0
我正在使用OMA-DM協議實施我自己的MDM服務器,目前正致力於將Windows 10客戶端註冊到我的服務器。我已成功實施此鏈接中提及的「發現服務」和「政策服務」步驟:https://msdn.microsoft.com/en-us/library/windows/hardware/dn925031(v=vs.85).aspx適用於Windows 10的MDM註冊 - MS-WSTEP證書註冊
我正在嘗試完成第三步即「證書註冊」。如上述鏈接所述,客戶端向我發送請求安全令牌(RST)消息(其具有PKCS#10證書請求),並且據我瞭解,我應該在wap provisioning xml中發送根和客戶端證書。但是,在Windows 10機器上,我收到一條消息「出錯了......」。事件查看器中的管理日誌是沒有用的,並且出現以下消息:「MDM Enroll:無法接收或解析證書註冊響應。結果:(未知的Win32錯誤代碼:0x80180008)。」
我有以下問題:
1)從讀書的時候,我都理解,客戶端將在PKCS#10證書請求發送一個硬編碼的CN值,它是服務器的責任用這個相同的CN發送簽名的客戶端證書。我對嗎 ?或者是否由服務器發送任何CN似乎適合,只要wap在搜索條件參數中有主題?
2)wap配置XML有一個名爲「SSLCLIENTCERTSEARCHCRITERIA」的參數。理想值是什麼?根據我的理解,它應該是客戶證書的主題,即CN。
3)任何方式,我可以在Windows 10客戶端PC上看到更詳細的日誌?
這裏是我的WAP:
<?xml version="1.0" encoding="UTF-8" standalone="no"?><wap-provisioningdoc version="1.1">
<characteristic type="CertificateStore">
<characteristic type="Root">
<characteristic type="System">
<characteristic type="B8E6A72180B04F64CB594AEFBFDF2F0997DB6FD7">
<parm name="EncodedCertificate" value="MIIF+zCCA+OgAwIBAgIJAJE458QXNuiLMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVGVzdDENMAsGA1UEBxMEVGVzdDERMA8GA1UEChMIVGVzdCBPcmcxFjAUBgNVBAsTDVRlc3Qgb3JnIHVuaXQxFTATBgNVBAMTDFdTTzIgUm9vdCBDQTEcMBoGCSqGSIb3DQEJARYNcm9vdEB3c28yLmNvbTAeFw0xNTAxMjcxMjUxMjRaFw0xNzEwMjMxMjUxMjRaMIGLMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVGVzdDENMAsGA1UEBxMEVGVzdDERMA8GA1UEChMIVGVzdCBPcmcxFjAUBgNVBAsTDVRlc3Qgb3JnIHVuaXQxFTATBgNVBAMTDFdTTzIgUm9vdCBDQTEcMBoGCSqGSIb3DQEJARYNcm9vdEB3c28yLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANJ756zjlkNKJf9O80qwFWxlwr4vOa80oaGXaO8Luj8ZNb7zyGATppTmZi2brRVfNPGHhN/0REb5+Gcf0xvk1b5Wp4E+JoDKfZMwOVQsMVmKYHqopgiiE28L/YoNd0XmZA0J03nfQ4rzYggwQX7oRsW/AptkdURV4i8xD3SsqDGDZyYxQVDkj55nrweEd5FWOnYvvpdbFJ4WanJmGe1WRtLMJ0jFi7tw9Wc7W/5+fvIA9bvHDHoG1VlfyjQUSvTLlAN7Ui0ztXTcOZuN3HI0putMQRyaAD7Ljl7E1ROiqMhN/z80Bck8Yi7ELOmq+cJOir/4CAamj8SugZ0iXo922slrSemWL9tjNT7MFmjFXmgIfVmaJF7OxKyxHhO8gJKTlU2KSJJH2CzMwnGdRFrDlsAotVjGLYFWHUN4HW2uA2crEEmk+UduwnVMazqUwBFxv+INf0U55bsXTv7C3L06IUaTBvxhxKQmzj9BeQGwWAC2Co4s5riT2ttivSRlXijPIEDTfmvE/fjj4KfQQOTY3+EejacMe6gb/qVsCZ1g9Tbk7WLgjYHBuOQSAz3lwPPqPY+6CakeL29wWyPg7pGzR6lMcYItUdHJuNsTijs0x6Xi1O5iIuL2o0vl8FRH+tZFm3ujtCIHprjUgcn6aOR9Ms/NkUJCziKKAb4KoohNFgr/AgMBAAGjYDBeMB0GA1UdDgQWBBSDhLDYVCYhJsxvK1ZNV05qGGVajjAfBgNVHSMEGDAWgBSDhLDYVCYhJsxvK1ZNV05qGGVajjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAykqOsxHV43Bx24+7DfxLNYyafBayHacQ4uwtldwexyQBfIyJKjhzZUSvl37zhFPhJRJHogFIds+FoqaQsF8PvI/YSKs3UYRhje2mJan79lEArCd+3zDGmzQhmutVo7C1bCQuujV8YLIJGvvcnMcHnMLpc5CfjzmI2C6qMZ5XgpHx/Mhindllqr0ZVvqRive0A2svW1k47XWB7BIfx/aoZ1viPHDNYVuYZ6j/NAFv8/Fu3n/TfYOJ5rz0NPGHYXnmFcgGxtYTu5u6Q9YVdDLZv9lqYbMRSdiQ8SVDzwxft9N5g6/VoXLoMpCS7/6jR3J0GbG2r/vr024QMOHDZHQDjkAVUBni6/bRHqj389RnOXhQ+TSlx/hGgtdTpZRv63PjAqTCdDAhazWAgG/W+dxUhAywiOYHeXincuuDER0ypkfGcaUvbN9/mWtGJvtW+L9OlTj3LQlXD2ORehz5itS3eV0DVkscCOLzzkVLtIJeew1oRmiADNOUe5A6V0cW5HIFi9F7Recqv9lGphwQeq+2cmvUKkSPcx+Z/SHTT/nIOioqxxafJhci5dAEsPgtzxnA6QqPQtxOj46aZxQh5+hzZ/1CQq3UThDdQreJL51c+NOSZFQh6YVpJH6ZdSldBJnHjbS7RL/bv2kl1Pmv808T+iG+GpDw2XljwsI6TL8ACok="/>
</characteristic>
</characteristic>
</characteristic>
</characteristic>
<characteristic type="CertificateStore">
<characteristic type="My">
<characteristic type="User">
<characteristic type="8C0765870005BC084563F0D359AE41177CEB4F1C">
<parm name="EncodedCertificate" value="MIIEazCCAlOgAwIBAgIGAVNVq4FVMA0GCSqGSIb3DQEBCwUAMIGLMRwwGgYJKoZIhvcNAQkBFg1yb290QHdzbzIuY29tMRUwEwYDVQQDDAxXU08yIFJvb3QgQ0ExFjAUBgNVBAsMDVRlc3Qgb3JnIHVuaXQxETAPBgNVBAoMCFRlc3QgT3JnMQ0wCwYDVQQHDARUZXN0MQ0wCwYDVQQIDARUZXN0MQswCQYDVQQGEwJVUzAgFw0xNjAzMDYxMDAwMTZaGA8yMTE2MDMwODEwMDAxNlowSzFJMEcGA1UEAwxAMEM1OUJBQjAtQUU0Ny00NDlDLTkyQ0QtRTEyMjM2MyFEMzdCNzM1Nzc0MUVGNDRFQTI4NUQwRDYzNzFGNzBBQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOF6TccENSlWosUpeh4ILwFu50vbvgYLoTgE1eVqP+SqPwdWAs9zfCexKqp0ySFV6lVvx8YRVgXpBpLV4Co6mqED18EqsS0OgpdiyowBhWh0yFwxXb7gVYmB+2s6vHoYTf2+mseWDMHiJbiZsJd+jep8+ZLUeMq2YZwz3uB8pbZ5v1AJjRs2kCOA99G8TKMF6kY0rlOaEIb4rhLolBOxgS8V7rhND6+e0ruTspLeoHKxUcw+Udh2jFA6uIkjWqdarFcx3a18a7JK8mCxY1bA5YrVDr+DCKgwFNwQYUW8n3y/REVSFaoKVjtZWdtCGx0NNTEgmg1Qilx0ckrStAwuFBkCAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4ICAQBrpXVXQtx3DMzmNQBVcthaM7Tr7/EEmrqwkgwWlnPKVWPKgps+dPhulgQ9fNvcfiGrra6L6NYmU92g16G8DgmH7CCjwWsHWeETWjegcNMn4a0lX81HCS+8yb62+i5U3Jz5/eU4QL5iJZabT5iMfe7oE1enP+o5BzfKa4ce+gk2Id/WoIdTPmsTge+vPGXl8D0x+wk/AV/SzsFuv5u12K19H/3Sta0jjQl+VVLkwHiKxQ6SUmR+E4HIX+f9903fONYZGLXQJrVadG+lP2ydHOyYss8efbVNkTA3/VkUApG1Wx5P+WdFWtJBgZxajO5mosrNOJaCZ/5SVxmEf/7LH4I5JSfr4WXGponTw/TCWsdyklY3z18E4w+Go8KMseITGThtPhuZ9Uxg6LrE/SFSHqhEaMinbGW1LlvXXui6CqbHC6+ytQHzm40OAp1Wfp/+yyaegOxZTNePFKtzoQg/bJzgdHLEDU2L2fxHFPSNHGXpMKryCVGYta5Zapy4Mwa9fkA2vaSDq1FXW12wzPjal8pc4C0mBq5WAd/99u6xhsAHUrimIOzq92ifw9z9zVR37qYPi4tFuhyVvxRrblciGmS9/LWkDcYezrpBKnrSAo8qEySgJcoENlc3x906vh4TLrJdjjEIRSWiCrmTGP32o/cYIvZa8J5v0ysJzX4jaw769g=="/>
</characteristic>
<characteristic type="PrivateKeyContainer"/>
</characteristic>
<characteristic type="WSTEP">
<characteristic type="Renew">
