# Troubleshooting

# Apple ID prompt still appears even when Activation Lock Bypass Code is used during Remote Wipe

## Problem

When a supervised iPhone or iPad is remotely wiped with **Remove Activation Lock** selected, activation should not require the user's Apple ID password. FileWave uses the stored Activation Lock bypass code from **FileWave Central &gt; Assistants &gt; Activation Lock Management...**. If the Apple ID prompt still appears, use the bypass code as the password instead of entering the user's Apple ID credentials.

## Environment

- Supervised iOS/iPadOS devices
- FileWave MDM

## Resolution

At the Apple ID prompt after Remote Wipe, leave the Apple ID field blank and enter the device's Activation Lock bypass code in the password field. Find the code in **FileWave Central &gt; Assistants &gt; Activation Lock Management...**. Enter it **exactly** as shown, including capitalization and dashes.

Keep the username (Apple ID) field empty.

![zfX2D3jVfAySlGqT-embedded-image-aoadbhaq.png](https://kb.filewave.com/uploads/images/gallery/2023-07/zfX2D3jVfAySlGqT-embedded-image-aoadbhaq.png)

## Additional information

- [Apple: Use Mobile Device Management and Find My Activation Lock](https://support.apple.com/en-ca/HT202804)

# FileWave iOS Kiosk (IPA) Location Tracking Problem

We have been made aware of an issue with our FileWave Kiosk Enterprise IPA app with regard to location tracking. Simply put, iOS no longer allows our application to be approved once, and then allowed to collect geo-location information for all time.

Even when location tracking for the app is set to "Allow While Using", the application will re-prompt for permission on each application restart (usually multiple times).

We are currently investigating what changes will be required to make the Kiosk IPA less intrusive to your customers and will update here as we have more information. In the mean time, here are some mitigation suggestions:

<div id="bkmrk-don%27t-deploy-the-ent"><div class="highlighter-context page view" data-inline-comments-target="true" data-testid="page-content-only" id="bkmrk-don%27t-deploy-the-ent-1"><div class="_1bsb1osq _19pkidpf _2hwx1wug _otyridpf _18u01wug"><div><div class="wiki-content css-q12xh8 e5xcnr80" data-test-appearance="full-width" data-testid="pageContentRendererTestId" id="bkmrk-don%27t-deploy-the-ent-2"><div class="renderer-overrides"><div class="ak-renderer-wrapper css-2c6ch1"><div class="css-stu2x3"><div class="ak-renderer-document">1. Don't deploy the Enterprise IPA at all:
    
    
    - This may seem an odd suggestion, but this application was initially developed before the concept of "Lost Mode", and has largely outlived it's purpose
    - "Lost Mode" is much more effective at location lookup, because it doesn't suffer from the same pre-requisites that the IPA does, and it works even if the end-user has location services turned off
    - "Lost Mode" does not require the IPA
    - Outside of geo-location in "Tracked" mode, the IPA serves no other purpose, and tracking in this mode is delicate to manage at best, and largely ineffective since the user can disable it at any time
    - Apple, and other privacy advocates, are heavily leaning away from this type of location tracking, and before long it may not be possible at all
2. If you don't want to change how you are deploying the IPA currently, consider setting your devices to "Untracked"
    
    
    - The issue of user prompts is only seen if FileWave believes the device is in a "Tracked" state
    - By moving devices to "Untracked" you'll avoid customer complaints while we work on a possible fix for this issue

</div></div></div></div></div><div class="css-1gnviio e3p9ckn0" data-testid="comment-container" id="bkmrk-"></div></div></div></div></div><div class="_19pkys9h _2hwx1wug _otyr1ylp _18u01wug _1bsb1osq _p12fn7od" data-testid="view-page-labels-container" id="bkmrk--1"><div class=" css-1ww96kd-container"><span class="css-7pg0cj-a11yText" id="bkmrk--2"></span><div class="labels__control css-pl8yfl-control"><div class="labels__value-container labels__value-container--is-multi css-ux3zne"><div class="_syaz1fw9"><div class="_1e0c1txw _4cvr1h6o"></div></div></div></div></div></div>

# iOS 12+ Profile Installation Failed

## Description

On attempting to enrol iOS 12 devices, we have seen some instances of the profile installation failing. In these cases it has been related to the server certificate. As of iOS 11 and macOS High Sierra, Apple introduced stricter rules regarding MDM server to device communication:

[https://support.apple.com/en-gb/HT207828](https://support.apple.com/en-gb/HT207828)

However, it appears that these have not been fully implemented, until iOS 12, with respect to certificates. Certificates of RSA key sizes below 2048 have still managed to work on iOS 11. iOS 12 no longer allow this.

<p class="callout info">**Self-Signed Certificate**  
As 3rd party suppliers have been supplying appropriate keys now for some time, this is likely to impact Self-Signed Certificates only.</p>

## Directions

The following command may be used to check the certificate RSA key size.

macOS, Linux:

```bash
openssl x509 -in /usr/local/filewave/certs/server.crt  -text -noout | grep Public-Key

```

Windows

```bash
C:\OpenSSL-Win64\bin\openssl.exe x509 -in C:\ProgramData\FileWave\FWServer\certs\server.crt -text -noout | FINDSTR Public-Key

```

Windows does not have openssl installed as standard so you will need to go to [https://slproweb.com/products/Win32OpenSSL.html](https://slproweb.com/products/Win32OpenSSL.html) and download the appropriate version of OpenSSL for your environment.

If the output is anything less than 2048, then the server certificate will need to be updated.

If you are using a Self-Signed Cert, you will need to either:

- Re-use your process for generating the certificate to update to ensure it has a RSA key size of 2048 or larger
- Consider moving to an official 3rd party certificate

Please take into consideration the following KB when moving to a new certificate: [Root Trusted SSL Certificate (Using and Renewing)](https://kb.filewave.com/books/certificates/page/root-trusted-ssl-certificate-using-and-renewing "Root Trusted SSL Certificate (Using and Renewing)")