Policy and tasks not getting applied on iOS
Bitdefender GravityZone provides full visibility into organizations' overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender's Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization
This article helps troubleshoot the issue with the Bitdefender GravityZone MDM configuration policy/profile and tasks not getting applied on iOS devices.
The issue can be noticed with managed iOS devices, immediately after installing and activating GravityZone Mobile Client or sometimes at a later time, and manifests as follows:
- GravityZone Mobile Client displays an issue about the currently assigned policy not being active on the iOS device.
- In GravityZone Control Center, in the Mobile Device Details window of the iOS device, the policy is marked as pending, even though the device is connected to the Internet and should be able to receive the policy.
- Tasks run from Control Center on iOS devices do not work, even though the devices are connected to the Internet and should be able to receive tasks.
The issue is usually related to the Apple Push Notifications system. Whenever there's a new policy update or task to be applied to an iOS device, the GravityZone MDM system sends a push notification to the device, via the Apple Push Notifications servers, to trigger synchronization. Upon receiving the push notification, the device synchronizes with the GravityZone MDM server to receive the latest policy or task. If the push notification cannot be sent or is lost, the policy/task does not get applied.
Refer to the following table for information on troubleshooting the issue.
|Apple Push Notifications service (APNs) certificate has not been configured, has expired or is invalid. Consequently, Control Center is unable to send push notifications via the APNs servers.||Check APNs certificate status in Control Center > Configuration > Certificates (company administrator privilege is required). If everything seems ok with the certificate, but none of the subsequent solutions work, you might want to generate a new APNs certificate.|
The ports used to communicate with APNs (2195, 2196, 5223) are blocked by a firewall or gateway.
Make sure the APNs ports are allowed.
Note: Ports 2195 and 2196 must be open for outgoing connections.
|An issue with the APNs system might cause the push notification to get lost or delayed. Note that sometimes the APNs server might be busy, resulting in push notifications being delayed.||Check again after a few hours to see if the issue still occurs.|