<parm datatype="boolean" name="ROBOSupport" value="true"/>
<parm datatype="integer" name="RenewPeriod" value="60"/>
<parm datatype="integer" name="RetryInterval" value="4"/>
</characteristic>
</characteristic>
</characteristic>
</characteristic>
<characteristic type="APPLICATION">
<parm name="APPID" value="w7"/>
<parm name="PROVIDER-ID" value="MDMServer"/>
<parm name="NAME" value="test"/>
<parm name="ADDR" value="https://dhruvesh.auth.hpicorp.net/services/oma-dm/ws/syncml/initialquery"/>
<parm name="CONNRETRYFREQ" value="6"/>
<parm name="INITIALBACKOFFTIME" value="30000"/>
<parm name="MAXBACKOFFTIME" value="120000"/>
<parm name="BACKCOMPATRETRYDISABLED"/>
<parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml"/>
<parm name="SSLCLIENTCERTSEARCHCRITERIA" value="Subject=CN%3D0C59BAB0-AE47-449C-92CD-E122363!D37B7357741EF44EA285D0D6371F70AC&amp;Stores=My%5CUser"/>
<characteristic type="APPAUTH">
<parm name="AAUTHLEVEL" value="CLIENT"/>
<parm name="AAUTHTYPE" value="DIGEST"/>
<parm name="AAUTHSECRET" value="password1"/> <!-- Have a doubt about this field and the one below. Whose passwords and nonce do they mean? -->
<parm name="AAUTHDATA" value="nonce"/>
</characteristic>
<characteristic type="APPAUTH">
<parm name="AAUTHLEVEL" value="APPSRV"/>
<parm name="AAUTHTYPE" value="BASIC"/>
<parm name="AAUTHNAME" value="[email protected]"/> <!-- Have a doubt about this field and the one below. Whose username and passwords do they mean? -->
<parm name="AAUTHSECRET" value="[email protected]"/>
</characteristic>
</characteristic>
<characteristic type="DMClient">
<characteristic type="Provider">
<characteristic type="MDMServer">
<parm datatype="string" name="UPN" value="[email protected]"/> <!-- Doubt about this field too. What is expected ? -->
<characteristic type="Poll">
<parm datatype="integer" name="NumberOfFirstRetries" value="8"/>
<parm datatype="integer" name="IntervalForFirstSetOfRetries" value="15"/>
<parm datatype="integer" name="NumberOfSecondRetries" value="5"/>
<parm datatype="integer" name="IntervalForSecondSetOfRetries" value="3"/>
<parm datatype="integer" name="NumberOfRemainingScheduledRetries" value="0"/>
<parm datatype="integer" name="IntervalForRemainingScheduledRetries" value="1560"/>
<parm datatype="boolean" name="PollOnLogin" value="true"/>
</characteristic>
<parm datatype="string" name="EntDeviceName" value="Administrator_Windows"/>
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>
在上面的WAP太(已經把意見有)一些疑慮。
真的卡在這裏。任何幫助真的會感謝:)