After upgrading to Mobile Security (TMMS) for Enterprise 9.1, you cannot connect iOS devices to Local Communication Server (LCS) with "Error [Return] RC=1004" and "Error [Return] RC=1005". Moreover, ports 2195, 2196, and 5223 are allowed in Firewall both ways.
Unsuccessful enrollment of your device to TMMS server might be due to incorrect configurations of the enrollment settings and Communication Server settings. To ensure that your device can successfully connect to LCS, do any of the following:
-
Disable Simple Certificate Enrollment Protocol (SCEP) Settings
- Open the TMMS console.
- Go to Administration > Communication Server Settings > iOS settings > SCEP Settings.
- On the Simple Certificate Enrollment Protocol (SCEP) Settings window, uncheck the Enable SCEP checkbox.
SCEP works with certificate authority to handle issuance and revocation of digital certificates in large enterprises. In TMMS 8.0, it is required to enable SCEP. However, it is now optional to have this enabled in TMMS 9.0 or above versions. Certificate issues might be the cause of the connection issues.
-
Check the Communication Server Settings
Sometimes, iOS mobile device agents are unable to enroll to the TMMS server when the SCEP server uses IPv6 numeric address to enroll IOS mobile devices. To modify this configuration:
- Open the TMMS console.
- Go to Administration > Communication Server Settings > Common Settings.
- Use IPv4 address, which is the default configuration, instead of hostname or FQDN to avoid the communication server to use IPv6 address.
- Make sure that your device has a “Healthy” status. At first, it will be “Out of sync”.
This is beyond Trend Micro’s control. The device needs time to sync as the process is long.
