VMware Workspace ONE Community
CodyDirrigle
Contributor
Contributor

Migration to new servers, devices not checking in

We are migrating over to  an entire new setup and everything has been going fine but now devices are no longer checking in. If I wipe a device and re enroll it starts to check in without issue but my nightmare now is I will need to do this on 500 other devices. The still show enrolled and communication was working but now they are dropping like flies, but its only the apple devices. Android phones are still checking in without issue, apn is good until 2020 and each ' profile'  that is linked to a mdm server on dep are not expired either. Nothing in the troubleshooting logs either, shows bytes sent then just stops.
Labels (1)
Reply
0 Kudos
9 Replies
CodyDirrigle
Contributor
Contributor

Reason : AUTH-1005 (invalid token) this the error I keep seeing in the logs on devices
Reply
0 Kudos
LukeDC
Expert
Expert

Is the host name, etc the same? Sounds like an old session token that is dropping off or something. Do you use Load Balancers? maybe something there is messing with the sessions.
Reply
0 Kudos
CodyDirrigle
Contributor
Contributor

The server names did change, guess II had a lack of knowledge on the tokens, reading up on those now
Reply
0 Kudos
LukeDC
Expert
Expert

That would do it, and the reason you need to re-enroll for SSL purposes etc.
Reply
0 Kudos
CodyDirrigle
Contributor
Contributor

So any idea how I fix this without having to change the server name?
Reply
0 Kudos
LukeDC
Expert
Expert

server name would have to match for the sessions to renew etc. your DEP profile is looking for the old server name. Do you use a load balancer at all? You could route through that and use the old server name and not have to change your new server name at all. The device would connect to to the hostname that is virtually hosted on the LB and wouldn't care.
Reply
0 Kudos
CodyDirrigle
Contributor
Contributor

So I have some coffee now and was wrong, the server names changed but the site the the devices go to is still the same compname.airwatch.org, support thinks its due to due to the account we use to create the mdm tokens from dep losing access and want me to change the password to see if that fixes, let you know the results of that. 
Reply
0 Kudos
LukeDC
Expert
Expert

Coffee does wonders 😃

DEP tokens shouldn't be causing this. Those only facilitate communication between DEP/ABM and you console for device syncs etc.
Reply
0 Kudos
CodyDirrigle
Contributor
Contributor

Its the APN cert causing it, all of the current devices have the old APN cert on them and we created a new APN cert when we created the new console server. Wait for vmware to confirm we can export the old apn and import it to the new console, guessing we will need to have it corrected in the database also before it works.
Reply
0 Kudos