What Android firmware version(s) is/are your devices running?

Did you recently make any change(s) to your certificate tab settings in MCadmin? Or any server upgrade done recently?

TC70 runs 5.1.1, TC70X runs 7.1.2.

Mobicontrol Version is 14.2.2.1170

There was an upgrade a few months ago I believe. From 12.x to 14.2. The SQLExpress database was problematic when trying to upgrade from 2008 to 2012. We rolled back to the snapshot prior to attempting the database upgrade and have faced these problems since.

Hello Zachary Taylor,

Thank you for your post, are you using IP addresses in Deployment Server section in MCAdmin? if yes, please check in the certificate if that IP addresses are mentioned.

Regards,

Thanks to both of you for your assistance. We do not use an IP, but the FQDN

Hello Zachary,

Thank you for your response, are you trying to enroll your device as Android Plus? and also can you enter enrollment URL instead of Enrollment ID while enrolling the device? let me know if you still facing same issue.

Please factory wipe the device using below bar-code before trying to enroll the device -

https://www.mobilitysolutions.cz/files/Android_FactoryDefault_wSD.pdf

Regards,

This is not during enrollment, it affects all of our devices which are already enrolled. They are enrolled as Device Administrators. I am not on-site to try and factory re-set and re-enroll at this time, but can do so as soon as possible.

Hello Zachary,

Thank you for your response, is it possible for you to attach the screenshot of the error message?

Regards,

This is the error message we see.Thank you

Hi Zachary,

Did your device upgrade to Android 10 by any chance?

If so, these devices has a SHA256 requirement and right now they're utilizing SHA1.

Regards,

No sir, they do not auto-update, nor have we pushed that update out

Zachary,

This needs further troubleshooting to resolve the issue. 

Can you please raise a support case(click here) or call SOTI Support team(click here) to assist you better?

Regards,

Hi Zachary,

Do your problematic devices get fully or partially out-of-control? Or do all policies get deployed and are functional and the only problem is occasional op-up of the "SSL handshake failed" error?

Are there problems for ALL your TC70/TC70X devices? Or just for SOME devices? 

Are all problematic devices running the same device agent (i.e. same version and build numbers)?

As you mentioned you started to have the reported problems since the server/SQL upgrade done a few months ago, it is highly likely that some of the upgrade steps were not done properly.  For example, maybe the problematic devices did not get the right certificate, or your server/infrastructure have not been properly configured.  Did you perform the upgrade yourself?  The steps taken in your upgrade may provide some useful clue on what might have gone wrong.

Thanks for all the assistance everyone. It is about time for us to refresh our fleet anyway. We have created a new server and will wipe/update/ and re-enroll our fleet. This has already proven to fix the SSL problem.

Thank you

That's great Zachary. 

If this post has helped you in solving your inquiry, I would request you to mark the particular comment as "is solution", so others may benefit from this information.

Regards,