VMware Workspace ONE Community
LukeDC
Expert
Expert

DEP reliability

Anyone else having a real reliability issue with DEP/ABM lately? I don't think it's Airwatch as I am also having issues where it won't let me add devices via AC2 on occasion as well. I really feel like Apple is having issues they are not revealing.
Labels (1)
Reply
0 Kudos
36 Replies
SudharsanMalya
Contributor
Contributor

Same issues . Ever since IOS 12 is released we are seeing all sort of issues
1. Invalid profile -Occures almost 10%
2. Devices not able to remove from airwatch even though they are unassigned in ABM
Reply
0 Kudos
RyanWampler
Enthusiast
Enthusiast

I've definitely seen an uptick in devices that just stop responding to management.  Couldn't have said it was an iOS 12 issue, but it's definitely been occurring with higher frequency over the last month or two, so it would make sense.  And the Invalid Profile issue has been a real pain since for DEP devices, the only way to recover them is to do a device recovery via iTunes.  With iOS 12.1 getting released yesterday, hopefully these are both fixed now.  Thanks Apple! (/s)
Reply
0 Kudos
VanceFryer
Contributor
Contributor

I'm unable to remove devices from airwatch even though they are unassigned in ABM.
Reply
0 Kudos
GrantMcClanahan
Contributor
Contributor

Going to throw my 2 cents in here. The 9.2.2.26 patch (for new model iPhone Xs models) is thought to have corrupted most if not all of my DEP entries. Devices that hit DEP prior to the patch would not remove on their own when unassigned from DEP, devices that hit after the patch would for the most part remove on their own when unassigned. I have also seen issues with ' Invalid profile'  enrollments and ' Connection to server could not be established'  when using HUB native enrollment but for me, a fraction of my DEP devices will issue themselves a 401 'Break MDM' command after hitting DEP and enrolling in a staging users name. I have since upgraded to 9.7.0.13 and the issue still persists.
For devices not removing from Console when Unassigned:
When I raised a ticket, the solution they came back with was to mass reassign all of my DEP devices back to the Console, sync, then try to Unassign the ' stale'  devices, sync again. This did allow me to get some functionality back in regards to devices removing from the Console on their own. I then had to go back and remove almost 100 devices manually that had been disowned but never removed. Examples below in case anyone needs to remove DEP devices manually (these commands only remove DEP entries, it does not affect an enrolled devices functionality)
--Remove Single Device
Delete from mobilemanagement.EnrollmentToken where DeviceSerialNumber ='inputSerialNumber'
--Remove Multiple Devices
delete from mobileManagement.EnrollmentToken where DeviceSerialNumber in ('inputSerialNumber','inputSerialNumber','inputSerialNumber')

For devices getting Invalid Profile or ' Connection to server could not be established'  using Hub or DEP devices not enrolling correctly:
Through trial and error I determined the DEP entry is causing a HUB native enrollment to give ' Invalid profile'  or a ' Connection to server could not be established'  and is causing my DEP devices to ' auto-Enterprise-Wipe'  on enrollment (no compliance or compromised policies enabled that would enact this command....). For the Hub enrollments, I use the command above to remove the DEP entry and get the device enrolled then let the automated sync bring the device back into the Console. (these are device that were Enterprise wiped but not reset to factory)

For my DEP devices issue, its hit or miss but I Unassign from DEP and see if the entry is removed from Console, if not I manually remove, then reassign the device to DEP and sync it back in. Sucks to have to reset to factory again, but this usually corrects the DEP device issue at that time (issue seems to creep back up if device is reset and tries to re-enroll again).

