On devices running iOS 18+, when a web app kiosk policy is pushed via an MDM and the device is restarted. The touch screen doesn't respond on the device. So the device is currently in a brick state. Since we can't enter the password we can't get the logs from the device and it is even hard to recover the device. On restart the device isn't connecting to the internet so it isn't possible to remove the kiosk policy as well. This only happens on devices running iOS 18+ and with web app kiosk profile.
Post
Replies
Boosts
Views
Activity
Would it be possible to prevent deletion of specific apps on iOS devices using MDM.
When the user pushed the lock device action on a macOS 14, it returned an acknowledgement but the device wasn't locked. Which resulted in loss of data on the device.
macOS devices- dep enrolled device - configured an email policy and it gets stuck on pending status. The rest of the policies and actions like lock device and scan device are executed successfully.
While enrollment using DEP, if there is account creation config present in Dep configuration profile , At the time of enrollment we don't receive the user token and user channel is not present.
The keys UserID and EnrollmentUserID in TokenUpdate is not present.
As a result we can't successfully push the email policy. Is the inference correct or is there anything else we are missing out.
out of 37 devices, 7 are inactive( al are ios ). We have checked one of the devices and the broadcast message was sent successful. Additionally, Cx confirmed that the location history is shown properly. We restarted the device, checked the date and time, and found it to be correct. We also switched to a different network, but that doesn't change anything. The sync from the Hexnode app was successful. We reinstalled the MDM profile, yet it doesn't change anything. We renewed the APNs once and checked, but the scan device action remains pending.
Im experiencing an error code 12026 when trying to install an app with iTunes Store ID 1163307568 and has tried various solutions but is still unable to install the app. Tried revoking the licenses and pushing the apps again but the error prompt persists.
We have also tried syncing VPP, checking the app license, and purchasing a mild surplus, but still getting the error.
The customer is trying to enroll macOS devices to Hexode via Apple Business Manager (without reset). Upon running the command sudo profiles renew -type enrollment, he received the below error.
Error: DEP enrollment failed: The cloud configuration server is unavailable. (MDMDeviceEnrollment:103)
Upon running the command sudo profiles show -type enrollment in Terminal, he received the following output.
Error fetching Device Enrollment configuration: (34006) Error Domain=MCCloudConfigurationErrorDomain Code=34006 "The cloud configuration server is unavailable." UserInfo={CloudConfigurationErrorType=CloudConfigurationFatalError, NSLocalizedDescription=The cloud configuration server is unavailable., NSUnderlyingError=0x6000012f0060 {Error Domain=com.apple.MobileActivation.ErrorDomain Code=-1 "Failed to create reference key." UserInfo={NSLocalizedDescription=Failed to create reference key., NSUnderlyingError=0x6000012f00c0 {Error Domain=com.apple.MobileActivation.ErrorDomain Code=-1 "Failed to create ref key." UserInfo={NSLocalizedDescription=Failed to create ref key., NSUnderlyingError=0x6000012f0150 {Error Domain=NSOSStatusErrorDomain Code=-25308 "failed to generate asymmetric keypair" (errKCInteractionNotAllowed / errSecInteractionNotAllowed: / Interaction is not allowed with the Security Server.) UserInfo=0x6000009f0440 (not displayed)}}}}}}
The device was assigned to the Hexnode server and listed in DEP devices in Hexnode. It seems to be an Intel device and we tried following troubleshooting steps. He said another user tried out the case and was encountering the same errors. He tried the following steps as part of troubleshooting.
Installed pending OS updates
Re-assigned device to Hexnode server
Cleared NVRAM/PRAM
Switched networks
Turned off firewall and proxies on the device
Re-assigned DEP configuration profile to devices
Re-configured DEP and APNs
Enrolling the device using the enrollment URL does work and he's able to deploy actions as well. He is willing to reset the device and check as well, but he has ~30 devices in ABM that are remote and in use. Since 2 devices encountered the case, he would like to know more about what happened.
Trying to enroll a device, but during the installation of the enrollment profile getting the error message - The profile (com.xxxxxx.mdm:c1c8048f-1450-447 3-8bba-1c714c4ce492) could not be installed due to an unexpected error. CPProfileManager:-65002"
Cx was unable to login to their cloud account when the policy was pushed on to their device. However, when no policy was pushed cx could login. The issue is with applying whitelist configuration to device with passcode turned on..while whitelisting the app some system bundle identifier is getting blocked, we tried whitelisting all system app available for ios and couldn't find a solution
The new profile added to manage the cellular private network is not getting installed on the device end - https://developer.apple.com/documentation/devicemanagement/cellularprivatenetwork?changes=_9
When we try to oinstall the profile we get these error messages.
{'Status': 'Error',
'CommandUUID': '556d4936-7514-4121-af8d-3f0bf855a9e6',
'ErrorChain': [
{'ErrorCode': 4001,
'ErrorDomain': 'MCInstallationErrorDomain',
'USEnglishDescription': 'Profile Installation Failed',
'LocalizedDescription': 'Profile Installation Failed'},
{'ErrorCode': 4001,
'ErrorDomain': 'MCInstallationErrorDomain',
'USEnglishDescription': 'Profile Failed to Install',
'LocalizedDescription': 'Profile Failed to Install'},
{'ErrorCode': 1009,
'ErrorDomain': 'MCProfileErrorDomain',
'USEnglishDescription': u'The profile \u201cprivate network policy\u201d could not be installed.',
'LocalizedDescription': u'The profile \u201cprivate network policy\u201d could not be installed.'},
{'ErrorCode': 4001, 'ErrorDomain': 'MCInstallationErrorDomain',
'USEnglishDescription': u'The payload \u201cPrivate Mobile Networks\u201d could not be installed.',
'LocalizedDescription': u'The payload \u201cPrivate Mobile Networks\u201d could not be installed.'}],
'UDID': '00008101-001E1DCA3A81001E'}
When we try to push blueprint for MDM over Wi-Fi in apple TV it fails, but in over the cable it works properly.
After pushing the blueprint over Wi-Fi, the device gets rebooted and go through setup steps, at the end we don't see the step for Mobile Device Management.
I'm attaching a sample Profile we attach to blueprint and Screenshot of Blueprint configuration.
We are an MDM and are trying to migrate to the new App and Book Management APIs.
In this doc mentioned below it asking us to send the public key generated to my Apple contact in a plain-text file. https://developer.apple.com/documentation/devicemanagement/app_and_book_management/apps_and_books_for_organizations/generating_developer_tokens?language=objc
I'm not sure who my Apple contact is? I already understand how to generate JWT token for the api.ent.apple.com. I would like to know who can authorize the public key for the organization.
Thank you
App installation not successful on Supervised iOS devices. The apps are pushed as VPP apps but the apps stays in initiated state for a long time and fails with error messages. Error message: The app with iTunes store id is already scheduled for management. Error code 12026.
Devices are running iOS 16+. Certain apps get pushed and others will fail. Tried uninstalling an app and the uninstallation was successful but was not able to install the app. Devices are checking in properly with the MDM.
App crashes or closes immediately when deployed as a VPP app via the Hexnode UEM portal. When the app is installed on a device not enrolled in Hexnode it works without any issues. It seems it works when deployed as a store app as well.
App : https://apps.apple.com/us/app/behaviorsoft/id1281297493