Zebra TC52 Enrollment Problems and Certificate Question

ZachL54
Here to help

Zebra TC52 Enrollment Problems and Certificate Question

Good Morning Everyone,

 

I have an enterprise device, Zebra TC52 with Android 10, that I need to get enrolled into SM.

 

Problem is, I was told by our vendor that I cannot do the typical factory reset because they install underlying APIs and software that is used to control things like the 2D scanner.

 

They support many other MDMs like Sodi or Intune, but they haven't worked much with SM. I have about 250 iPads deployed, but don't know a whole lot about Android.

 

They do have a tool called StageNow that is supposedly used to do this sort of thing. Here is an example using a different MDM:

https://cwsisecurity.com/resource/project-recap-enrolling-zebra-devices-to-mdm-in-android-enterprise...

 

If you scroll down to step 10, I think I have the correct Package and Class Names:

com.meraki.sm

com.meraki.sm/.DeviceAdmin.

 

However, I am getting what appears to be a certificate error (Certificate not installed). I have tried installing our domain certificate, but that doesn't seem to help. I am downloading and installing the SM app prior to trying this intent (I'm basically trying to follow these steps, as they are very similar to what the vendor suggested as well).

 

I guess my question is, are there any other certificates that are specific to Meraki that I need to install separately? 

 

Anyone try anything like this before?

 

I found some old references to installing a device owner via ADB, which is where I got the class name from:

https://documentation.meraki.com/SM/Device_Enrollment/Enabling_Device_Owner_Mode_using_Android_Debug...

 

Only other thing I will mention is that the vendor did provide me with a .json file that another vendor used to successfully do this:

{"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.meraki.sm/.DeviceAdmin",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://dl.meraki.net/androidsm/AndroidSM.apk",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM":"mt_u7fCnOgPWAlgCroDN8ye6nVpZbxwh47JGRq9uJm8",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"mt_u7fCnOgPWAlgCroDN8ye6nVpZbxwh47JGRq9uJm8",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{"enrollment_url":"https://m.meraki.com/enroll/?android_from_store=true&enrollment_code=XXX-XXX-XXXX"}}

 

I tried using this method as well (changing to my enrollment code) but get the same "Certificate is not installed" error.

 

Vendor did mention something about Android 10 not support SHA1 certs, but I have successfully done the normal enrollment method on an Android 10 device before, so I don't think that is an issue.

 

Any help is appreciated.

 

Thank you in advance,

Zach

2 REPLIES 2
ZachL54
Here to help

Quick update.

 

I got a different device from Zebra running Android 8 and this whole process works perfectly.

 

So that tells me it must be something to do with Android 10. Just a guess, but I think it might have something to do with the depreciation of Device Administration in 10.

 

Thanks,

Zach

VictorM
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hey, @ZachL54 

 

By any chance, have you considered attempting to enroll these devices using Android zero-touch / do you have access to importing your Zebra devices into the Google zero-touch portal?

 

More details on how to use zero-touch with SM  can be found here:

https://documentation.meraki.com/SM/Device_Enrollment/Android_Zero-Touch_Enrollment

 

I'd be interested to hear if the device is able to properly complete DO provisioning using zero-touch enrollment.

 

Additionally, if possible, could you please open a support case and include the device logs (acquired via ADB) from after device setup, as well as a screenshot of the error you are seeing, and shoot me a PM with your case number so I can follow up with our support team and take a look?

 

Cheers,

Victor

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels