"The push notification could not be sent - Error -44" displayed on the Sophos Mobile Control server when trying to synchronize or manage iOS devices

  • Article ID: 119235
  • Rating:
  • 18 customers rated this article 1.2 out of 6
  • Updated: 03 Jul 2013

Issue

Sending out profiles or tasks to iOS devices is currently not possible. The error reported in the Sophos Mobile Control task view is:

"The push notification could not be sent. Error code -44".

Within the server.log of Sophos Mobile Control the following error is logged:
25.04.2013 08:54:35,222 ERROR EJB-Timer-1366859198319[target=jboss.j2ee:jndiName=ejb/Scheduler,service=EJB smartphone_solutions.smartman.scheduler] Could not send Apple Push Notification for device "Id:XXX, CustomerId:X, Name:devicename, Os:iOS 6.1.3, Managed:true, Compliant:true"
25.04.2013 08:54:35,222 Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca

First seen in

Sophos Mobile Control as a Service
Sophos Mobile Control

Operating systems
iOS

Cause
Due to changes at Apple, the SSL connection to the APNS gateway is currently unavailable.

What To Do

Although this issue is probably not caused by Sophos, Sophos Support is working to remedy this situation with high priority. Currently there are no workarounds or fixes available.

This article will be updated as soon as new information becomes available.

To decrease the amount of exception emails being sent out by the Sophos Mobile Control server due to this problem, you can increase the sync value for iOS devices as described in article 118792. This means that the Sophos Mobile Control server does not try to trigger iOS devices that often causing the emails to be send out.

If you have configured a Compliance criteria that includes the "Max Synchronization gap settings" and disallows active sync, it is possible to increase the value to keep your devices compliant. This way, devices can still get emails even though they haven't synchronized for some time due to the APNS problem.

UPDATE 26.04.0013:

The Apple Push Notification service works again after the problem was corrected by Apple.

Additional information about the root cause:

All APNS Messages are signed with an SSL Client Certificate. This SSL Client Certificate is signed by an Apple CA Certificate.
As of thursday morning 26.04.2013 CEST Apple did not trust their own CA Certificate anymore. This resulted in all the Client Certificates to be invalid since they could not be checked anymore.

If you have done any of the changes mentioned above to reduce the email traffic and to keep the devices compliant, you can now revert them.
Sophos Mobile Control should work as expected again

 

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments