VMware Workspace ONE Community
StephenQuinnSte
Contributor
Contributor

AUTH 1005: Invalid Token for Secure Content Locker

We are currently experiencing a slow increase in tickets from iOS Secure Content Locker users reporting that when starting the app they are being asked for log in information, which is not set as active in the default SDK profile, and regardless what they put in they can't log in. When I check the logs in Troubleshooting I am seeing three error messages, the first is AUTH 1005 Invalid token, then AUTH 1001 (Invalid Credentials) and lastly AUTH 1002 (account lockedout). The AD user has been thoroughly checked and their are no problems there. We've already been in contact with Airwatch and it seems to be a problem with the Date/Time, but even after ensuring the Date/Time is correct on the device the error is still appearing. They have suggested the ' nuclear'  option of device wipe/re-enrollment, however that really isn't an option for these users, also doesn't really explain why we are seeing new tickets. Agent Verison 5.8.0/Content Version 4.13.3.11. Thanks!
Labels (1)
Reply
0 Kudos
11 Replies
billiamc
Contributor
Contributor

I've seen similar issues to this for a couple of years now, but never got anywhere with support tickets as I can't reproduce the issue, it just seems to happen at random to users. In our case they access the content locker using a passcode which is set the first time they access it. However randomly they get prompted for a username / password and then regardless what is entered nothing works and we then have to take the nuclear option and rebuild the device, so if you do get anywhere with this it would be good to hear back.
Reply
0 Kudos
StephenQuinnSte
Contributor
Contributor

Airwatch keep saying that it is to do with the time/date settings on the iOS device, although I have seen the error on both manually set devices and also automatically set devices. The only thing I can think of is that they are all flight crew and therefore change time zones regularly, though that shouldn't make a difference for manually set devices.
Reply
0 Kudos
billiamc
Contributor
Contributor

I've seen it when it was date and time also, but found manually setting the time on the device didn't fix the issue and had to wait for the device to resync time from NTP / cell network. However this does not fix the majority of the issues we see.
Reply
0 Kudos
StephenQuinnSte
Contributor
Contributor

We are looking into the possibility that it has something to do with the users re-setting their passwords, though still waiting for results. Still unable to reproduce the problem, outside of when I set the date/time wrong on the device, but then the fix for that doesn't fit with what the users are seeing.
Reply
0 Kudos
SteveMorganStev
Contributor
Contributor

Hi all,
I've just had one case of this. What was the resolution in the end? Enterprise wipe or device wipe?
Reply
0 Kudos
StephenQuinnSte
Contributor
Contributor

In the end we never got a satisfactory answer to the question of what the root cause was, the workaround was the half nuclear option, which was  to ' just'  re-install the agent and SCL. A complete enterprise/device wipe wasn't required. Hope that helps!
Reply
0 Kudos
SteveMorganStev
Contributor
Contributor

Thanks Stephen. So just delete and re-install Agent & SCL from Apple App Store? Device did not need a re-enroll?
Reply
0 Kudos
StephenQuinnSte
Contributor
Contributor

We re-installed the apps using the console, instead of directly on the device using the App Store and no re-enrollment was required.
Reply
0 Kudos
ABPujari
Contributor
Contributor

Hi All,

I have the similar issue, this is for content locker login at first time when user enters the password login fails with message ' Login error- unknown error has occurred' 

When i dig in to the troubleshooting logs found our that Authentication Error Reason - AUTH--1 (unknown)

and on the device with successful log in i see the troubleshooting log pattern as below

Device Devices Command Install Profile Confirmed sysadmin Message Text : com.airwatch.sso
Server Devices Authentication Authentication Token Issued sysadmin Bundle ID : com.airwatch.sso
Server Dashboard Command Install Profile Requested sysadmin Profile : Android Default Settings
Server Devices Authentication Authentication Token Issued sysadmin Bundle ID : com.airwatch.contentlocker


Not sure how to fix this, any one with this issue have fixed it, please help

Thanks
Anand
Reply
0 Kudos
StephenQuinnSte
Contributor
Contributor

Hello Anand,

Is this with domain or basic users?

Kind regards,
Stephen
Reply
0 Kudos
ABPujari
Contributor
Contributor

Hi Stephen,

Its with the domain user, the strangest thing is for my domain account i can pass through to the content locker with successful authentication....but no other users are able to login...

Secondly this is for Android devices we dont have iOS platform in our Infra ....

Regards,
Anand
Reply
0 Kudos