Security

Reply
MVP
Posts: 1,110
Registered: ‎10-11-2011

Onboard Android - Unable to Resolve Hostname

[ Edited ]

I'm testing the onboard process for Androids and running into a DNS error.  When attempting to load the profile, QuickConnect says "There was an error in configuring your device.  Cannot download Device credentials from Onboard server: Unable to resolve host..."  I verified with a network app on my Android that CPPM's host name is not resolvable.  This isn't an issue for things like Guest captive portal because I used a different FQDN in my captive portal that resolve to the CPPM IP.  As far as I can tell, QuickConnect is attempting to connect to the CPPM Hostname configured under Policy Manager > Administration > Server Manager > Server Configuration, which like I said is different from the FQDN I use for guest.  The hostname configured here isn't a FQDN, which I believe is part of the problem.

 

I just wanted to confirm this before I append the domain name.  Also, any chance I'll screw up anything if I change the hostname on the fly?  Will it affected devices that have already been onboarded?  This CPPM server is the publisher.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Aruba
Posts: 1,536
Registered: ‎06-12-2012

Re: Onboard Android - Unable to Resolve Hostname

Do you have the landing.php in the redirect. If so try it without
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Onboard Android - Unable to Resolve Hostname

Sorry, I just want to make sure it's understood that the issue is with QuickConnect "Install Network Profile" step - not captive portal.

 

QuickConnect is attemping to connect to the CPPM Hostname (which isn't fully qualified) rather than the DNS alias I setup (the alias is used in the captive portal redirect instead of the CPPM Hostname). The client can't resolve the CPPM Hostname because we don't pass a default domain scope option for the client to append to non-fully qualified name lookups.  So the client attempts to go to "CPPM-server" instead of "CPPM-server.domain.com", which fails.  The QuickConnect error message states "No address associated with hostname" so I'm pretty sure fully qualifying the Hostname of the CPPM server will resolve the issue.

 

Sorry - long-winded explanation to basically ask "can I change the CPPM hostname without causing any issues"?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Onboard Android - Unable to Resolve Hostname

[ Edited ]

Resolved my issue and learned two things in the process:

 

  1. It is possible to tell the Android Onboarding client which address to use for onboarding.
    Go to: Onboard + Workspace > Deployment and Provisioining > Provisioning Settings
    Edit your provisioning settings.
    Click the Onboard Client button.
    Click the Provisioning Address drop-down to modify the URL that the client uses.

  2. You can change the hostname of the CPPM server, but you need to be aware of the following:
    A) You'll have to rejoin the CPPM server to your domain(s).

    B) If CP is your onboarding CA, your OCSP URL will change and any onboarded devices will fail to authenticate if you do an OCSP check for EAP-TLS.  You fix this, you could create a new authentication method and override the OCSP URL, stop validating OCSP, or re-onboard your devices.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Search Airheads
Showing results for 
Search instead for 
Did you mean: