This page provides information about the status of device ID issues with iOS7 in the form of Questions and Answers.
The hotfixes, and a link to the installation documentation, are now ready - follow this link. But do read the questions and answers below first.
|What is the problem?||Read this Service Bulletin.|
|Which DME server versions are affected?||All versions from DME 3.6SP2 and up are affected by this issue, and must get the hotfix installed.|
|I'm getting 4.1 SP2 when it comes out. Do I need to install the hotfix there?||No, the hotfix is built into the upcoming DME 4.1 SP2 release.|
|I am not using iOS MDM. Do I need this hotfix?||Yes. The mechanism to map MDM and DME devices based on WLAN information is the same, regardless of MDM status.|
|What are the consequences if I do not install the hotfix?||After a device is upgraded to a new OS, including version iOS7, DME will send a so-called "full sysinfo". This mechanism is similar to what happens when the device connects to DME the very first time. Since all iOS7 report the same device ID, over time, all iOS7 devices would be merged into one. This will corrupt settings and give unpredictable behavior. In the worst case, e-mails for one user may be sent to the wrong device or similar.|
|So, installing the hotfix makes sure our devices don't get mixed up with each other. So now I'm free to upgrade all devices to iOS7?||
No! With the hotfix, devices that are new to DME and running iOS7 will be rejected. A message will be written in the log:
Device tried to connect with a banned device id - Apple iOS7 restriction.
Devices that exist in DME, and which are then upgraded to iOS7, will still be accepted. But you must be aware that iOS7 devices are not supported by DME until the DME client 4.1.4 for iOS comes out. Users with iOS7 devices running a DME version below 4.1.4 will find user experience problems, so upgrading to iOS7 is not recommended.
|Won't it be enough to upgrade to the latest DME client for iOS?||Unfortunately, we cannot force the DME client to upgrade to the latest version, which is a new feature added in iOS7. Most likely a large number of users would upgrade to iOS7 upon release, running various DME client versions. Therefore, having a safeguard on the server with this hotfix is mandatory.|
|Why can’t Excitor use Apple’s new unique identifier?||DME has been designed to uniquely identify the device. With Apple’s new Vendor identifier, a new unique ID is generated each time DME is re-installed or when the iDevice is reset/restored, and it cannot therefore be used as a unique identifier in DME.|
|When do you expect a newer DME client to avoid this problem in the future?||Version 4.1.4 of the DME client for iOS has been released (just before the rumored iOS7 release date of Sept. 10th).|
|Where can I find the hotfix for my version of DME?||You can find a list of hotfixes, and a link to the installation documentation, on this page.|
|I applied the hotfix, but a device now shows a MAC address of 02:00:00:00:00:00. Did the hotfix not work?||
The hotfix has worked, but the invalid MAC address has been sent in by the upgraded device and can be seen under Device properties when showing device Info:
This is normal behavior. When an existing device is upgraded to iOS7, it will report this fake MAC address to the server when connecting.
|I'm a techie. Speak tech, please.||
OK. The hotfix covers two basic scenarios:
Scenario 1: An Apple device, which runs iOS 6 and is known in the DME system, gets upgraded to iOS7.
In this case, DME has stored the device ID in the device keychain. This ID is (usually) made up of an MD5 hash of the actual MAC (Wi-Fi) address of the device. After the upgrade to iOS7, the device will be allowed to connect and synchronize with DME, as it will be using the device ID stored in the keychain. The bogus MAC address will still be reported - see the question above!
Scenario 2: A device running iOS7 connects with the DME server for the first time.
In this case, DME will create the same MD5 hash for all iOS7 devices, based on the bogus MAC (Wi-Fi) address 02:00:00:00:00:00 - resulting in the following MD5 hash: 0F607264FC6318A92B9E13C65DB7CD3C. The hotfix will keep any devices with such an MD5 hash from connecting.
|I am using iOS MDM, and I have iOS 7. What should I do?||It is important that you know that only DME 4.1 SP2 and later are able to use the modified iOS 7 MDM protocol. If you enrolled an iOS 6 device and then upgraded it to iOS 7, then the MDM enrollment will still be valid. However, you will not be able to enroll new iOS 7 devices. In any case, we strongly advise you to upgrade to DME 4.1 SP2.|