Problem: Policies, profiles or apps are not rolled out in a timely manner. In the device overview (Control Panel→ Devices→ MDM States or Control Panel→ Devices→ Apps & Docs) the status of the apps or commands is shown as Pending or Failed.
The status Pending or Failed can have many possible causes. We have listed the main ones here.
1. (MDM) certificates/accounts have expired or are not functioning
2. The device is engaged
3. The device can’t comply with the command because the content is flawed
4. (Apps only) There are VPP license problems
5. (Apps only) iOS apps are no longer available in the store
6. The Cortado server is not accessible to the device
7. The Cortado server can’t access the device
1. Open the Cortado Managementkonsole in the browser and check the certificate information for validity and expiry date. If the TLS certificate has expired, renew it.
- For Apple: Under Control Panel→ Certificates, check that the Apple Push Certificate is still valid and renew it if necessary.
- For Android: Under Control Panel→ Global Settings→ MDM→ Android MDM check that all fields for Managed Google Play Accounts or Google Accounts are filled in.
2. If devices are busy performing updates or other critical processes, the MDM can put commands on hold. It can generally take up to 10 minutes for an MDM profile to be executed on a switched on, unlocked device that has a functioning internet connection with the required port shares and can access the Cortado server without certificate errors. If all these prerequisites are being met and the execution of the command is still significantly delayed or fails, check through the other points in this list.
3. Particularly with profiles, it is not uncommon for configuration errors to creep in. If a device has been provided with a configuration that contains errors (e.g. in assigning certificates that have been given out without the correct format or that don’t have the correct contents) a Failed status is common. If you see Failed States in the console, you can roll the mouse pointer over them and view the device feedback. If you are unable to rectify the error yourself, use a Support Ticket to let us know.
4. If you are using a VPP account that was previously used in another MDM system and you want to integrate devices that were connected to that earlier MDM system and which obtained VPP apps from it, it is not unusual for license conflicts to occur. If the VPP licenses were not properly decoupled from the devices by the MDM system in a delete operation, a Failed State, relating to the license error, can arise. On this basis, we actively advise against transferring VPP accounts from another MDM system. To avoid licensing errors, you should create a new VPP account.
5. If you see Failed States that indicate that an app is no longer available in the App Store, you can search for the app in the App Store directly from the device. If the app can no longer be found there, then you must remove the app from the management console. It is no longer possible to deliver this app.
6. Try to open the Cortado management console in the browser on the mobile device. Try to establish mobile data (e.g. LTE), as well as Wi Fi connections. If the Cortado server can’t be accessed, its DNS name is probably not able to be resolved, or port shares are missing.
7. Check whether all the MDM relevant ports are free. Preferably do this on the Cortado server with the Telnet client, which you can start after installing the role via a command line. You will find the complete Port list. here. As a minimum, check the following ports over the Telnet client:
- telnet gateway.push.apple.com 2195
- telnet gateway.push.apple.com 2196
- telnet fcm.googleapis.com 443
If a black window opens, the connection to the MDM end points can be established with Apple and Google. If a connection error is displayed, you should check your firewall settings.