Recently our Azure Notification Hub became a very mysterious entity. When Apple devices register we can see them in Service Bus Explorer and as soon as we try sending any notifications (from SBE or Azure Portal) we get a "Notification Successful" message, but nothing appears on the device. Refreshing registration list uncovers the fact that the registrations were deleted.
We are not removing them anywhere in code, and the TTL has not expired.
Any suggestions?
Notification hub cleans up registrations with invalid tokens during the send flow. Looks like for some reasons APNS rejects your tokens and NH just removes registrations. Make sure:
you are getting token from physical device (not emulator);
APNS certificate uploaded to NH is not expired;
APNS certificate uploaded to NH corresponds APNS endpoint you are
using in application (sandbox or production).
Turns out the front end guys were unsubscribing too eagerly. Removing the unsubscribe code sorted out the issue. Also there was a problem with the APNS certificate, in order to run the front end app in debug it requires a sandbox certificate, not a production one, for the messages to be delivered properly.
We had this exact error, but it turned out we were accidently using a "distribution" provisioning profile with a "development"/ sandbox push notification certificate. After switching to a development provisioning profile, push notifications worked!
Related
I'm developing an iOS MDM Server as my project and I have almost completed.
I created all the necessary files manually including the mobileconfig file and installed the profile.
The device polls the URL mentioned in Server URL often with an Idle message.I read that the Idle message indicates that the device is checking the server for commands and we can send plist response as a command.
My question is, if all the devices poll the MDM Server frequently, what is need for .pem file and APNs certificate. Should we send push notification to the device like below like we send push notifications to our iOS apps.
{
"aps": {
"id": 10,
"message": "Hello world!",
"from": "Ram"
}
}
If this is what we should do, what should we send in the payload?
EDIT :
I found out the solution for sending push notifications.
com.notnoop.apns.ApnsService apnsservice = com.notnoop.apns.APNS.newService().withCert(<pushCertStream>,<pushCertPass>).withProductionDestination().build();
apnsservice.push(token, com.notnoop.apns.APNS.newPayload().mdm(pushMagic)).build());
When push notification is sent like this, the device responds with an Idle Message and we can send commands to the device.
Few more doubts :
1) When does apple check the SSL Certificate of the profile? I'm sure it checks during profile installation because my profile installation has failed many times due to wrong SSL Certificat. Does Apple also check the SSL Certificate when sending push notification as I have noticed a class com.notnoop.exceptions.InvalidSSLConfig? Does it check whether the server sending push notification has the SSL Certificate specified in the profile?
EDIT
When server send push notification to the device, the device responds with an Idle Message to the URL specified in Server URL. What happens if the SSL Certificate is invalid at this point. Does it produce an error?
2) Can multiple servers have the same push notification certificate to reduce the load on a single server to send push notification and send commands to devices? Will there be any conflict?
3) Is there any limit to the no. of push notifications sent using a single push notification certificate? If not, can it handle any number of push notifications?
4) Can the Check-in URL and Server URL in the profile be different?
EDIT
Can the Check-in URL and Server URL be of different servers i.e .,
CheckIN URL : https://www.domainone.com/MDM/
Server URL : https://www.domaintwo.com/MDM/
5) First question in this link(Least important) Though the solution talks about expiration of SSL Certificate, it does not say about changing of SSL Certificate.
EDIT 2
When a push notification certificate is renewed, how does a device with profile already installed update the certificate details in the device's profile?
1) When MDM Server sends push notification to the device, the device responds to the Server by contacting the Server URL. The SSL Certificate of the server has to match the SSL Certificate Payload in the profile. If there are any conflicts, there will be an error. So, the SSL Certificate is checked everytime the device contacts Serverl URL. The below error will be produced if there are any conflicts.
Desc : The Server Certificate for "Server URL" is invalid.
Domain : MCHTTPTransactionErrorDomain
2) Yes, multiple servers can have the same push notification certificate. Each server just need to know the password of the certificate.
3) I don't think there is any limit to the no. of push notifications sent. Check below links.
Reference 1
Reference 2
4) Your Server URL and Check-in URL can be different but should be of same host.
5) If the SSL Certificate is changed, the profile has to be deleted and a new profile has to be installed.
1) hmm AFAIK if your server has a SSL certificate then signing the profile with that certificate only verifies it. In terms of functionality I don't think it does anything. However, you do also need a certificate that is related to your server this is the one that goes inside the plist as part of the payload. It'll need to be the same one that server has. (Usually in a .p12 format)
2) Yes you can have multiple servers because essentially sending a push notification is just a request to apple with proper credentials.
