SentrySentry => MIFS Portal SSL CA not TrustedSentry => ATS (Apple Transport

1. Sentry
2. Sentry => MIFS Portal SSL CA not Trusted
3. Sentry => ATS (Apple Transport Security) compliance failed on MIFS Portal (Port 443) for minimum keysize
4.  
5. ==> Neues Sentry-SSL-Zertifikat einspielen!
6. 27.07.2018 läuft Wildcard-Zertifikat aus (über 1 Jahr)
7. Sentry 1
8. nur ActiveSync / nur PassThrough
9. kein Attachement Control
10. für Louts Notes Server 1: 217.5.167.22
11. IP: 217.5.167.16 (sentry.schunk.com)
12. Sentry 2
13. nur ActiveSync / nur PassThrough
14. kein Attachement Control
15. für Lotus Notes Server 2: (POP) 217.5.167.13
16. IP: 217.5.167.28 (sentry2.schunk.com)
17. Sentry 3
18. nur AppTunnel / IdentityCertificate (CN=com, CN=schunk, CN=apptunnel; 2043-08-14)
19. TCP_ANY / ANY (kein CIF_ANY; kein IP_ANY)
20. IP: 217.5.167.14 (sentry3.schunk.com)
21. Alle Sentry: Zertifikat ist nicht Trusted. Es wird kein Trusted Certificate verteilt.
22. ==> SSL Zertifikat erneuern / eintragen!
23.  
24. MDM
25. Settings
26. Delete Retired Devices
27. aktuell werden die Geräte gar nicht gelöscht. => evtl. 21 - 49 Tage
28. APNS-Zertifikat läuft aus 2017-11-04 (noch 5 Monate)
29. Application Management
30. Aktualisieren der Anwendungen:
31. (Android) IBM Verse, Lookout for Work, Secure Apps Manager (In-House; alte Version hochgeladen)
32. Entfernen der alten (nicht mehr installierten Versionen)
33. Aktualisieren der MobileIron Applikationen (Mobile@Work)
34. (iPad) CRM-Pad (neu Wrappen) [2.1.0.3062]
35. CRMpad_v2.1.0_12.12.2016 70c9da07-4c91-4f5f-b536-dcfae434fa3c
36.  
37. (iPad) Sales Toolbox (neu Wrappen) [2.2.6]
38. STB Distrib 2017-09 8afadd04-ccba-4fe8-8a41-20ec0685eb9a
39.  
40. Verantwortlich für die Apps:
41. Hr. Gey, Ronny (+49 7133 103-2100)
42. Hr. Schieferdecker, Marcel (+49 7133 103-2545)
43.  
44. System Manager / CLI
45.  
46. Admin Portal
47. user-test: admin (local), administrator (local),
48.  
49.  
50.  
51. Dokumentation
52.  
53. Mobile-Test
54.  
55. Hostname: mobile-test.schunk.com
56. IP: 217.5.167.3 / 255.255.255.224
57. DNS: 194.25.0.60 / 194.25.0.68 / 217.5.167.2
58. Gateway: 217.5.167.17
59. [keine Static Hosts]
60. NTP: 217.5.167.2
61. CLI: ssh-yes; telnet-no
62. SNMP: [keine]
63. SMTP: 217.5.167.18:25 / mobileiron-test@de.schunk.com / no-auth / no-ssl
64. user: (system) admin, (portal) admin
65. zertifikate: *.schunk.com / *.schunk.com / *.schunk.com / 2018-07-27
66. ACL: User: 10.149.0.0/16 , System: 10.149.0.0/16,10.49.0.0/16
67. Update: user. schunk; auto-platform-update
68. storage: 3 partitionen; 12% used
69. service-diag: alles okay
70. Version: 9.3.0.0 Build 44
71.  
72. Mobile(Prod.)
73.  
74. Hostname: mobile.schunk.com
75. IP: 217.5.167.15 / 255.255.255.224
76. DNS: 194.25.0.60 / 194.25.0.68 / 217.5.167.2
77. Gateway: 217.5.167.17
78. Static-Host: sentry3.schunk.com
79. NTP: 217.5.167.2
80. CLI: ssh-yes, telnet-no
81. SNMP: 10.149.20.1:162 / SNMPSCHUNK / v2
82. SMTP: 10.77.22.88:25 / mobileiron@de.schunk.com / no-auth / no-ssl
83. user: (system) Admin, (portal) Admin
84. Zertifikate: *.schunk.com / *.schunk.com / *.schunk.com / 2018-07-27
85. ACL: User: 10.149.0.0/16;10.49.0.0/16, Admin: 10.149.0.0/16;10.49.0.0/16, System: 10.149.0.0/16;10.49.0.0/16, Atlas: 10.149.0.0/16;10.49.0.0/16
86. Update: user: schunk; auto-platform-update
87. storage: 3 partitions; 22% used
88. service-diag: !! mail-server not reachable; alles andere okay
89. Version: 9.0.1.1 Build 2
90.  
91. Sentry-Test
92.  
93. Hostname: sentry-test.schunk.com
94. IP: 217.5.167.25 / 255.255.255.224
95. DNS: 194.25.0.60 / 194.25.0.68 / 217.5.167.2
96. Gateway: 217.5.167.17
97. Static-Host: traveler-test.schunk.int
98. NTP: 217.5.167.2
99. CLI: ssh-no; telnet-no
100. SNMP: [keine]
101. SMTP: no
102. User: admin
103. Zertifikate: *.schunk.com
104. adm-Zertifikat: mobileiron !!!!!!! ändern
105. Update: User: schunk
106. Storage: 3 disks - okay
107. Service-Diag: alles okay
108. Version 9.0.2 Build 5
109.  
110. Sentry-1:
111.  
112. Hostname: sentry.schunk.com
113. IP: 217.5.167.16 / 255.255.255.224
114. DNS: 217.5.167.2 / 8.8.8.8 / -.-.-.-
115. Gateway: 217.5.167.17
116. Static-Host: [keine]
117. NTP: 217.5.167.2
118. CLI: ssh-yes, telnet-yes
119. SNMP: 10.149.20.1:162 / SNMPSCHUNK / v2
120. SMTP: [keine]
121. User: Admin
122. Zertifikat: *.schunk.com / 2018-07-27
123. adm-Zertifikat: mobileiron !!!!!!! ändern
124. Update: User: schunk
125. Storage: 10 disks - keine Updates möglich!
126. Service-Diag: alles okay
127. Version: 7.5.1 Build 16
128.  
129. Sentry-2:
130.  
131. Hostname: sentry2.schunk.com
132. IP: 217.5.167.28 / 255.255.255.224
133. DNS: 217.5.167.2 / 8.8.8.8 / -.-.-.-
134. Static-Host: [keine]
135. NTP: 217.5.167.2
136. CLI: ssh-yes, telnet-yes
137. SNMP: 10.149.20.1:162 / SNMPSCHUNK / v2
138. SMTP: [keine]
139. User: Admin
140. Zertifikate: *.schunk.com / 2018-07-27
141. adm-Zertifikat: mobileiron !!!!!!! ändern
142. Update: User: schunk
143. Storage: 10 disks - keine Uodates möglich!
144. Service-Diag: alles okay
145. Version: 7.5.1 Build 16
146.  
147. Sentry-3:
148.  
149. Hostname: sentry3.schunk.com
150. IP: 217.5.167.14 / 255.255.255.224
151. DNS: 194.25.0.60 / 194.25.0.68 / 217.5.167.2
152. Static-Host: mobile.schunk.com / sentry3.schunk.com
153. NTP: 217.5.167.2
154. CLI: ssh-no, telnet-no
155. SNMP: 10.149.20.1:162 / SNMPSCHUNK / v2
156. SMTP: [keine]
157. User: Admin
158. Zertifikate: *.schunk.com
159. adm-Zertifikat: mobileiron !!!!!!! ändern
160. Update: User: schunk
161. Storage: 3 disks - alles okay.
162. Service-Diag: alles okay
163. Version: 7.5.1 Build 16
164.  
165. Local CAs
166.  
167. (prod) iOS Enterprise AppStore CA [default]
168. RSA / 2048 / SHA1 / 10950 / CN=iOS Enterprise AppStore CA
169. CLIENT_AUTHENTICATION
170.  
