[SOLVED] iPhone provisioning with ZCS6

[Dirk]

I notice that in the preferences section of the web client, a new 'Mobile Devices' sections shows up, listing my iPhone and stating 'needs provisioning'

I assume that once provisioned, remote wipe will be possible.
So I installed the iPhone Configuration Utility and made a mobileconfig that would configure the mail settings and deployed it to the phone.

The phone still shows as unprovisioned though. I see a "configuration profiles" and "provisioning profiles" in the apple utility, but cant workout how to convert the config profile I've made, into the needed provisioning profile.

Has anyone done this?
Or, given the new code in zimbra, how what method does zimbra want me to do to change the "needs provisioning" message to "Provisioned OK" ?

[Dirk]

It turns out that I needed to delete the phone from the web client, enable mobile profiles in the admin console and then redeploy the phone.

It then shows as provisioned and I have a remote wipe button. I'll grab my spare iphone later and test this out on that, I dont fancy killing my main phone!

[ewilen]

Quote:

Originally Posted by Dirk

It turns out that I needed to delete the phone from the web client, enable mobile profiles in the admin console and then redeploy the phone.

This is good, also note that as of 6.0.5, you don't have to delete the phone from the web client.

However, I'd like to give my users the peace of mind of knowing that they can perform a remote wipe if necessary, without forcing any policies on them. In particular, I don't want to impose an auto-wipe after incorrect pin inputs no matter how many times they get their PIN/password wrong.

Does anyone know how for sure to do this? I don't care to test by setting my value (zimbraMobilePolicyMaxDevicePasswordFailedAttempts) to zero and then have my device immediately wipe itself.

Failing that, is there a known maximum value for that property? I've just confirmed via zmprov that I have zimbraMobilePolicyMaxDevicePasswordFailedAttempts at 999999999, but I would like to be sure of the maximum that system can really handle.

[ewilen]

See Bug 36978 - Expose Mobile Policy Information to Admins.

At the moment, the only sure way of disabling auto-wipe is to turn off "Force pin on device" (in zmprov, zimbraMobilePolicyDevicePasswordEnabled: FALSE).

Also, the ActiveSync spec says that if you set maximum failed password attempts before wipe, it must take a value between 4 and 16. Zimbra doesn't seem to enforce this, but I think it's prudent to only enter legal values. (I don't know what a given device will do if Zimbra sends it an illegal value.)