Problem: Policies, profiles or apps are not rolled out in a timely manner. In the device overview (Administration→ Devices→ MDM States or Administration→ Devices→ Apps) the status of the apps or commands is shown as Pending or Failed.
Possible causes
The status Pending or Failed can have many possible causes. We have listed the main ones here.
1. (MDM) certificates/accounts have expired or are not functioning
2. The device is engaged
3. The device can’t comply with the command because the content is flawed
4. (Apps only) There are App Store license problems
5. (Apps only) iOS apps are no longer available in the store
6. The Cortado server is not accessible to the device
7. The Cortado server can’t access the device
Solution
1. Open the Cortado Administration Portal in the browser and check the certificate information for validity and expiry date. If the TLS certificate has expired, renew it.
- For Apple: Under Administration→ Settings, check that the Apple Push Certificate is still valid and renew it if necessary.
- For Android: Under Administration→ Settings→ Android Enterprise→ Configure check that all fields for Managed Google Play Accounts or Google Accounts are filled in.
2. If devices are busy performing updates or other critical processes, the MDM can put commands on hold. It can generally take up to 10 minutes for an MDM profile to be executed on a switched on, unlocked device that has a functioning internet connection with the required port shares and can access the Cortado server without certificate errors. If all these prerequisites are being met and the execution of the command is still significantly delayed or fails, check through the other points in this list.
3. Particularly with profiles, it is not uncommon for configuration errors to creep in. If a device has been provided with a configuration that contains errors (e.g. in assigning certificates that have been given out without the correct format or that don’t have the correct contents) a Failed status is common. If you see Failed States in the console, you can roll the mouse pointer over them and view the device feedback. If you are unable to rectify the error yourself, use a Support Ticket to let us know.
4. If you are using a App Store account that was previously used in another MDM system and you want to integrate devices that were connected to that earlier MDM system and which obtained App Store apps from it, it is not unusual for license conflicts to occur. If the App Store licenses were not properly decoupled from the devices by the MDM system in a delete operation, a Failed State, relating to the license error, can arise. On this basis, we actively advise against transferring App Store accounts from another MDM system. To avoid licensing errors, you should create a new App Store account.
5. If you see Failed States that indicate that an app is no longer available in the App Store, you can search for the app in the App Store directly from the device. If the app can no longer be found there, then you must remove the app from the Administration Portal. It is no longer possible to deliver this app.
6. Try to open the Cortado Administration Portal in the browser on the mobile device. Try to establish mobile data (e.g. LTE), as well as Wi Fi connections. If the Cortado server can’t be accessed, its DNS name is probably not able to be resolved, or port shares are missing.
7. Check whether all the MDM relevant ports are free. Preferably do this on the Cortado server with the Telnet client, which you can start after installing the role via a command line. You will find the complete Port list. here. As a minimum, check the following ports over the Telnet client:
- telnet gateway.push.apple.com 2195
- telnet gateway.push.apple.com 2196
- telnet fcm.googleapis.com 443
If a black window opens, the connection to the MDM end points can be established with Apple and Google. If a connection error is displayed, you should check your firewall settings.