3) I don't believe there is a limit to how many push notifications a certificate can send... but more so how frequently you're sending them. (for e.g. flooding apple with push notification requests)
4) Yes I strongly believe so but you should double check this
5) Again SSL certificate only just makes the profile verified AFAIK (if we're strictly talking about mdm). (edit: I forgot that there was another .p12 certificate that you could embed inside the profile. This provides authentication between the device and the server and will need to be the same SSL cert).
First of all may be it will be a duplicate question, but due to curiosity I have asked.
I have an application in which push notifications are used, I have prepared, created all the required things for it and at last I have checked the notifications on this link: https://pushtry.com/. All are working well. NOw the problem is that, when admin wants to send the notification from their admin panel the push notifications are not receiving in iOS device.
I have update all the necessary certificates, pem files, methods for iOS 10 etc, but I don't get received the notifictions from admin panel, as per backend, when we send notifications it shows notification send successfully and showing no error for it. I don't know whats wrong going.
Any sugesstions....
First check all the validations or verifications like certificate, pem file and other things are updated on iOS and backend side. This will ensures that nothing error or fault at both ends.
Now reinstall the app in iOS, Clear all notification ids or apns token table from database. On installing the app, you will see there are few apis token available. Now open your admin panel and test again, it will works correctly.
Firstly I want to confirm which certificate you are used for the app developer or distribution.Because there are different ways for sending the notification for both(developer or distribution). Like I am using php services at backend.When I am using developer certificate my backend developer used 'ssl://gateway.sandbox.push.apple.com:2195', $err,
and when I used distribution certificate he used
//'ssl://gateway.push.apple.com:2195', $err.
Thanks
my app use apns to send notifications, after one year, the cert file had expired,
but my CSR(.certSigningRequest) cannot been found, here is the question.
If i create a new CSR file, and new ios aps_distribution, do i need submit a new
app to AppStore?
No you don't.
You certificate is only used to access Apple's APNS from your server (or your PUSH service provider's). Your app will not expire.
Edit:
i use javapns-2.2 to send notification to my app, when use
aps_development cert, i can receive the message, but when i use the
new created aps_distribution, it shows send success, but my app cannot
receive msg, do you know why? or do you know how to test production
push?
As Aanabidden stated, don't forget that you can't use a production certificate for development and a development certificate for production. Apple's servers are separated for those schemes and an invalid certificates won't work.
I have implemented APNS in my iOS application project (by following Ray Wenderlich's tutorial).
After installing app on my device I am getting an alert that "AppName" would like to send you Push Notification". press "OK" or "Don't allow". I pressed OK.
Now after running code I successfully get device token and then send that device token to my server.
The server guy is saving my device token and sends me a push message, and then he is getting message message sent successfully, but my device is not receiving any message.
It's really becoming difficult for me to figure out where I am going wrong. Some say your certificate might be corrupt. If my certificate is corrupt then how is my app getting a device token?
I am using iPhone3GS(iOS6) device (I know it's really old model).
I have been trying to figure this out for more than a week, but no success.
So guys I need your help to figure where I am going wrong.
Thanks
The app doesn't use the certificate in order to register to APNS and get a device token. Only the server uses the certificate. Therefore it is possible the certificate is corrupt or expired.
It's also possible the server is trying to push to on push environment (sandbox or production) while the app was built with a provisioning profile that contains push entitlements for the other environment.
In addition, make sure the certificate being used by the server belongs to the same push environment that the server is connecting to.
Am attempting to add push notifications to an application that I have created. I followed the apple guide and am able to register the device for post notifications receiving a devicetoken value from APNS. The trouble occurs when I attempt to send data to the APNS to send, I always have my connection refused.
The only thing that i have done that is non standard is that the private key for the push notification certificate was created by a non-team agent (but through the Team agents account). Does anyone know if the team agent has to generate the private key for the push notification?
If you are using Ad Hoc prov. profile, don't use sandbox apns, use the production server.
Both team agents and admins should have their private keys on their machines, they should be able to create the necessary certificates.
Is there a reason that you want to setup your own push notification server? You can just use Urbanairship which provides free push notification services.
If you still need to set up your own server, info on generating your certificates can be found here. Make sure that you're connecting to the right push server on Apple's side. There are different server's for debugging and production purposes.