VMware Workspace ONE Community
HimanshuMishra
Enthusiast
Enthusiast

Authentication issues on shared devices

Hello All,

I am getting authentication issues consistently on shared devices. We have a generic account for staging and autologout after 13hours. We are observing AUTH-1005 (invalid token) and HMAC authentication failure on these shared devices. I can replicate the issue if I leave the device logged in and let hub trigger an auto logout. It is happening on almost all the shared

devices. After auto logout it prompts to enter credentials and token. At this screen, it is expecting the staging account credentials. If you reboot the device, it goes back to normal login screen with just username and password. Has anyone seen this before ?

We are on 19.7.0.17 (1907).

Shared device Login 1.PNG

Labels (1)
Reply
0 Kudos
21 Replies
SHMike
Contributor
Contributor

I'm having the same issue with our shared devices and just open a ticket with support about it.

Reply
0 Kudos
HimanshuMishra
Enthusiast
Enthusiast

VMware Support has replicated this issue internally in their environment. They are evaluating the logs.

It was working fine a couple months ago. I am guessing that is has something to do with the new version of hub.

Reply
0 Kudos
chengtmskcc
Expert
Expert

I'm on 1907 and have not experienced this issue with our shared devices.

Reply
0 Kudos
chengtmskcc
Expert
Expert

When the issue occurs, can an actual user log in with his/her credential?

Reply
0 Kudos
HimanshuMishra
Enthusiast
Enthusiast

Issue happens only if you let it auto logout. On "Use token" screen, it only accepts the staging account credentials. Once you login with staging account, then it gives the normal login screen with just username and password fields. Then it accepts the user's credentials.

In console, I see AUTH-1005 (invalid token) and HMAC authentication errors when the device is on "Use token" screen.

I replicated it multiple times, in Dev environment too. At this point, reboot is the only fix that brings the hub login to senses.

Reply
0 Kudos
SHMike
Contributor
Contributor

Are you SaaS? I also see the token error on our devices.

Reply
0 Kudos
chengtmskcc
Expert
Expert

I'm a SaaS on 1907 but I have yet to experience this issue with my shared devices.

Reply
0 Kudos
HimanshuMishra
Enthusiast
Enthusiast

SHMike

On-Prem 19.7.0.17(1907). I was able to replicate it in Dev environment also, running 2001.

Reply
0 Kudos
HimanshuMishra
Enthusiast
Enthusiast

chengtmskcc

First login on a newly built device usually works. I have a test group that has auto logout(10mins) enabled. It goes to token screen every time I let hub logout the user.

Because we have iOS Single App Mode enabled, device locks into hub on that token screen. End users cannot break in and use the device.

Reply
0 Kudos
chengtmskcc
Expert
Expert

"Because we have iOS Single App Mode enabled, device locks into hub on that token screen. End users cannot break in and use the device."

I see. I suppose the use of the Hub app is to be able to keep track of who uses the device during a specific period of time?

In my case, we set up our shared devices so that additional apps such as the native mail client and any specific 3rd party apps are not visible until a user logs into the Hub app. So I'm curious about your setup and see if I can offer any suggestions.

Reply
0 Kudos
HimanshuMishra
Enthusiast
Enthusiast

When no user is logged in, device is locked into hub. No other app is accessible.

Users login with their credentials and all the allowed apps become accessible. We do not allow apps that are user specific like emails.

Console reflects who is logged in and using the device and keeps track of shared device login history.

When user logs out, device goes back to single app mode and locks into hub.

Reply
0 Kudos
SHMike
Contributor
Contributor

Our shared devices having the issue when logged out are locked to the intelligent hub and I have 4 profiles being pushed to them. One to hide all the apps and icons they don't need a lock screen that sets the department and asset tag on the screen. A notification profile to enable notifications for the app they use on the devices and a WiFi profile. When they sign into the hub the only other profile I have added to the device is a passcode requirement.

If the user goes into the hub and manually logs out the issue doesn't happen. Its only on the auto log out of the device in which its happening.

Error

7/9/2020 10:28 AM

Default Staging User iPhone iOS 13.5.1 JC6C

Default Staging User

Device

Devices

Authentication

Authentication Error

sysadmin

Reason : AUTH-1001 (invalid credentials)

Thats the error I see on the device.

Reply
0 Kudos
HimanshuMishra
Enthusiast
Enthusiast

I see this on broken devices. User can still login with HMAC failures but when AUTH-1005 appears, then the device is stuck on token screen.

AWSH.PNG

Reply
0 Kudos
SHMike
Contributor
Contributor

I can reproduce the issue also by using the management options for the device and having hit check-in

Reply
0 Kudos
SHMike
Contributor
Contributor

Have you gotten any answer from VMWare yet on this issue? I've open a support ticket but going through the back and forth of them asking the basic questions still and not getting very far.

Thanks

Reply
0 Kudos
HimanshuMishra
Enthusiast
Enthusiast

They are still working with their engineers. No ETA yet.

Reply
0 Kudos
joelconnectiv
Contributor
Contributor

You don't happen to have a reference number or a known issue page to go off by any chance? We're also seeing this issue and dealing with VMWare support has been a nightmare, can't even get them to acknowledge the problem

Reply
0 Kudos
Gair
Contributor
Contributor

+1. Same issue with my shared devices. If WSO triggers an auto logout it will occasionally ask for the enrollment user to sign in. 

Reply
0 Kudos
HimanshuMishra
Enthusiast
Enthusiast

This is not resolved yet.

Vmware's response -

This issue has been logged with our product team who are investigating this further. For your records, I have assigned an internal reference number to this case: HUBI-4675

Reply
0 Kudos