Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1252
Views
1
Helpful
6
Replies

ISE and MobileIron

sampathss
Cisco Employee
Cisco Employee

‎02-28-2018 07:38 AM

ISE Version 2.1 P3

MobileIron Version - VSP 5.9.2 Build 11 (Branch boise-vsp-5.9.2)

Mobile Iron successfully integrated with ISE.

Phone shows up in MobileIron.

Using the MDM attribute DeviceRegisterStatus equals Registered in the policy set.

When connecting to the respective wireless network, it's not hitting the corresponding MDM policy at all and goes to default as it's not matching anything.

The log shows the following:

cisco.cpm.mdm.api.MdmClient -::::- getMacList: device with mac: , phoneIdType: UNKNOWN, phoneId: null  not found in MDM Server: MobileIron.

Any idea what might be going wrong here? It looks like ISE is sending the query to MDM, but seeing the above error. Does this also mean the device is not registered properly or MDM not seeing it as registered?

Thanks

Sampath

6 Replies 6

hslai
Cisco Employee
Cisco Employee

‎03-02-2018 07:06 PM

Assuming you removed MAC address from the log entry, it appears searching by the endpoint MAC address and not finding it.

0 Helpful

sampathss
Cisco Employee
Cisco Employee
In response to hslai

‎03-03-2018 02:16 PM

Yes, the mac address was removed on the above log entry. Is there a way to add the Mac address of the respective device into Mobile Iron?

The customer is registering their phone using Users which is synced with their LDAP server. Not sure why they are doing that way. But doing that way would be causing the issue of not able to finding the device?

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to sampathss

‎03-03-2018 02:48 PM

MobileIron MDM needs to get the MAC addresses of the devices.

Apple MDM Protocol Reference… shows the payloads may contain an AccessRights of 32 to allow query of the Network Infomation (phone/SIM numbers, MAC addresses).

Please ask the customer to consult with MobileIron if needing instructions how to set that up.

0 Helpful

sampathss
Cisco Employee
Cisco Employee
In response to hslai

‎03-05-2018 06:44 AM

Hsing,

I have asked the customer to open a support ticket on the mobile iron side as well.

By any chance, is there any internal document that shows the method of registering the device into Mobile iron?

Thanks

Sampath

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to sampathss

‎03-05-2018 01:35 PM

In the past, we used MobileIron Mobile@work app to enroll endpoints.

This 2013 CVD should still have some helpful info -- https://marketplace.mobileiron.com/servlet/servlet.FileDownload?file=00P3400000wVm2VEAS

0 Helpful

sampathss
Cisco Employee
Cisco Employee
In response to hslai

‎03-06-2018 06:36 AM

We used this doc initially to get it Integrated. But could not get help from this doc with the current issue.

0 Helpful
Customers Also Viewed These Support Documents