Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Resolving communication issue between iOS 13 and Trend Micro Mobile Security for Enterprise LCS

    • Updated:
    • 15 Aug 2019
    • Product/Version:
    • Mobile Security for Enterprise 9.8
    • Platform:
    • iOS All
Summary

This article is recommended for the following users:

  • Using Local Communication Server (LCS) and self-signed certificate
  • Enrolled iOS 12 and below devices

Below are the possible impact of the issue:

  • All enrolled iOS 12 and below devices which are upgraded to iOS 13 will have commnunication issue with LCS server.
  • Upgraded iOS devices need to re-enroll to TMMS server.
  • All iOS 13 devices cannot enroll successfully to LCS server.
Details
Public

This happens due to the new security requirements of iOS 13 for TLS server certificates. The procedure below is best to be implemented before iOS 13 release.

To resolve the issue:

  1. Deploy TMMS 9.8 SP2 Patch 1.
  2. Create a new directory named "NewCA" in the LCS.
  3. On the Communication Server root directory, copy the following files to the NewCA directory:
    • ccs.exe
    • CertConfigTool.exe
    • configuration.xml
    • gencert.bat
    • libeay32.dll
    • log4cxx.dll
    • mfc100u.dll
    • openssl.exe
    • openssl_gencert.cnf
    • ssleay32.dll
  4. On the NewCA directory, double-click CertConfigTool.exe to run the tool.
  5. Select Create a new self-signed certificate and then click Next.

    Create a new self-signed certificate

  6. Input the Common Name and Password, which should be the same as the old credentials, and click Next. Once completed, the new CA is generated.

    Use the existing Common Name and Password

  7. Copy tmmsmdm-ca.pem and rename it to tmmsmdm-ca.crt.
  8. Log into the TMMS web console and go to Administration > Certificate Management.
  9. Click Add and browse for tmmsmdm-ca.crt file, then click OK. No need to enter a password.

    Add certificate

    Certificate Management

  10. Under Certificate Policy of Policy For Group, tick the Enable certificate deployment option.
  11. Import TMMSMDM-CA, which is recently added in Step 9.

    Import TMMSMDM-CA

  12. Save the policy. The policy will then be deployed to all iOS devices.
  13. Make sure the certificate policy is deployed successfully.
    1. Go to Settings > General.
    2. Select Device Management.
    3. Click MDM Enrollment Profile and click More Details.
    4. Verify that the iOS device shows two (2) entries of "TMMSMDM-CA" certificates. One is for 1024-bit and another is for 2048-bit.

    Verify the two copies of TMMSMDM-CA

  14.  
    Before the new CA is deployed to all enrolled iOS 12 devices, do NOT upgrade to iOS 13 and do NOT proceed to Step 15 yet. If you proceed to Step 15, all enrolled iOS 12 and below devices without successfully deploying the new CA will not be able to communicate with TMMS server, and they need to re-enroll again.
    ​ Once the new CA is deployed, upgrade iOS 12 devices to iOS 13. After the upgrade, all iOS 13 devices cannot successfully enroll yet, please proceed to the following steps.
  15. When the upgrade is complete, back up the following files located in the Communication Server root directory:
    • communication-server-cert.p12
    • tmmsmdm-ca.pem
    • ca directory
    • configuration.xml
  16. Copy the following files from the NewCA directory and paste them to the Communication Server root directory, to replace the old ones:
    • communication-server-cert.p12
    • tmmsmdm-ca.pem
    • ca directory
    • configuration.xml
  17. Restart the Mobile Security Communication Server service first, and then restart the Mobile Security Management Module Service after.
  18. All the enrolled iOS 13 devices don't deploy the new CA yet. Please re-enroll the devices again.

The iOS 13 devices can now successfully communicate with LCS.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1123479
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.