Maybe one day there will be a fix but this has caused a lot of manual work for me. As I mentioned, this only seemed to come up when I applied the patch for the new iPhone Xs models.
Reply
0 Kudos
MichaelHathaway
Contributor
Contributor

We are seeing an uptick with DEP enrollment issues too. Users are reporting the ' invalid profile'  error and some are stuck at the ' Remote Management'  screen. We have also seen that the Hub app will not completely install. Anyone have an update from Apple or VMware with a root cause or fix?  It's not a good user experience when we tell them to do a factory restore with iTunes.
Reply
0 Kudos
melaniee24
Contributor
Contributor

We are having major DEP problems. Our devices come back in from the field and end up black listed (this is from Airwatch support) and I have to wait days before they will finally enroll. I worked through issues with them and just had to wait till my devices fell off the blacklist and then I could enroll. Currently that is their only answer to me. They have not told me why it is happening.
Reply
0 Kudos
JamieAndersonJa
Enthusiast
Enthusiast

Melanie, how are you determining your devices are blacklisted? Are you having to call Apple?
Reply
0 Kudos
melaniee24
Contributor
Contributor

It is Airwatch support that told me they were blacklisted. My symptoms were that during the DEP profile install process they weren't getting the profile they were supposed to get, I couldn't assign them to anyone, Airwatch was giving them a strange name.
Reply
0 Kudos
JamieAndersonJa
Enthusiast
Enthusiast

ok, thanks. that doesn't sound like the cause of our issue. We are back to ' invalid profile'  profile errors now.
Reply
0 Kudos
RyanBradley
Contributor
Contributor

I worked with AW support and they showed me how to remove duplicate or orphan devices from the console by editing the database directly.
The problem was created by 'releasing' devices from ABM (DEP) before I unassigned them.

In terms of enrollment, I had a good run... up until yesterday.

Now I'm having profile issues for devices added by AC2 - and DEP devices don't push out the 'auto' enabled applications (which annoying includes the HUB app) - so they don't fully enrol.

If I install the app and try to enrol manually it fails.
Reply
0 Kudos
GrantMcClanahan
Contributor
Contributor

Ryan B. I have a similar issue also. I get an error that a connection to the server cannot be established. From what I have deciphered from my devices is that the device comes in via DEP, something flags the device and a ' Break MDM'  command is issued to the device. It seems that the Console is detecting the device as ' assigned to another user'  (in which the device IS NOT. The device shows as DISCOVERED...    If I delete the device record and do one of 2 things it will succeed in the manual enrollment. 1. Unassign the device temporarily from DEP, sync device out of Console/Enrollment Status page. 2. Use DB command  Delete from mobilemanagement.EnrollmentToken where DeviceSerialNumber ='SerialNumber' to remove device from DB and then upon next sync it will re-add itself.   The device itself will still be Supervised after enrollment.
Reply
0 Kudos
Stansfield
Enthusiast
Enthusiast

Do you assign dep devices to specific users in the upload a batch configuration of devices to point to a user method by any chance?
Reply
0 Kudos
GrantMcClanahan
Contributor
Contributor

I do not use that feature. I have played around with that method but only with test devices.
Reply
0 Kudos
melaniee24
Contributor
Contributor

Airwatch finally just closed my ticket. Basically when I get a device back from the field and wipe it - I then have to wait several days and then can re-enroll it. They don't have an answer why so now this is just part of my process.
Reply
0 Kudos
EdLovato
Contributor
Contributor

My issue with DEP/ABM started today 2/19/2019.  I can add devices (iPads) using AC2 into DEP but after syncing AirWatch with DEP/ABM, the devices are not showing up in the AirWatch console.  Does anyone add iPads or iOS devices into DEP using Apple Configurator 2?
Reply
0 Kudos
EdLovato
Contributor
Contributor

Well, it took about an hour but the devices are showing up in the AirWatch Console.
Reply
0 Kudos
RyanBradley
Contributor
Contributor

Well, I'm back in action.

The apps failing to install was a PEBKAC (Problem exists between keyboard and chair) error. I didn't renew an expired VPP token for my apps.
I did the APNs and DEP token, but didn't think to do VPP.

So - check all your tokens/certificates - and renew them all at the same time 🙂

That aside, the profile issue was a temporary one. and I'm not having any trouble importing AC2 or DEP devices.
Reply
0 Kudos