MDM enrollment failing for iOS and Android devices, but MAM enrollment works fine

On iOS, the enrollment fails during the second profile installation – The error is “Profile installation failed: profile failed to install”

On Android, you see “Access to your company network is not available”

Enrolling directly against the Gateway (MAM) works fine.

The server-side logs are showing:

| | INFO | http-nio-10080-exec-8 | com.sparus.nps.ios.agent.V9AgentUtils | Client has not supplied identity. Sending 417.

Android Secure Hub logs are showing:

“Secure Hub”,”ERROR ( 2)”,”AuthManagerMDM:No access to company network msg displayed : StatusCode 500 while MDM authentication“,4854,6780,Secure Hub, , ,0

iOS Secure Hub logs are showing:

<MDM>,ERROR (2),__48-[X1MDMEnrollFlowController createSecureSession]_block_invoke,”request to resulted in httpResponse 417“,Active,,403,Secure Hub,/jenkins/workspace/iOS_X1_Dist_X1_Rel_10.4.0/Me@Work/Me@Work/Controller/X1MDMEnrollFlowController.m,1215

Traces will also show HTTP 417 errors from the XenMobile server.


MDX permission details

What are below permissions in Android MDX?

Q. What are Content providersrelate to

A. Content Providers and Services are protected by querying the OS for the calling Package’s Signing Certificate and comparing that to the one used to sign the published app within the XMS/CEM. If the signing certificate matches, then the app is allowed to make the call. If the certificates do not match, then the call to the Content Provider/Service is rejected and a NULL is returned.

Q.What is Android.permission.READ_LOGS?-

A. READ_LOGS permission is used for sending diagnostic information when troubleshooting an application. This allows the app to capture the logs from the Main Console which often provides critical information needed to debug an issue. These logs are saved into a ZIP file and sent to Secure Hub upon request. Secure Hub, in turn, can send those logs to the Enterprise Administrator or IT support for further analysis.

Q. What is android.permission.KIL_BACKGROUND_PROCESSES?

A. KIL_BACKGROUND_PROCESS is only used by an application to terminate its own processes (and not some other application’s). We use this permission when it is necessary to restart an application process and there may exist one or more processes for the app running. Sometimes terminating the app process is necessary to fully support a change to certain policies or to ensure proper behavior of the app under specific instances. This only happens after MDX displays a dialog to the user telling them the app must be restarted (or exited) and for what reasons.


  • No Related Posts

Quick edit known issues

Known issues

  • If a page size exceeds 10,000 points (width or height), documents do not open, in order to prevent a potential memory error.

  • Digital signatures and inline images are not supported with QuickEdit.

  • On QuickEdit on iOS 12 devices, when users create a file, a “Due to insufficient memory” issue appears.

  • Users cannot see annotations to PDF files unless users open the file in Edit mode and then select the Annotations option.

  • When users open a PDF file that exceeds 150 MB, an “unsupported file” error message appears.

  • On QuickEdit on iPads, in Edit mode, the keyboard does not appear as expected.

  • Users cannot create a Powerpoint (.ppt) file that includes more than one photo.

Known limitation

QuickEdit is not supported for shared devices. If users had an older version of QuickEdit and are signed in with user on a shared device, a serious issue may occur. If they try to update to QuickEdit for iOS versions 7.4.0, existing files and folders managed locally from QuickEdit are lost. Citrix Files data, however, is unaffected.

Our Team has already engaged Polaris team on the same. This is planned for our road map and we dont have an immediate fixes or ETA for the same


  • No Related Posts