Deployment Architecture

Splunk Mobile Access Server: push notifications do not work

swasserroth
Path Finder

Hi *,

after installing the Mobile Server according to the manual, I am able to access the dashboards -- everthing works as expected. Then I wanted to test push notification to the iPad. The "telnet"-command to check the connection to Apples Push service got a "connect", so the basic communication betwee mserver's host and Apple works.
But when a trigger fired, the push notification did not get thought. In the log messages for the mserver (Version 1.0.1) the following is written:
2014-12-05T23:52:52.412+01:00 - info: category=update_subscribed_alert_groups, alertGroups=[name=PoE over current port error, app=search, subscribed=true, name=EDNS Nachrichtentest, app=search, subscribed=true], worker=9
2014-12-05T23:57:13.940+01:00 - info: category=start_checking_triggered_alerts, worker=2
2014-12-05T23:57:13.940+01:00 - info: category=check_triggered_alerts, worker=2
2014-12-05T23:57:14.028+01:00 - info: category=clean_up_removed_alert_groups, alertGroups=[], worker=2
2014-12-05T23:57:14.029+01:00 - info: category=start_syncing_fired_alert_groups, worker=2
2014-12-05T23:57:14.089+01:00 - info: category=fired_alert_groups_synced, syncedAlertGroups=1, worker=2
2014-12-05T23:57:14.098+01:00 - info: category=sync_triggered_alerts, removedAlertGroups=0, syncedAlertGroups=1, sentSubscribers=1, sentMessages=1, worker=2
2014-12-05T23:57:14.098+01:00 - info: category=finish_checking_triggered_alerts, removedAlertGroups=0, syncedAlertGroups=1, sentSubscribers=1, sentMessages=1, worker=2
2014-12-05T23:57:14.846+01:00 - warn: category=apple_push_notification_socket_error, code=ECONNRESET, worker=2
2014-12-05T23:57:14.851+01:00 - warn: category=apple_push_notification_socket_error, , worker=2
2014-12-05T23:57:15.370+01:00 - warn: category=apple_push_notification_socket_error, code=ECONNRESET, worker=2
2014-12-05T23:57:15.377+01:00 - warn: category=apple_push_notification_socket_error, , worker=2
2014-12-05T23:57:15.899+01:00 - warn: category=apple_push_notification_socket_error, code=ECONNRESET, worker=2
2014-12-05T23:57:15.907+01:00 - warn: category=apple_push_notification_socket_error, , worker=2
... and this goes on forever, until I stopped the Mobile server, disabled the alarm and restarted the Mobile server. A second test confirmed this result: again after an alarm has fired, the same "warn"-messages were generated and no push happened.

Any helpful hints?
Thanks in advance,
Stephan

0 Karma
1 Solution

jzhong_splunk
Splunk Employee
Splunk Employee

Hi Stephan,

Could you please open a support ticket? We will send you an updated the push notification server certificate. The current one is revoked. Alternatively you can wait for 1 or 2 months, when the v2 mobile server is released.

View solution in original post

mzorzi
Splunk Employee
Splunk Employee

I have reviewed this with jzhong ( original answer ) to provide a more detailed response. For the point 1 in Note section: "1. I attach the new Apple Push Notification certificate." you need to contat support@splunk.com

Overview

Mobile access server talks to Apple's push notification gateway via a binary interface using SSL. The SSL certificate required for these connections is obtained from Member Center. To make the push notification work for a re-signed iOS app, mobile access server needs to use a different SSL certificate provided by customer.

Steps

1) Obtain a .p12 SSL certificate and a passphrase for communication with Apple's push notification gateway. Typically, this is a certificate used to talk to the production push notification gateway of Apple. You can find more details here:

https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificati...

I also found the descrption on this page quite extensive:

http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1

2) Copy the .p12 certificate above to a certain location in your mobile access server, which the mobile access server has the permission to access.

3) In the MOBILE_ACCESS_SERVER_HOME/server/config/config_local.json file, create/modify the following JSON properties:

{
...
"ios": {
"apn": {
"${apn_env}": {
"push_cert": "${/path/to/your/apn/ssl/certificate.p12}",
"push_passphrase": "${your_apn_passphrase}"
}
}
}
...
}

Here are three variables:

3.1) apn_env: It could be either "production" or "sandbox" depending on which push notification gateway you need to connect to. Typically it is "production".

3.2) "push_cert" value: it should be a path to your APN SSL certificate p12 file in step 2.

3.3) "push_passphrase" value: it should be the passphrase for the p12 certificate.

4) Once the change is done, restart your server.

Notes

  1. I attach the new Apple Push Notification certificate.

  2. The v1 customer doesn’t need to update the /server/config/config_local.json. They can stop the mobile access server, then replace this p12 file, start the server again. It should work.

0 Karma

swasserroth
Path Finder

Thanks for the answer, I have opened a support ticket to get a valid license for the Apple push notification API.

And I've added "bug" as additional tag...

0 Karma

jzhong_splunk
Splunk Employee
Splunk Employee

Hi Stephan,

Could you please open a support ticket? We will send you an updated the push notification server certificate. The current one is revoked. Alternatively you can wait for 1 or 2 months, when the v2 mobile server is released.

jobauer
New Member

I installed version 2.0.0 of the MAS however I still get the same errors. Do I need to get a cert from Apple?

0 Karma

mchang_splunk
Splunk Employee
Splunk Employee

our new mobile add-on is release, please use this add-on instead:
https://splunkbase.splunk.com/app/2887/

Also, please be aware that Splunk mobile app on IOS/android will only work on new add-on.

0 Karma

swasserroth
Path Finder

I just checked the file ./server/config/notification/apn_certificate_production.p12, which contains the required certificate: the certificate shipped with the 2.0.0 version of the Mobile Access Server should work. It is identical with the cert I have received from Splunk after cert shipped with 1.0.1 was expired...

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...