com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_link3' is unknown.

FAQ

Owned by Former user (Deleted)
Last updated: Mar 03, 2015
4 min read

General EMM questions

Why do I get the “keytool error: java.io.IOException: Invalid keystore format” error when trying to import the CA (ca.p12) / RA (ra.p12) into the wso2emm.jks file?

If this issue occurs, delete the wso2emm.jks file and try to import the CA (ca.p12) and RA (ra.p12) to the wso2emm.jks file, which is in the <EMM_HOME>/repository/resources/security/ directory. This will create a new wso2emm.jks.

Why do I get the “Error self signed certificate getting chain” error when trying to export the RA file as a PKCS12 file with an alias as explained in Step 6(c)?

This error occurs when the Common Name (CN) for the Certificate Authority (CA), Registration Authority (RA) and SSL certificates are the same. These three certificates should have a different name where the CN of SSL should be the IP address / Domain.

How can I obtain the TOPIC ID from the MDM signing certificate (MDM_Certificate.pem)?

The TOPIC ID is the UID or User ID of the certificate. This can be obtained by executing the following command:
openssl x509 -in MDM_Certificate.pem -text -noout

Why do I get the “No certificate matches private key” message when trying to convert the MDM_APNSCert.pem file into a MDM_APNSCert.pfx file?

This issue occurs when the private key used is not the same as the one that was used to create the customer.csr, which was sent to us to generate the signed certificate (encoded plist).

Why can't I enroll an Android device to a tenant admin?

The super admin is required to log into the EMM console at least once because only then does the APIs, which are used by the device to connect to the EMM server, get published and the super tenant gets subscribed to it. The tenant admins are then required to log into the EMM console at least once so that the tenants also get subscribed to the APIs published by the Super tenant.

Follow the instructions mentioned below:

  1. Get a fresh EMM pack and start the server.
  2. Go to the EMM console (example: https://localhost:9443/emm) and login using the super tenant credentials.
  3. Create the tenant that you need to use via the Carbon Console (https://localhost:9443/carbon/admin/login.jsp)
  4. Go to EMM and log in with the newly created tenant credentials.
  5. Register the Android device.
Why does the following error message appear in an iOS device when enrolling: “Profile Installation Failed. The server certificate for “https://xxxxxxxxxx/emm/profile” is invalid”?

This is a common error that is displayed by the iOS device when there is an issue in installing the Profile. Please check and make sure that the following are correct:

  1. The generated Certificate Authority (CA) and Registration Authority (RA) certificates should be of version 3 format. In addition, check if the KeyUsage parameters for the certificates are correct.
  2. Verify whether the Common Name (CN) of the SSL certificate has the correct domain name. This requested when generating the CSR for the SSL certificate as mentioned in step 5(b).
  3. Ensure that the certificates are imported into the correct JKS and that the <EMM_HOME>/repository/conf/emm-config.xml file is correctly configured as mentioned in the documentation.
Why does the following error occur: “ERROR {com.notnoop.apns.internal.ApnsConnectionImpl} - Couldn’t connect to APNS server {com.notnoop.apns.internal.ApnsConnectionImpl} java.net.UnknownHostException: gateway.sandbox.push.apple.com” in the console?

This error occurs when the EMM server tries to connect to the Sandbox URL with a production certificate. The common reason for this error is because the iOS MDM Configurations MODE is set as Developer in the iOS Settings page (EMM Console). Whereas, the MODE should be set as Production.

What are the list of ports that need to be opened for WSO2 EMM?

The list of ports that need to be opened are mentioned in the documentation.

Does WSO2 generate the iOS agent app, push certificates etc.?

WSO2 will not create the iOS agent app or create the push certificates. However, WSO2 provides a guide on how to generate the following:

Can I create an iOS app, deploy it in EMM store and install it into my iOS device?

Apple currently provides two developer programs for iOS app development, namely:

  • iOS Developer Program
    This is the program that allows developers to develop iOS apps and publish it in the Apple app store. Using this program, apps can only be installed on apple devices if its UDID is added to the developer’s portal (This is for testing the app on a device before publishing to Apple app store).
  • iOS Enterprise Program 
    This is program is used to deploy apps within the Enterprise without having to publish the app in Apple app store. This allows the Enterprise to maintain their apps in their own app store.
Why can't I download the iOS agent app from a fresh pack?

By default, only the .apk for the Android agent is shipped with the EMM pack (in the <EMM_HOME>/repository/deployment/server/jaggeryapps/emm/client_app/ directory). The iOS agent needs to be cloned from GitHub and thereafter the steps mentioned in the documentation need to be followed to be able to obtain the iOS agent app.

Troubleshooting related questions

Why does the following error message occur: "Message: JAXP00010001: The parser has encountered more than "64000" entity expansions in this document; this is the limit imposed by the JDK."?

This error occurs in JDK 1.7.0_45 as all XML readers share the same XMLSecurityManager and XMLLimitAnalyzer. When the total count of all readers hits the entity expansion limit, which is 64000 by default, the XMLLimitanalyzer's total counter is accumulated and the XMLInputFactory cannot create more readers. If you still want to use JDK 1.7.0_45, try restarting the server with a higher value assigned to the DentityExpansionLimit using one of the following methods.

For example:

  • Execute the following command
    ./<EMM_HOME>/bin/wso2server.sh -DentityExpansionLimit=1000000
     
  • Set the value of JAVA_OPTS in the <EMM_HOME>/bin/wso2server.sh file.

Note that this bug has been fixed in JDK 1.7.0_51 onwards.

Why does the following error occur: "keytool error: java.io.IOException: Invalid keystore format"?

If you enter the wrong private key password when importing the <CA>.p12 or <RA>.p12 files, the wso2emm.jks file will get corrupted and the above error message will appear.

In such a situation, delete the wso2emm.jks file and execute the following command to import the generated <CA>.p12 and <RA>.p12 files into the wso2emm.jks file again.
keytool -importkeystore -srckeystore <CA/RA>.p12 -srcstoretype PKCS12 -destkeystore wso2emm.jks

When the above command is executed, EMM will automatically create a new wso2emm.jks file with the imported file.

 

com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links2' is unknown.