Deployment Architecture

Splunk Mobile Access Server: push notifications do not work

swasserroth
Path Finder

Hi *,

after installing the Mobile Server according to the manual, I am able to access the dashboards -- everthing works as expected. Then I wanted to test push notification to the iPad. The "telnet"-command to check the connection to Apples Push service got a "connect", so the basic communication betwee mserver's host and Apple works.
But when a trigger fired, the push notification did not get thought. In the log messages for the mserver (Version 1.0.1) the following is written:
2014-12-05T23:52:52.412+01:00 - info: category=update_subscribed_alert_groups, alertGroups=[name=PoE over current port error, app=search, subscribed=true, name=EDNS Nachrichtentest, app=search, subscribed=true], worker=9
2014-12-05T23:57:13.940+01:00 - info: category=start_checking_triggered_alerts, worker=2
2014-12-05T23:57:13.940+01:00 - info: category=check_triggered_alerts, worker=2
2014-12-05T23:57:14.028+01:00 - info: category=clean_up_removed_alert_groups, alertGroups=[], worker=2
2014-12-05T23:57:14.029+01:00 - info: category=start_syncing_fired_alert_groups, worker=2
2014-12-05T23:57:14.089+01:00 - info: category=fired_alert_groups_synced, syncedAlertGroups=1, worker=2
2014-12-05T23:57:14.098+01:00 - info: category=sync_triggered_alerts, removedAlertGroups=0, syncedAlertGroups=1, sentSubscribers=1, sentMessages=1, worker=2
2014-12-05T23:57:14.098+01:00 - info: category=finish_checking_triggered_alerts, removedAlertGroups=0, syncedAlertGroups=1, sentSubscribers=1, sentMessages=1, worker=2
2014-12-05T23:57:14.846+01:00 - warn: category=apple_push_notification_socket_error, code=ECONNRESET, worker=2
2014-12-05T23:57:14.851+01:00 - warn: category=apple_push_notification_socket_error, , worker=2
2014-12-05T23:57:15.370+01:00 - warn: category=apple_push_notification_socket_error, code=ECONNRESET, worker=2
2014-12-05T23:57:15.377+01:00 - warn: category=apple_push_notification_socket_error, , worker=2
2014-12-05T23:57:15.899+01:00 - warn: category=apple_push_notification_socket_error, code=ECONNRESET, worker=2
2014-12-05T23:57:15.907+01:00 - warn: category=apple_push_notification_socket_error, , worker=2
... and this goes on forever, until I stopped the Mobile server, disabled the alarm and restarted the Mobile server. A second test confirmed this result: again after an alarm has fired, the same "warn"-messages were generated and no push happened.

Any helpful hints?
Thanks in advance,
Stephan

0 Karma
1 Solution

jzhong_splunk
Splunk Employee
Splunk Employee

Hi Stephan,

Could you please open a support ticket? We will send you an updated the push notification server certificate. The current one is revoked. Alternatively you can wait for 1 or 2 months, when the v2 mobile server is released.

View solution in original post

mzorzi
Splunk Employee
Splunk Employee

I have reviewed this with jzhong ( original answer ) to provide a more detailed response. For the point 1 in Note section: "1. I attach the new Apple Push Notification certificate." you need to contat support@splunk.com

Overview

Mobile access server talks to Apple's push notification gateway via a binary interface using SSL. The SSL certificate required for these connections is obtained from Member Center. To make the push notification work for a re-signed iOS app, mobile access server needs to use a different SSL certificate provided by customer.

Steps

1) Obtain a .p12 SSL certificate and a passphrase for communication with Apple's push notification gateway. Typically, this is a certificate used to talk to the production push notification gateway of Apple. You can find more details here:

https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificati...

I also found the descrption on this page quite extensive:

http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1

2) Copy the .p12 certificate above to a certain location in your mobile access server, which the mobile access server has the permission to access.

3) In the MOBILE_ACCESS_SERVER_HOME/server/config/config_local.json file, create/modify the following JSON properties:

{
...
"ios": {
"apn": {
"${apn_env}": {
"push_cert": "${/path/to/your/apn/ssl/certificate.p12}",
"push_passphrase": "${your_apn_passphrase}"
}
}
}
...
}

Here are three variables:

3.1) apn_env: It could be either "production" or "sandbox" depending on which push notification gateway you need to connect to. Typically it is "production".

3.2) "push_cert" value: it should be a path to your APN SSL certificate p12 file in step 2.

3.3) "push_passphrase" value: it should be the passphrase for the p12 certificate.

4) Once the change is done, restart your server.

Notes

  1. I attach the new Apple Push Notification certificate.

  2. The v1 customer doesn’t need to update the /server/config/config_local.json. They can stop the mobile access server, then replace this p12 file, start the server again. It should work.

0 Karma

swasserroth
Path Finder

Thanks for the answer, I have opened a support ticket to get a valid license for the Apple push notification API.

And I've added "bug" as additional tag...

0 Karma

jzhong_splunk
Splunk Employee
Splunk Employee

Hi Stephan,

Could you please open a support ticket? We will send you an updated the push notification server certificate. The current one is revoked. Alternatively you can wait for 1 or 2 months, when the v2 mobile server is released.

jobauer
New Member

I installed version 2.0.0 of the MAS however I still get the same errors. Do I need to get a cert from Apple?

0 Karma

mchang_splunk
Splunk Employee
Splunk Employee

our new mobile add-on is release, please use this add-on instead:
https://splunkbase.splunk.com/app/2887/

Also, please be aware that Splunk mobile app on IOS/android will only work on new add-on.

0 Karma

swasserroth
Path Finder

I just checked the file ./server/config/notification/apn_certificate_production.p12, which contains the required certificate: the certificate shipped with the 2.0.0 version of the Mobile Access Server should work. It is identical with the cert I have received from Splunk after cert shipped with 1.0.1 was expired...

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...