GMS18 - Device State -- Never Connected --

HI All,

OK my new gms18 sever .... ALL LOOKS perfect, dsapp is happy with every little thing ... i have tried secure 443 and port 80 for the devices, nothing else on server is listening on port 443 or port 80 .. is the same for both . for internal testing (awaiting for firewall guys to open from public), i setup my local laptop (done this before aswell before i go production with the server) to test in the meantime.

1. I can setup the account ( with MS mail app (yes gms is set to allow ALL apps, including outlook and outlook mobile , it authenticates 100% , and says it is going to fetch my mail... but nothing ever reaches the account .. on the mobile server side .. it still says no devices ever connected yet i have autheticated with the device ..shouldn’t that already register as "device connected" ?..(only me and my other 2 admin added as users for now to test).

2. i have re-installed now about 3 of 4 times .. nothing?...

3. I did changed the name of the server but re-inslled about 3 x tmes after that .. and the name in hosts = lfsx14 lfsx14.nwpg.gov.za and in hostname = lfsx14.nwpg.gov.za anywhere else it need to be changed?..maybe this is the issue something on the name of the server?.

Kind Regards,

Thys
Parents
  • In article <tdebeer.8jf8fb@no-mx.forums.microfocus.com>, Tdebeer wrote:
    > I did changed the name of the server


    as long as it is correct and remains the same as you proceed with the
    install should be good, but what is correct can hang us up.
    The full name needs to be how the devices see it and they have to
    resolve to it.
    So lfsx14.nwpg.gov.za needs to be
    A) directly resolvable by the device(s) (I see this isn't public yet)
    B) needs to match the certificates that are tied to a root CA known by
    the device. I.e. Can't be getting any cert errors when you point a
    browser to https://lfsx14.nwpg.gov.za but should get a 403 -
    Forbidden: Access is denied.
    In the early days we didn't need to be that specific, but now many
    modern devices do insist on flawless SSL/TLS without any 'errors' such
    as self minted certs.

    Check /var/log/datasync/mobility-agent.log for any activity.

    It might be worth doing a packet capture from either/both end points to
    see what is happening. To see such basics as is your 'device' actually
    getting to the GMS box and how is the SSL negotiation going.


    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!
    GMS troubleshooting tips at
    http://www.konecnyad.ca/andyk/gwmobility.htm


  • HI Andy,
    Thanx fo the reply.
    A. yes it can resolve fine, i do actually connect and authenticate (testing form internal laptop on the internal network for now)
    B. Yip i get only the 403 error, so cert looks good..
    c. even if i set it to port 80 and not 443 (certificate) it still the same result, when setup the device, my account authenticates, and says it going to "fetch my email" (MS mail app)

    lfsx14 is just the server name .. the actual dns name the users would use is nvmobile2.nwpg.gov.za .. but tried the nams as lfx14.nwpg.gov.za this morning as well..same result?
Reply
  • HI Andy,
    Thanx fo the reply.
    A. yes it can resolve fine, i do actually connect and authenticate (testing form internal laptop on the internal network for now)
    B. Yip i get only the 403 error, so cert looks good..
    c. even if i set it to port 80 and not 443 (certificate) it still the same result, when setup the device, my account authenticates, and says it going to "fetch my email" (MS mail app)

    lfsx14 is just the server name .. the actual dns name the users would use is nvmobile2.nwpg.gov.za .. but tried the nams as lfx14.nwpg.gov.za this morning as well..same result?
Children
  • Hi Thys,

    I think that might be your problem (A), you're testing has been resolving against your internal DNS servers. If I search public DNS for your server (nvmobile2.nwpg.gov.za) I get a "Non-existent domain" response. So when your mobile phones are using the public DNS they can't resolve your server DNS entry so never hit it.

    Mark.
  • HI Mark,

    Thanks, but the thing is i only test internal with a laptop (with ms mail app) ..tested like this before before i went live with previous servers (public for form outside) .. hitting the mobile server is fine from the laptop, web browser etc ... i even in the mail app authenticate so it's gotta hit the mobile server right?

    Thys
  • Hi Thys,

    Set your GMS log level to DEBUG. Try a sync on a device. Then take a close look at the mobility-agent.log file in /var/log/datasync/connectors/ for a connection from the device. Let us know what you see.

    Cheers,
  • HI Everybody,

    Well it seems the windows mail app, was the issue, took my tablet, set it op on oly wifi an only internal, with no link out, and connected to the mobility server "form inside" as if it was a pc with active-sync client, and it worked, something with that windows mail app it seems, wow and this after re-installing gms about 4 times, and then a complete new server again from scratch ... again shows you never trust what a m$ device tells you..... thanks for everybodies suggestions..

    Cheers
  • Windows 10 mail app is working fine for me. Even with autodiscover and split dns.
  • In article <tdebeer.8jgl1c@no-mx.forums.microfocus.com>, Tdebeer wrote:
    > lfsx14 is just the server name .. the actual dns name the users would
    > use is nvmobile2.nwpg.gov.za .. but tried the nams as
    > lfx14.nwpg.gov.za this morning as well..same result?


    Well there will be some of your problem. More and more devices such as
    that M$ device are getting very picky about that and just aren't
    graceful about it when the cert and names don't match 100% such as you
    likely have right now. Clearly Norman's(bahsig) system has all those
    t's crossed and i's dotted.
    I find it easiest to build GMS systems directly as if already connected
    to the Internet and only real testing once that pipe is opened.


    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!
    GMS troubleshooting tips at
    http://www.konecnyad.ca/andyk/gwmobility.htm