[Download Iphone Configuration Utility For Mac
Betty Neyhart
I am currently using the Marmalade SDK on my Windows machine to build an app. I am trying to test the app on an iPhone, and downloaded the iPhone Configuration Utility in order to do so. However, whenever I launch it, I get the following error:
iPhone configuration utility failed to locate 'Apple Mobile Device Support'. Please Reinstall the iPhone Configuration Utility. You can download the iPhone configuration Utility from http:://www.apple.com/support/iphone/enterprise.
I'm trying to distribute custom iPhone mobile config profiles from a web server, something that Apple says is perfectly acceptable. When I open the file through Safari, it says wants to open it with a 3rd party app and says there is no program on this iPhone that can open it. Here are the steps I've taken to try to troubleshoot:
I was looking into trying to do a configuration profile and found that after creating the configuration profile with the iPhone Configuration Utility, you need to make sure that the file is not compressed, here is where I found this info; _US/Enterprise_Deployment_Guide.pdf
Outside of that guide I couldn't find anything else. So if it doesn't help, then I suggest contacting Apple. It will probably be easier to just check the Apple discussion boards first and then calling AppleCare (1-800-my-iphone).
Well, thanks for looking. Its been a couple of days of my reasearch as well - to no avail. Now, I called AppleCare yesterday, the Tier 1 agent didnt know what mobileconfig files were. The Tier 2 agent assumed the entire time that I was using the mobileconfigs for tethering, and told me I needed a jailbroken phone to do what I wanted to do. I told him Apple makes the iPhone Configuration Utility, but he wasnt aware.
I finally figured it out (at least my specific issue). I've got two apps on the device that are multipurpose apps, they try to take association of files that the OS doesnt recognize. So, basically, safari doesnt recognize the mobileconfig and tries to pass it off to another app. But it fails here and doesnt tell you any info. Once I removed the apps, safari installed the mobileconfig. So maybe this is a bug with the OS, because I've had the same apps on for a while. It seems like the OS checks for the mobileconfig only if no other programs claims it can open it. But if the webserver is sending the right MIME type, and the extension is .mobileconfig - then the OS should not ask other apps.
I'm going to try to report this to Apple, we will see where it goes from there. I'll keep this thread posted so if other people search online or in the forum, they'll get the eventual answer. Thanks for your reply too!
I found them becuase when I tried to open the .mobileconfig it asked if I wanted to open the file in the particular app that was causing the problem. I finally removed that app (because I thought this was a fixable OS issue) and all of a sudden it worked.
I'm just curious how other school districts are authenticating iPads for teacher/student use. Our district just bought 650 iPad2's to start, and will be buying many more this fall. We are fairly large with 140 sites. Apple has obviously designed these devices with 1:1 personal use in mind.
I currently have three VAP's in use:
1. Guest with Captive portal
2. WPA2-PSK for Mac's (majority of our Macs are still OSX 10.4/10.5 - can't handle 802.1X reliably)
3. Secure 802.1X for district PC's
I have been brainstorming trying to figure how I will authenticate these iPads. They are going to be shared by classes of students and need to "just work". Trying to have a grade one student enter AD credentials is not going to happen. I have the Secure 802.1X VAP configured so that both machine and user authentication has to be passed before full authentication and real IP is given out. If only user authentication is passed then guest IP/role is given.
Here are some options:
1. Use guest network with captive portal
- Issue: If iPad goes to sleep and user idle timer expires, many apps fail to launch because Safari needs to be launched to accept guest captive portal agreement.
2. Use WPA2-PSK with MAC address filtering
- Issue: Managing thousands of MAC addresses is not practical, plus easy enough to spoof.
3. Use WPA2-PSK
- Issue: Security. Jailbreak for iPad2 is probably weeks away. On iPad and iPod it takes minutes and then app like WiFiPass can be downloaded to display all network SSID/key.
4. Use WPA2-E with 802.1x service account
- Issue: Service account could be comprised with Jailbreak - but deny local logon could be applied and if used on a device without a valid AD account - only guest IP/role would given. This would also get around the Captive portal issue because Safari doesn't need to be re-launched after the iPads sleep.
5. Use ArubaOS 6.1 device fingerprinting - assign iPad role
- Issue: I'm still on Aruba OS 5.0.3.0 but am planning to upgrade to 6.1 this summer. But I wouldn't really want to give any iPad detected a "district" role.
6. EAP-TLS?
- Issue: Configuration cumbersome. If iPads need to be restored on site then someone needs the iPhone configuration utility with generic iTunes account, etc.
7. Amigopod?
- Issue: Haven't tested - not familiar with product. Possibly a one time certificate load/enrollment - but how would that work if iPads are restored on site by somewhat non-technical staff?
Other thoughts:
1. AirPrint - probably more of a district policy to allow/disallow printing from iOS devices. But keeping it in mind, it definitely rules out certain authentication options because printers are currently residing in internal VLANs.
2. File sharing/streaming between MacBook/iMac and iPad. Not sure if this is already available - but if not it's definitely coming in iOS 5. Then I've got problems if I'm separating iPads and district Macs and they need to talk.
For now I have them using the guest network and have extended the user idle timeout to the max (4.25 hours). However, that's not long enough to last a full school day. I already have some teachers complaining it's inconvenient to have to accept the captive portal so often.
Any thoughts?
Thanks.
We use this option as well. We have found that 802.1x and an ad service account are the best options for shared devices. The great thing is you can limit what they can access via a role as well as limit what that username can access for added security just incase someone somehow gets the password.
Currently, we have a gmail account that is set up on each device (roughly 50) and we are just sharing that phonebook for each phone (iOS and Android). The problem is some users have changed or edited the phonebook in the past and it causes a headache for other users who may need those numbers, and then I have to go into the gmail contact section and fix all the errors, or when its bad do a restore of the phonebook database.
Greetings,
Thank you for contacting Cisco Meraki Support!
The article - _Network_Administrator_Guides/Directory_Management/Importing_C... provides steps to be followed for Meraki MC product and not MDM. Unfortunately, Meraki MDM doesn't have a feature available for pushing out the contacts to devices.
Although this feature is not available, we take our customer feedback seriously. We encourage you to use the Meraki dashboard to "make a wish" and submit a feature request. You can submit a feature request at the bottom of any dashboard page. Any wish that is made sends an email to our Product Managers and Development Teams. These wishes are taken into consideration and are used to help shape our product roadmaps. The most wished-for items are incorporated into product development.
I suppose you could use the Meraki Backpack feature and keep an updated file everyone refers to. I wonder if another app could access this file automatically and give you the ability to create your own app to manage this.
I would have suggested the Managed App Config approach but there is no API to link in to this and so any updates would be a manual grind. But again would require app development work, but if your lists are relatively small or change infrequently, it could possibly be worth the investment.
I use Owncloud for contacts syncing with IOS. Via Apple configurator (OSX) or iPhone configuration utility (WINDOWS) you can make an importable mobileconfig profile for Meraki which contains a connection to the contacts app in owncloud.
4 - share this phonebook from contacts app to another user (this user will be the user that we use in the profile for ios later) >> share the phonebook as read only (so your future clients cannot overwrite it)
I recently worked a case around deploying certificates to Apple iPhones and iPads to secure their network communications. The investigation uncovered that Apple devices can get certificates via the Simple Certificate Enrollment Protocol (SCEP), also known in the Microsoft world as Network Device Enrollment Service (NDES) in Windows Server 2008/R2.
Most of this blog is going to be covering the setup and configuration options with NDES to support the solution. If you have worked with MSCEP in the past, not much has changed other than some new registry keys to manage SCEP certificate enrollment. Enrolling for certificates against the old Windows Server 2003 SCEP-Add On utility does not work with Apple devices so Windows Server 2008 or later is required.
The Installation of NDES is straight forward, however the steps below assume that you are installing the NDES role for an Enterprise Certification Authority rather than for a Standalone CA. If you are installing this for a Standalone CA certain settings should be skipped. I would encourage you to review the NDES whitepaper for more information.
9. If you are not installing the role on a CA, you will be prompted with the screen shown below. You will need to select the Enterprise CA that should be used for the CA Web Enrollment pages. Click the browse button, and select the appropriate CA. If you want to use CA Web Enrollment Pages on a non-CA, see this blog about web enrollment proxy.
795a8134c1