Rugged enrollment errors when using barcode and sideload enrollment

Rugged enrollment errors when using barcode and sideload enrollment

During barcode enrollment or sideload staging, you may encounter the below errors:

  • VALIDATE_CREDENTIAL_ERROR
  • CREATE_MDM_ERROR*

*Note: “CREATE_MDM_ERROR” is a generic error and may indicate other root causes.  Additionally, confirm that LoginFailedAttempts >=3.

 

Root Cause

User or device is invalid due to exceeding number of allowable login attempts.  To prevent “spoofing attacks,” the enrollment process requires additional captcha validation after 3 failed attempts.  This is a security requirement when enrolling with username and password.  The failed attempts can be for a user or a device, whichever occurs first.  For barcode enrollment and sideload staging, there is no user interface, and thus a captcha cannot be entered.

 

Workaround

The security information can be reset in the database for on-premise environments.  For SaaS environments, contact the AirWatch Support team for assistance.

The primary concerned tables are below:

  • MobileManagement.EnrollmentUser
  • MobileManagement.DeviceEnrollmentStaging

 

1. Reset user failed attempts in mobileManagement.EnrollmentUser table.

  • Set LoginFailedAttempts = 0 in the MobileManagement.EnrollmentUser table for specified user

2. Check mobilemanagement.DeviceEnrollmentStaging table for the device by serial number

  • If found, remove all records associated to serial number

 

Additional Recommendation

It is recommended to configure the purge interval to 2 days for the mobilemanagement.DeviceEnrollmentStaging table.  This is a GLOBAL console setting:

  • Settings > Admin > Data Purging > DeviceEnrollmentStaging Purge

 

Short Term/Long term Resolution

In the short term, the user and password entered on the Devices > Staging & Provisioning > Staging will be validated prior to saving and generating the barcode.  However, this is not a panacea.   The issue may still be encountered, albeit significantly less.  In the long term, barcode and side load staging enrollment will move away from user and password validation.

Have more questions? Submit a request

0 Comments

Article is closed for comments.