Mandatory Upgrade Required for Environments using On Premises VMware Email Notification Service 2 (ENS2) version and older


Customers using an on premises instance of ENS2 are required to upgrade their ENS to version ENS2 depends on CNS service to deliver notifications to devices. CNS certificates expire on June 22, 2019. ENS2 version puts a mechanism in place to automatically update certificate information. This patch implements an automated process which will ensure that future certificate updates do not require a patch.


Customer Impact

If this patch is not applied, end users will stop receiving notification after June 22, 2019.



The impact of this issue can be eliminated by upgrading on premises installations of ENS2 to version or later before the expiration of the certificate.

Before Installing ENS2

Ensure that you are able to reach following URL from ENS server: If there are any firewall rules preventing from accessing this URL, they should be removed before continuing with the installation.

Be sure that the following services are stopped manually on the server:

  • IIS > Email Notification Service
  • Windows Services > AirWatch Resubscription Mechanism
  • Windows Services > AirWatch RSA Key Tracker Service

After validation of the requirements above, the server can be upgraded.


Validating the Upgrade

Once installation is complete, the AirWatch AutoDiscovery Checker service will be installed and automatically perform required updates. Ensure service is running correctly.


Next, review logs for this service at \{ENS installation directory}\Email Notification Service\Services and ensure you are able to see you are able to see the following log statement(s) without errors: New Certificate Added Successfully

As a final step review \{ENS installation directory}\Email Notification Service\Website\web.config file and ensure that at least 8 pinnedCertificate elements listed under <pinnedCertificates> section.



Installer error

  • installer_error.jpg
    This error occurs if the installer is unable to install the VMware AirWatch Root certificate. To remedy this problem, make sure that the installer has the appropriate privileges to install the certificate on the server.

AutoDiscoveryChecker.log file error(s)

  • Error while searching for public key in existing config file
  • Error occurred while updating config File
  • Exception while getting latest cert from auto discovery
  • These errors will be displayed if is not reachable. If the error is a result of a temporary network failure, the service should attempt to connect to the endpoint again after 24 hours.


Support Contact Information

To receive support, either submit a ticket via the My Workspace ONE  portal or call your local support line.


Best Regards,

The VMware Workspace ONE Team

Other Languages: 日本語

Have more questions? Submit a request


Article is closed for comments.