Skip Headers
Oracle® Fusion Middleware Troubleshooting Guide for Oracle Mobile Security Suite
Release 3.0.1
Part Number E51929-03
Go to Documentation Home
Home		 Go to Table of Contents
Contents		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
PDF · Mobi · ePub

9 Mobile Device Troubleshooting Tips

This chapter describes how to troubleshoot mobile devices.

It contains the following sections:

9.1 General Troubleshooting

The following are some general tips for troubleshooting mobile devices:

  1. Ensure that the Mobile Security Access Server host name can be resolved by the mobile device.

  2. Ensure that the PAC files are accessible from the URL location specified in the mobile configuration.

  3. Ensure that the Mobile Security Access Server host name as specified in the PAC files can be resolved by DNS.

  4. Ensure that the Mobile Security Access Server name matches the PROXY statement in the PAC file on the OMSAS.

  5. If the Mobile Security Administrative Console server is deployed behind the Mobile Security Access Server, ensure that there is a PROXY statement for the Mobile Security Administrative Console server in the PAC files.

  6. If the mobile device is configured for WIFI, ensure that the proxy with the URL of the bmax.pac file is specified.

  7. If the mobile device is configured for VPN, ensure that the proxy with the URL of bmax.pac file is specified on the VPN and is not needed in the WIFI configuration.

  8. Ensure that the Mobile Security Access Server configuration files, named bmax_config.json or bmconfig_*.json, are correctly configured in the Mobile Security Container application settings.

  9. If the Mobile Security Access Server is configured for PKINIT or KINIT authentication, ensure that the user account being used is not locked in Active Directory.

  10. If the Mobile Security Access Server is configured for Oracle Access Manager authentication, ensure that the user account is not locked.

  11. If the Mobile Security Access Server is configured for PKINIT authentication, ensure that client certificates have the correct attributes for mutual authentication and smart-card login.

  12. If the Mobile Security Access Server is configured for PKINIT authentication, ensure that the CA certificate chain for the Mobile Security Access Server certificate is installed in the mobile device key chain (network profiles).

9.2 SSL Troubleshooting

See Section 5.1, "SSL Troubleshooting."

9.3 Turning on Client Debug Logs

Navigate to the Mobile Security Container application settings. Turn on Log Mode and set Log Level to Debug.

9.4 Normal Sequence of Request for Registration and Authentication

During the normal registration process for a Mobile Security Container, the following sequence of requests should appear in the access.log file of the Mobile Security Access Server:

  1. A sequence of requests to an authentication URL, with the expected response of HTTP 407. The number of requests may be different depending on the authentication method being used. The UPN or user ID of the authenticating user should appear at the beginning of the line associated with the authentication request. These requests occur every authentication.

  2. A final request to an authentication URL, with the expected response of HTTP 200 or HTTP 302. A response of HTTP 200 means that the authentication was initiated directly within the Mobile Security Container, while a response of HTTP 302 means that the authentication was initiated by a redirect from an external application such as the Safari web browser or a containerized app. If an HTTP 403 is returned in response to any authentication request, it means that the authentication failed. This request occurs every authentication.

  3. A request to /action. This request sets up the container for offline authentication and PIN/Password reset. This request only occurs during registration and PIN/Password resets.

  4. A request to /ecp/ecpservice/registercontainer. This request registers the container with the Mobile Security Administrative Console server. The expected response is HTTP 200. This request only occurs during registration.

  5. A request to /ecp/ecpservice/policy/get. This is a request to retrieve the policies associated with the container. The expected response is HTTP 200. This request occurs every authentication.

  6. A request to /ecp/ecpservice/settings/get. This is a request to retrieve the company settings. The expected response is HTTP 200. This request occurs every authentication.

  7. A request to /ecp/ecpservice/getcommands. This is a request to retrieve pending commands for the container. The expected response is HTTP 200. This request occurs periodically after registration.

Depending on the deployment configuration, there will also be a number of requests to the bmax.pac file and stunnel.pac. If there are no requests to the stunnel.pac or bmax.pac it likely means that the Mobile Security Access Server is not accessible from the mobile device.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Table of Contents
Contents		 Go to Feedback page
Contact Us