Mandatory Upgrade Required for Environments using On Premises VMware Email Notification Service 2 (ENS2) version 1.3.0.4 and older

Overview

Customers using an on premises instance of ENS2 are required to upgrade their ENS to version 1.3.0.5. ENS2 depends on CNS service to deliver notifications to devices. CNS certificates expire on June 22, 2019. ENS2 version 1.3.0.5 puts a mechanism in place to automatically update certificate information. This patch implements an automated process which will ensure that future certificate updates do not require a patch.

 

Customer Impact

If this patch is not applied, end users will stop receiving notification after June 22, 2019.

 

Resolution 

The impact of this issue can be eliminated by upgrading on premises installations of ENS2 to version 1.3.0.5 or later before the expiration of the certificate.

Before Installing ENS2 1.3.0.5

Ensure that you are able to reach following URL from ENS server: https://awtrustdiscovery.awmdm.com/autodiscovery/HostRegistry.aws?URL=cns.awmdm.com. If there are any firewall rules preventing from accessing this URL, they should be removed before continuing with the installation.

Be sure that the following services are stopped manually on the server:

  • IIS > Email Notification Service
  • Windows Services > AirWatch Resubscription Mechanism
  • Windows Services > AirWatch RSA Key Tracker Service

After validation of the requirements above, the server can be upgraded.

 

Validating the Upgrade

Once installation is complete, the AirWatch AutoDiscovery Checker service will be installed and automatically perform required updates. Ensure service is running correctly.
autodiscovery_checker.jpg

 

Next, review logs for this service at \{ENS installation directory}\Email Notification Service\Services and ensure you are able to see you are able to see the following log statement(s) without errors: New Certificate Added Successfully
log_statements.jpg

As a final step review \{ENS installation directory}\Email Notification Service\Website\web.config file and ensure that at least 8 pinnedCertificate elements listed under <pinnedCertificates> section.
pinnedcertificates.jpg

 

Troubleshooting

Installer error

  • installer_error.jpg
    This error occurs if the installer is unable to install the VMware AirWatch Root certificate. To remedy this problem, make sure that the installer has the appropriate privileges to install the certificate on the server.


AutoDiscoveryChecker.log file error(s)

  • Error while searching for public key in existing config file
  • Error occurred while updating config File
  • Exception while getting latest cert from auto discovery
  • These errors will be displayed if https://awtrustdiscovery.awmdm.com/autodiscovery/HostRegistry.aws?URL=cns.awmdm.com is not reachable. If the error is a result of a temporary network failure, the service should attempt to connect to the endpoint again after 24 hours.

 

Support Contact Information

To receive support, either submit a ticket via the My Workspace ONE  portal or call your local support line.

 

Best Regards,

The VMware Workspace ONE Team

Other Languages: 日本語

Have more questions? Submit a request

0 Comments

Article is closed for comments.