we return proper response. But the client does not send further soap requests after that and it gives a pop message that "We can’t connect to the service you need right now. Check your network connection or try this again later" so it means that it is still not happy with the discovery response message.
I also attached input/output soap exchange here:

Input:
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">
        <s:Header>
                <a:Action s:mustUnderstand="1">http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/Discover</a:Action>
                <a:MessageID>urn:uuid:748132ec-a575-4329-b01b-6171a9cf8478</a:MessageID>
                <a:ReplyTo>
                        <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
                </a:ReplyTo>
                <a:To s:mustUnderstand="1">https://EnterpriseEnrollment.myserverl.mydomain.com:443/EnrollmentServer/Discovery.svc</a:To>
        </s:Header>
        <s:Body>
                <Discover xmlns="http://schemas.microsoft.com/windows/management/2012/01/enrollment">
                        <request xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
                                <EmailAddress>user@myserverl.mydomain.com</EmailAddress>
                                <RequestVersion>1.0</RequestVersion>
                        </request>
                </Discover>
        </s:Body>
</s:Envelope>

Output:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/DiscoverResponse</a:Action>
<ActivityId>d9eb2fdd-e38a-46ee-bd93-aea9dc86a3b8</ActivityId>
<a:RelatesTo>urn:uuid:748132ec-a575-4329-b01b-6171a9cf8478</a:RelatesTo>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<DiscoverResponse xmlns="http://schemas.microsoft.com/windows/management/2012/01/enrollment">
<DiscoverResult>       
<AuthPolicy>federated</AuthPolicy>     
<EnrollmentPolicyServiceUrl>https://myserverl.mydomain.com/getcertpolicy</EnrollmentPolicyServiceUrl>    
<EnrollmentServiceUrl>https://myserverl.mydomain.com/enrolldevice</EnrollmentServiceUrl>        
<AuthenticationServiceUrl>https://myserverl.mydomain.com/authenticateservice</AuthenticationServiceUrl>
</DiscoverResult>
</DiscoverResponse>
</s:Body>
</s:Envelope>

推荐答案

请告诉我们如何在Windows 8.1预览中访问提到的内置客户端？我已经在内部更改了hosts文件以指向我的本地开发linux服务器。我使用了工作区设置，输入的电子邮件地址和点击的加入按钮。
以下是我上述练习中观察到的步骤：

Please can you tell us how do we access the mentioned inbuilt client in windows 8.1 preview? I have internally changed the hosts file to point to my local development linux server. I have used workplace settings, entered email address and clicked join button. Following are steps observed as part of my above exercise:

1。它创建了一个GET请求（http://enterpriseenrollment.mydomain.com/EnrollmentServer/Discovery.svc），服务器返回200状态。

1. It created a GET request (http://enterpriseenrollment.mydomain.com/EnrollmentServer/Discovery.svc) and the server returned 200 status.

2。之后没有生成带有SOAP消息的POST请求（在WP8注册中就是这样）。

2. No POST request with SOAP message has been generated after that (In WP8 enrollment it happens so).

也可以共享在Windows 8.1设备和您之间进行的网络呼叫服务器？您的服务器是否使用自签名证书来处理客户端的HTTPS请求？

Also is it possible to share your network calls that are being made between Windows 8.1 device and your server? Does your server uses a self-signed certificate to handle HTTPS request for your client?

提前感谢您的支持。

这篇关于Windows 8.1 MDM发现问题。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！