Rugged enrollment errors when using barcode and sideload enrollment
During barcode enrollment or sideload staging, you may encounter the below errors:
*Note: “CREATE_MDM_ERROR” is a generic error and may indicate other root causes. Additionally, confirm that LoginFailedAttempts >=3.
User or device is invalid due to exceeding number of allowable login attempts. To prevent “spoofing attacks,” the enrollment process requires additional captcha validation after 3 failed attempts. This is a security requirement when enrolling with username and password. The failed attempts can be for a user or a device, whichever occurs first. For barcode enrollment and sideload staging, there is no user interface, and thus a captcha cannot be entered.
The security information can be reset in the database for on-premise environments. For SaaS environments, contact the AirWatch Support team for assistance.
The primary concerned tables are below:
1. Reset user failed attempts in mobileManagement.EnrollmentUser table.
- Set LoginFailedAttempts = 0 in the MobileManagement.EnrollmentUser table for specified user
2. Check mobilemanagement.DeviceEnrollmentStaging table for the device by serial number
- If found, remove all records associated to serial number
It is recommended to configure the purge interval to 2 days for the mobilemanagement.DeviceEnrollmentStaging table. This is a GLOBAL console setting:
- Settings > Admin > Data Purging > DeviceEnrollmentStaging Purge
Short Term/Long term Resolution
In the short term, the user and password entered on the Devices > Staging & Provisioning > Staging will be validated prior to saving and generating the barcode. However, this is not a panacea. The issue may still be encountered, albeit significantly less. In the long term, barcode and side load staging enrollment will move away from user and password validation.