SOTI Pulse Logo

Lockdown profile cannot login at the device but can through Mobicontrol console.

Solved
C
Cooper

We are running a lockdown profile on Zebra MC3300x handheld. I have applied the authentication then the lockdown. and I cannot manually log into the device either at the device or through Mobicontrol remote control but if I use the "Enter Administrator Mode" from the remote control console it lets me in.

I have tried resetting the password in the authentication profile and revoking\installing.

I have rebuilt the device and patched it to the latest.

I have built a brand new authentication policy and lockdown so I am 100% sure of the password. I tried a different lockdown template thinking maybe it just doesn't work well on this device. and I am still seeing the same behavior.

This creates an issue if the device loses network connectivity for some reason as we them cannot get into the device and reconnect it thus we have to factory rest the device and rebuild it.

Just not sure what else to do or where the problem lies.

They are Work Managed . 

OS : Android 11

Zebra what used to be LG patch but is now called something else : 11-42-18.00-RG-U01

Mobicontrol Agent version : 2024.1.1.1125

Mobicontrol version : 15.4.1.4828

I know we are a few revisions behind on our Mobicontrol version but we are trying to work out issues we have in our test environment with the newer version before upgrading our production environment.

Any help or direction would be appreciated.

Lockdown admin mode manual login mc3300x
a year ago
SOTI MobiControl
ANSWERS
RC
Raymond Chan Diamond Contributor
a year ago

What you described sounds a bit rare.  I don't have your Zebra device model to do any test.  So maybe you can check yourself (e.g. with the "identify_activity" script command) what program/activity are running in the foreground when the device is prompting device end-user for password while lockdown menu is not active . 

I was just wondering if your device firmware include a new separate module handling password, and the module is not included (i.e. whitelisted) while the lockdown menu is active.  If so, the simplest solution is to include the bundle-ID/activity name of this module in lockdown menu or application-run-control whitelist.

C
Cooper
a year ago

Thank you for the quick response. I will give that a try and report back.

A
ABMOD@SOTI Silver Contributor
a year ago

Hi Cooper,

Thanks for posting on SOTI pulse. Thanks Raymond for responding to the post, your expertise and willingness to help are greatly appreciated!

Has your query been resolved? If not, or if you have any additional concerns, please don't hesitate to reach out. We are dedicated to providing assistance and support.

Also, if this post has helped you in solving your query, I would request you to mark the particular comment as "is solution", so that others may benefit from this information.

Kind Regards,

C
Cooper
a year ago

Well, I am not really sure what the issue was. I fiddled with what Raymond suggested but still had the same problem.

When I changed to a new authentication and Lockdown profiles I just revoked the original Lockdown and Authentication profiles and applied the new ones. I had fiddled around so much with things over the last day or two I finally just performed a factory reset on the device and it worked after rebuilding and applying the new profiles.

Clearly something was hanging on and got removed with the reset. Thank you for your help.

C
Cooper
a year ago

Well, that did not solve the issue. Once I applied the rest of the Profiles I ended up with the same behavior. I started to remove profiles one by one until I could perform the admin login on the device.

When I removed the WiFi profile (I went in and manually added another SSID so I would stay connected). I was able to log in manually on the device.

So at the risk of sounding really stupid, I think it is a conflicting Authentication  configuration.

We moved to using a certificate for our WiFi about a year and a half ago and have been creating WiFi Profiles with the WiFi config, authentication, and certificate. Any device that is on our WiFi has a lockdown policy so we have a lockdown Profile as well as an Authentication profile. This has not been an issue until now.

Have we been lucky up until now or is this something new with Android 11?

We are using the same WiFi profile on another group of MC3300s, also running Android 11, and as far as I know we are not having the same problem on those.

I tried removing the stand-alone authentication profile and adding the authentication config to the lockdown to see if that worked and it did not.

So I guess my question now is should the authentication for the Lockdown be in the lockdown profile or a seperate stand-alone authentication profile?

C
Cooper
a year ago

Wow,! Just wow! Nevermind, too many cooks in the kitchen, one without memory or consistency and me not checking and double checking.

Problem resolved. It was the multiple authentication policies. Even though they matched (or so I was told). We just renewed the certificate used for these devices and when the person that sets up those profiles updated the certificate there was a warning for the need of an authentication policy so he set one up within the Profile for the WiFi.

I haven't set up the profiles for the WiFI since we've used certificates so. like an idiot I just went with what I was told about the setup. LEsson learned.

Solution
A
ABMOD@SOTI Silver Contributor
a year ago

I am glad that your issue is resolved.

Similar Discussions