171. (prod) Windows Phone Enrollment CA [default]
172. RSA / 2048 SHA1 / 10950 / CN=Windows Phone Enrollment CA
173. CLIENT_AUTHENTICATION
174.  
175. (prod) AppTunnel CA [2013-08-21]
176. RSA / SHA1 / 10950 / CN=com, CN=schunk, CN=apptunnel
177. CLIENT_AUTHENTICATION
178.  
179. (test) iOS Enterprise AppStore CA [default]
180. RSA / 2048 / SHA1 / 10950 / CN=iOS Enterprise AppStore CA
181. CLIENT_AUTHENTICATION
182.  
183. (test) Windows Phone Enrollment CA [default]
184. RSA / 2048 SHA1 / 10950 / CN=Windows Phone Enrollment CA
185. CLIENT_AUTHENTICATION
186.  
187. (test) AppTunnel CA [2015-01-21]
188. RSA / SHA256 / 10950 / CN=apptunnel, CN=schunk, CN=com
189.  
190. (test) Tunnel CA [2016-08-01]
191. RSA / SHA256 / 10950 / CN=Tunnel
192.  
193. (test) Windows Cert Auth CA [default]
194. RSA / SHA384 / 3650 / CN=Windows Cert Auth CA
195.  
196. Notes
197. Passwort von Sentry3 unterscheidet sich von den anderen Systemen. Benutzernamen des Administrators sind nicht auf allen Systemen identisch. (Case-Sensitive)
198. SSH und Telnet Einstellungen sind nicht auf allen Systemen identisch.
199. DNS Einstellungen sind nicht auf allen Systemen identisch.
200. Static-Host Einträge sind nicht auf allen Systemen eingetragen.
201.  
202. Config
203. Zwei Sentry für zwei Mail-Server:
204. Sentry1: IBM Traveler (traveler.schunk.com; 217.5.167.22) | v9
205. Sentry2: IBM Traveler (xxxx; 217.5.167.13) | v9
206.  
207. Auf iPhone wird nativer E-Mail Client verwendet.
208. Auf Android wird aktuell Symantec Touchdown verwendet (früher Nitrodesk).
209.  
210. SCEP
211. Schunk AppTunnel SCEP
212. RSA / 2048 / SHA1 / CN=AppTunnelCer, CN=Schunk, CN=com / AppTunnel CA
213.  
214.  
215. LDAP
216. ldap://10.49.4.23:389 | ldap://10.49.4.24:389 (emea.ads.local)
217. User: emea\s000025
218.  
219. ldap://10.49.4.93:389 | ldap://10.49.4.93:389 (na.ads.local)
220. User: na\s000025
221.  
222. ldap://10.49.4.128:389 | ldap://10.49.4.128:389 (apac.ads.local)
223. User: apac\s000025
224.  
225. VPN
226. Schunk VPN (nur IT; 3 devices)
227. Server: 217.5.167.6
228. User: $USERID$
229. Type: PPTP
230. Password: Password
231.  
232. SCHUNK Tunnel (0 devices)
233. Server: sentry3.schunk.com
234. User: -
235. Type: MobileIron Tunnel
236. Password: Certificate
237.  
238. VPP
239. Apple-ID: apple-id.vpp@de.schunk.com
240. Expires on: 2017-07-29
241. Licences: 52.500 Licences
242.  
243. DEP
244. Apple-ID: apple-id.vpp@de.schunk.com
245. Expires on: 2017-07-11
246. Devices: 289
247. Profiles: 1 (default)
248.  
249. Policys
250.  
251.  
252.  
253. Labels
254. Es gibt 79 Labels.
255. Für AD-Anbindung gibt es "DELFN-MDM-xxx"-Gruppen. Diese sind mit den gleichnamigen AD-Gruppen verknüpft und werden verwendet, um E-Mail Konfiguration, In-House Apps und WLAN Profile zu verteilen.
256.  
257. Beispiele:
258.  
259. DELFN-MDM-OUTSIDE-SALES-GERMANY
260. ("user.ldap.groups.name" = "DELFN-MDM-OUTSIDE-SALES-GERMANY") AND "common.retired" = false
261. (Devices: 107 | User 87) enthält WiFi-Konfig
262.  
