rterakedis
VMware Employee
VMware Employee

ICYMI: Multiple Workspace ONE UEM application pools and services do not start once stopped

In Case You Missed This KB:   https://kb.vmware.com/s/article/82369

Symptoms
Multiple Workspace ONE UEM application pools and services may not start once stopped after Jan 27th, 2021. Event logs display an error loading certain DLLs due to a code signing validation error. This affects SaaS as well as On-premise customers. Affected version

The following versions are potentially impacted:

  • Workspace ONE UEM 19.7.0.5, 19.7.0.16, 19.7.0.38, 19.7.0.39
  • Workspace ONE UEM 19.9.0.2, 19.9.0.11, 19.9.0.34 
  • Workspace ONE UEM 20.1.0.9, 20.1.0.26, 20.1.0.27
  • Workspace ONE UEM 20.3.0.1, 20.3.0.6
  • Workspace ONE UEM 20.4.0.16
  • Workspace ONE UEM 20.5.0.17, 20.5.0.24, 20.5.0.33, 20.5.0.34, 20.5.0.35
  • Workspace ONE UEM 20.6.0.14
  • Workspace ONE UEM 20.7.0.0 GA, 20.7.0.2 GA, 20.7.0.10
This list will be updated as we continue validation.
 
Resolution
Our Product team is engaged and actively working to provide a resolution for each of the affected versions in the form of a patch. The affected version list (above) will also be updated as we continue to validate each supported release. Fix Version(s):
  • Workspace ONE UEM 1907 - Addressed in 19.7.0.60 (Available for download at UEM Console 1907 Patch)
  • Workspace ONE UEM 1909 - Addressed in 19.9.0.45 (Available for download at UEM Console 1909 Patch)
  • Workspace ONE UEM 2001 - Addressed in 20.1.0.28 (Available for download at UEM Console 2001 Patch)
  • Workspace ONE UEM 2003 - Addressed in 20.3.0.20 (SaaS Only)
  • Workspace ONE UEM 2004 - Addressed in 20.4.0.17 (SaaS Only)
  • Workspace ONE UEM 2005 - Addressed in 20.5.0.36 (Available for download at UEM Console 2005 Patch)
  • Workspace ONE UEM 2006 - Addressed in 20.6.0.15 (SaaS Only)
  • Workspace ONE UEM 2007 - Addressed in 20.7.0.11 (SaaS Only)
Action Required:
  • Customers with SaaS environments - None. VMware Cloud Operations is working round the clock to patch all impacted environments.
  • Customers with On-Premise environments - Please follow this article for updates regarding the fix for each version. It is highly recommended that you deploy the relevant patch once as it is made available.
 
More details (Cause, Impact/Risks) can be found at the KB:      https://kb.vmware.com/s/article/82369
Labels (1)
8 Replies
Noordan
Enthusiast
Enthusiast

This will also affect the the versions mentioned in the KB if you are renewing third party SSL certificates with the AWCM reinstallation method.

Because the cab-files in the installation media seems to be signed with the same certificate.

 

0 Kudos
RichB2u2
Hot Shot
Hot Shot

Trying to update our third party SSL certificate for AWCM also had an issue with version Workspace ONE UEM 20.11.0.05 full install.

0 Kudos
atlauren
Contributor
Contributor

@RichB2u2 I ran into the exact problem myself today.  Dead in the water.

0 Kudos
RichB2u2
Hot Shot
Hot Shot

I ended up uninstalling the Device Services app completely and then re-installed it using the full installer and was able to install the newer SSL certificate to get it working again.

0 Kudos
Noordan
Enthusiast
Enthusiast

That were my solution as well.

0 Kudos
atlauren
Contributor
Contributor

I can't run the Full Installer because of the expired signing certificate on Data1.cab.  Not sure how I'd get around that?

0 Kudos
RichB2u2
Hot Shot
Hot Shot

I was concerned about that expired certificate using the full installer as well. I submitted a TICKET #21206638403. We first tried to just uninstall the Device Services (DS) using the full installer and modifying the existing installation per their documentation and that failed. We ended up using the Programs & Features control panel to completely uninstall Workspace One UEM from the DS server. I suppose we could also have used the newer Apps & features Setting to do the uninstall too. When not installed at all the installation went through completely without error and the newer SSL certificate was then used so AWCM was working again. We also applied the same patch upgrade to match the other servers at the time (.19). We had to disable the Windows Defender firewall to allow domain network connections to port 2001 as well.

atlauren
Contributor
Contributor

Thanks for the explanation.  That worked for me as well:

1] Snapshot VM.

2] Completely uninstall Workspace One (via Programs/Features)

3] Reinstall using 20.11.05 Full Installer.

4] Include custom certificates when prompted.

5] Re-patch as needed.

 

Harrowing, but it worked.  Now AWCM is once again running with the proper certificate. 👍