The following sections provide solutions to the problems you might encounter while using the Mobile Management feature.
Status of a newly enrolled iOS device is displayed as in ZENworks User Portal, until the browser is refreshed
Explanation:
The status of a newly enrolled iOS device is displayed as in the ZENworks User Portal even though the device object has moved from the folder to > folder in ZCC. Tapping the Home icon or the Sync Now icon in the ZENworks User Portal does not update the status of the enrolled device.
Action:
Refresh the ZENworks User Portal browser to view the updated status of the device as .
Quick task to unlock device does not reset existing password on Android N devices
Explanation:
If the Unlock Device quick task is performed on an Android N device that already has a password set, the password does not reset with the new password configured in the quick task. However, if a password is not set on the device, then the Unlock Device quick task will set the new password on the device.
Action:
None.
If the time on the ZENworks Server lags behind the actual enrollment time of a mobile device, then any quick task that is sent to this device within this time period is not processed and its status will remain as
Explanation:
When a mobile device is enrolled to the zone and the ZENworks Server time lags behind the enrollment time of this device, then any quick task that is sent during this time period, is not processed and the status of the quick task remains as .
Action:
You need to wait until the ZENworks Server time is equal to or exceeds the device enrollment time, before sending a push notification, such as quick tasks, to the device.
Purchased license count is not updated, if sync to retrieve latest VPP apps is initiated immediately after purchasing an app
Explanation:
If a sync between the ZENworks Server and the Apple Server is initiated immediately after purchasing an app using the Apple VPP account credentials, then the purchased license count might not be updated with these latest app purchases. Subsequently, bundle assignments might fail.
Action:
Ensure that you verify the purchased license count for that specific app in the Apple VPP License Summary page, before assigning that app to a device or a user. Wait for the next sync or re-initiate the sync to update the purchased license count.
Max Grace Period and Max Inactivity Timeout restriction settings might display incorrect values on the device
Explanation:
The (max grace period) and values specified in the mobile security policy that is assigned to an iOS device, might display incorrect values when viewed on the device. However, this does not affect the behavior of the device lock feature as the values specified while defining the mobile security policy in ZENworks Control Center (ZCC) are applied.
Action:
None
Mobile Security policies might not apply automatically on a few Android devices
Explanation:
Mobile Security policies assigned to devices might not apply automatically on a few Android devices.
Action:
Initiate a Refresh action on these devices.
Windows mobile devices do not accept alphanumeric or complex characters even if they are enabled in the assigned Mobile Security policy
Explanation:
When a Mobile Security policy, which has alphanumeric or complex characters enabled as a part of the Password settings, is assigned to a Windows device, the device keeps prompting for Personal Identification Number (PIN) and does not accept alphanumeric or complex characters.
Action:
None. This is a Microsoft limitation.
Simple passwords are accepted by a few Android devices even if the setting is disabled in the assigned Mobile Security policy
Explanation:
When a Mobile Security policy, in which the simple password setting is disabled, is assigned to Android devices, a few of the Android devices might still accept a simple password.
Action:
None.
If the time on an Android device lags behind the time on the ZENworks Server, then device enrollment will be unsuccessful
Explanation:
The time on an Android device lags behind the time on the ZENworks Server. During device enrollment, when the user logs into the ZENworks mobile app, the enrollment process does not advance to the next stage.
Action:
Ensure that the time on the device and the ZENworks Server is the same and then try re-enrolling the device.
Email accounts on some devices might stop functioning and an authentication error is displayed
Explanation:
On a few devices, the configured ActiveSync accounts might stop functioning and an notification is displayed. In some cases, this notification recurs even if the user has specified the account credentials and in some cases the device does not respond on clicking this notification.
Action:
Delete and re-create the email account.
While configuring access controls to secure an MDM Server, Administration access is denied for all
Explanation:
While configuring access controls to secure an MDM Server, Administration access is denied for all and ZCC remains inaccessible except from the server in which the access was allowed or denied.
Action:
Change the configuration by accessing ZCC from the MDM Server in which the access was denied. You can access ZCC in the following ways:
If you are still unable to access ZCC, then delete the configuration file access-filters.json from the directory available at %ZENWORKS_HOME%/share/tomcat/conf. Restart the MDM server. Administration access will be allowed for all. You need to navigate back to ZCC and re-configure the access controls.
APNs certificate import fails
Explanation:
While configuring the Apple Push Notification service in ZENworks, APNs certificate import fails.
Action:
Check the ZCC.log or the service-messages.log of the MDM Servers. If the failure is due some issue with the APNs Keystore, try restarting the server and then import the certificate. If CertificateNotYetValidException is displayed as the reason for failure, then this indicates that the MDM Server time is ahead of the certificate creation time. You need to wait for a while and then try importing the certificate.
After configuring access controls to secure an MDM Server, an IP address of a device that is denied access is still able to contact the ZENworks Server
Explanation:
While securing an MDM Server, a specific IP address of a device is denied access to the server. However, this device is still able to contact the MDM Server.
Action:
Enable the Tomcat valve logging to check the logs. For more information, see Tomcat Valve Logging in ZENworks Configuration Management - Best Practices Guide.
Also, check whether the device is communicating with the ZENworks Server using a proxy server. If so, you need to deny access to the IP address of the proxy server, if other devices are not using this proxy server.
Push notifications does not behave as expected on a newly added MDM Server.
Source:
ZENworks Mobile Management
Explanation:
An MDM Server that contains the APNs keystore is not connected to the network. Another MDM Server is added in the same zone, which tries to pull the APNs keystore from the existing MDM Server. However, since the existing MDM Server is not connected to the network, the APNs keystore fails to replicate in the new MDM Server, due to which this server does not function appropriately.
Action:
You need to ensure that the MDM Server that contains the APNs keystore, is online at all times. After you ensure that the existing MDM Server is online, remove the MDM role from the newly added MDM Server and re-assign it to the same server.
Push notifications to enrolled devices will not work as expected, if the APNs certificate has expired and a new certificate is imported
Source:
ZENworks Mobile Management
Explanation:
When the existing APNs certificate has expired and you create a new certificate in the Apple Push Certificates portal and import it to ZENworks, then the push notifications to mobile devices, which were enrolled using the earlier certificate, will not work as expected.
Action:
Re-enroll the devices. As a best practice, if the APNs certificate has expired, it is recommended that you the certificate in the Apple Push Certificates portal instead of creating a new certificate. For details, see Renewing an Expired APNs Certificate.