263. DELFN-MDM-TRAVELER-Android
264. ("user.ldap.groups.name" = "DELFN-MDM-TRAVELER" AND "common.platform_name" starts with "Android") AND "common.retired" = false
265. (Devices: 28 | User 28) enthält Exchange-Konfig für Android (ink. Touchdown)
266.  
267. GLO-APP-JAM
268. ("user.ldap.groups.name" = "GLO-APP-JAM") AND "common.retired" = false
269. Enthält App "SAP JAM" für iOS-Geräte
270.  
271.  
272.  
273. Auflistung aller Labels inkl. Criteria:
274.  
275. All-Smartphones ( "common.retired"=false)
276. Android ("common.platform"="Android" AND "common.retired"=false)
277. Android WLAN (manual)
278. CNSGH-MDM-SAP-C4C-TEST ("user.ldap.groups.name" = "CNSGH-MDM-SAP-C4C-TEST") AND "common.retired" = false
279. Company-Owned "common.owner"="COMPANY" AND "common.retired"=false
280. DELFN-ADM-MDM ("user.ldap.groups.name" = "DELFN-ADM-MDM") AND "common.retired" = false
281. DELFN-MDM-CRMPAD ("user.ldap.groups.name" = "DELFN-MDM-CRMPAD") AND "common.retired" = false
282. DELFN-MDM-OUTSIDE-SALES-GERMANY ("user.ldap.groups.name" = "DELFN-MDM-OUTSIDE-SALES-GERMANY") AND "common.retired" = false
283. DELFN-MDM-SCHUNK-IPAD ("user.ldap.groups.name" = "DELFN-MDM-SCHUNK-IPAD" AND "common.model" starts with "iPad" AND "common.retired" = false AND "common.retired" = false) AND "common.retired" = false
284. DELFN-MDM-SCHUNK-IPAD-GERMANY ("user.ldap.groups.name" = "DELFN-MDM-SCHUNK-IPAD" AND "user.email_address" ends with "de.schunk.com" AND "common.model" starts with "iPad" AND "common.retired" = false AND "common.retired" = false) AND "common.retired" = false
285. DELFN-MDM-STANDARD ("user.ldap.groups.name" = "DELFN-MDM-STANDARD") AND "common.retired" = false
286. DELFN-MDM-TRAVELER-Android ("user.ldap.groups.name" = "DELFN-MDM-TRAVELER" AND "common.platform_name" starts with "Android") AND "common.retired" = false
287. DELFN-MDM-TRAVELER-iOS ("common.platform_name" starts with "iOS" AND "user.ldap.groups.name" = "DELFN-MDM-TRAVELER") AND "common.retired" = false
288. DELFN-MDM-TRAVELER-POP-Android ("user.ldap.groups.name" = "DELFN-MDM-TRAVELER-POP" AND "common.platform_name" starts with "Android") AND "common.retired" = false
289. DELFN-MDM-TRAVELER-POP-iOS ("common.platform_name" starts with "iOS" AND "user.ldap.groups.name" = "DELFN-MDM-TRAVELER-POP") AND "common.retired" = false
290. DELFN-MDM-VIP ("user.ldap.groups.name" = "DELFN-MDM-VIP") AND "common.retired" = false
291. Employee-Owned ("common.owner"="EMPLOYEE" AND "common.retired"=false)
292. GLO-APP-C4C ("user.ldap.groups.name" = "GLO-APP-C4C") AND "common.retired" = false
293. GLO-APP-JAM ("user.ldap.groups.name" = "GLO-APP-JAM") AND "common.retired" = false
294. GLO-APP-STB ("user.ldap.groups.name" = "GLO-APP-STB") AND "common.retired" = false
295. INTEC-PL (manual)
296. iOS ("common.platform"="iOS" AND "common.retired"=false)
297. IOS 8.3 ("common.os_version" = "8.3") AND "common.retired" = false
298. IOS Asia (manual)
299. iOS Enterprise AppStore (manual)
300. IOS Europa (manual)
301. iOS Germany (manual)
302. IOS USA (manual)
303. IOS USA/MX/CA/BR (manual)
304. iOS-Asia (("common.platform" = "iOS" AND "user.email_address" ends with "kr.schunk.com" OR "user.email_address" ends with "cn.schunk.com" OR "user.email_address" ends with "in.schunk.com" OR "user.email_address" ends with "sg.schunk.com") AND "common.retired" = false)
305. iOS-Europa (("common.platform" = "iOS" AND "user.email_address" ends with "at.schunk.com" OR "user.email_address" ends with "be.schunk.com" OR "user.email_address" ends with "cz.schunk.com" OR "user.email_address" ends with "dk.schunk.com" OR "user.email_address" ends with "fi.schunk.com" OR "user.email_address" ends with "fr.schunk.com" OR "user.email_address" ends with "tr.schunk.com" OR "user.email_address" ends with "hu.schunk.com" OR "user.email_address" ends with "it.schunk.com" OR "user.email_address" ends with "nl.schunk.com" OR "user.email_address" ends with "no.schunk.com" OR "user.email_address" ends with "pl.schunk.com" OR "user.email_address" ends with "es.schunk.com" OR "user.email_address" ends with "ru.schunk.com" OR "user.email_address" ends with "sk.schunk.com" OR "user.email_address" ends with "se.schunk.com" OR "user.email_address" ends with "ch.schunk.com" OR "user.email_address" ends with "gb.schunk.com") AND "common.retired" = false)
306. iOS-Germany (("common.platform" = "iOS" AND "user.email_address" ends with "de.schunk.com") AND "common.retired" = false)
307. iOS-USA (("common.platform" = "iOS" AND "user.email_address" ends with "us.schunk.com") AND "common.retired" = false)
308. iOS-USA/MX/CA/BR (("common.platform" = "iOS" AND "user.email_address" ends with "us.schunk.com" OR "user.email_address" ends with "mx.schunk.com" OR "user.email_address" ends with "br.schunk.com" OR "user.email_address" ends with "ca.schunk.com") AND "common.retired" = false)
309. IT-Admin (manual)
310. Lookout for Work (manual)
311. MES - Deactivated (manual)
312. MES - High Risk (manual)
313. MES - LostConnectivity (manual)
314. MES - Low Risk (manual)
315. MES - Medium Risk (manual)
316. MES - Pending (manual)
317. MES - Secured (manual)
318. MES - Threats Present (manual)
319. No App Control (manual)
320. no Lock Screen (manual)
321. OS X ("common.platform"="OS X" AND "common.retired"=false)
322. Retired Devices ("common.retired" = true AND "common.last_connected_at" <= "now-1d")
323. SAP C4C (manual)
324. SAP JAM (manual)
325. Schunk Multiuser iPads (manual)
326. Schunk outside sales Germany iPads (manual)
327. Schunk Traveler (manual)
328. Schunk Traveler Android (manual)
329. Schunk Traveler Mailbox C4C-Support (manual)
330. Schunk Traveler Mailbox JAM-Support (manual)
331. Schunk Traveler Mailbox SAP-Basis Admin (manual)
332. Schunk Traveler Mailbox SAP-Servicedesk (manual)
333. Schunk Traveler Mailbox SAP-Servicedesk (manual)
334. Schunk Traveler Mailbox SAP-Servicemanagement (manual)
335. Schunk Traveler POP(manual)
336. Schunk Traveler POP Android (manual)
337. Signed-Out ("common.noncompliance_reasons" = "LOGGED_OUT" AND "common.retired"=false)
338. Test CRMpad (manual)
339. Test CRMpad 2 (manual)
340. Test HPW (manual)
341. Test IBM Verse (manual)
342. Test Sales Toolbox (manual)
343. Test Sales Toolbox v2 (manual)
344. Test SAP (manual)
345. Test Tunnel App (manual)
346. TestSecurityPolicy (manual)
347. VIP GL No App Control (manual)
348. Windows (("common.platform_name" = "Windows 8.1" OR "common.platform_name" = "Windows 10" AND "windows_phone.wp_phone" = false) AND "common.retired" = false)
349. Windows Phone (("common.platform" = "Windows Phone" OR "common.platform_name" = "Windows 10" AND "windows_phone.wp_phone" = true) AND "common.retired" = false)