Android 10 devices not enrolling

Android 10 devices not enrolling

Has anyone else had this issue? I'm trying to enroll an Android 10 device but it fails to connect to the server.

 

Cloud based server, running 13.4.  Zebra TC57x running OS10.  MobiControl is set as DO. 

 

TIA.

 

 

7 Answers

Order By:   Standard | Newest | Votes
Simon Breuer | posted this 22 September 2021

Hi Adam,

Android 10 does not trust SHA1 certificates.

In MobiControl 13.4 there is probably a SHA1 certificate bound to the DS service.

 

See also: https://discussions.soti.net/kb/android-10-sha-1-deprecation/

 

  • 1
  • 0
Raymond Chan | posted this 24 September 2021

Hi Adam.

As your v13.x MobiControl is a cloud instance, you can open a ticket with Soti support team to discuss whether to use a quick fix with SHA2 SSL certificate, or to perform a full-blown upgrade of your cloud server to more updated version using a SHA2 root certificate.  The former likely need less effort and has much lower impact on exisiting devices, while the latter has many more factors to consider.

 

  • 0
  • 0
Adam Davidson | posted this 30 September 2021

Hi,

 

Thanks for the replies.

 

I've now had our cloud instance upgraded to 15.4 (we need to have SHA-1 and SHA-2 for a short period and 15.4 can have both on one DS).

Still can't enroll devices though.  Now when I try to enroll, they appear in the MC UI but the device is in a loop of "re-enrolling". 

 

I've tried enrolling using StageNow, a QR code from SOTI website and manually by adding an account "afw#mobicontrol".

It seems that whatever I'm doing isn't making the OS Enterprise (in the MC UI it shows as Android+ for Family and Kind).

 

I've tried to find answers but none have worked so far (see above).  Any ideas why, when I'm setting MC Agent as the DO it's not being seen as an Enterprise OS?  Or have I missed something?

 

Thanks in advance.

  • 0
  • 0
Matt Dermody | posted this 30 September 2021

Are you factory resetting the devices between attempts? If you have been attempting with the device for a while it is probably not in a clean state for an AEDO enrollment. I recommend you Factory Reset the device first using StageNow and then attempt the re-enrollment. Note the Factory Reset in the settings app isnt a true Factory Reset as the Enterprise partition won't be wiped. Factory reset using StageNow. 

  • 0
  • 0
Adam Davidson | posted this 01 October 2021

Hi Matt,

 

Thanks for your reply.  Yes I'm using a StageNow QR to factory reset.  I've also used the reset file from Zebra. 

It appears, according to SOTI Support, that it's due to just 21, out of over 1k devices, that missed the agent update (due to being powered off since before the update was sent and not powered on since). I now have the field teams looking for these devices to turn them on.

I'll update this thread once the 21 have been updated/un-enrolled and let everyone know if it fixed it.  Someone else might have the same issue in the future?

 

Adam.

  • 0
  • 0
Adam Davidson | posted this 13 October 2021

Turns out it was all to do with the DS and SHA-1 vs SHA-2.

 

MC v15.4 DS can run both certificates simultaneously, but only with Windows devices.  Android is either SHA1 or SHA2.  Once we had the DS switched over to SHA2, it all worked. 

  • 0
  • 0
JMP1970 | posted this 14 October 2021

I had this begin sometime over the last 5-7 days, didn't know until I tried to enroll a device myself.  Seems to affect Android OS8.1 and OS10 equally (Zebra TC57, TC57X - MC v15.3.3, MCAgent v15.0.0.1110, current Zebra Plug-in), using Stagenow, QRCode or Android ZTE methods.  Tried several things and the 1 reproducible fix was to right click on the offending add device rule and choose "Update Enrollment Profile".  Next time the device contacts the DS to enroll during the "enroll-loop", it enrolls as expected.

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback