Sascha Warno

@EmilK what is your UEM environment? Is this a shared SaaS? Usually there error is different, but your env needs to be added to the AirWatch by VMware app if its a newer shared or dedicated SaaS. We wont add On Premises MDM there. Other points, how do you authenticate into Entra ID? How do you sync users into UEM? Is the ImmutableID/ AAD mapping attribute in UEM set as String or Binary?

Some things to check. The users in UEM have the same externalId as the users in Access? Also if you check in Hub Services under system settings does it show your UEM environment without error?

@Stefano Altieri please open a ticket with that information. Support would need to check what the API logs show.

What should be encrypted? Do they want to use it for SMIME? For that we got the Escrow gateway. https://docs.omnissa.com/bundle/CredentialEscrowGatewayV2310/page/OverviewofCredentialEscrowGateway.html You can use it together with the credentials payload.

My initial check was in Beta env. Tested in another environment and works fine there. Also had some others check and works for them. https://xx.awmdm.com/API/mdm/devices/3602/commands?command=SyncDevice would be the right one.

It should be https://xx.awmdm.com/API/mdm/devices/3602/commands?command=SyncDevice but I'm getting the same 500 error. Trying to check what could be the issue. What environment is that on and which version is it?

This would always be down to the device check in so it will pick up the command. Did you try to send a device command to SyncDevice via API together with the reprocess Product call to all targeted devices?

Shared this internally, Engineering is validating from their side still before adding it to the KB. Also with instant clones you will always see delays until they are hybrid joined right?! The method was tested with persistent machines. But the underlying issue would be the same.

This one? https://developer.omnissa.com/horizon/apis/horizon-cloud-nextgen/#api

With Windows you have quite a lot of ways to install applications and we add different ways in UEM to deliver those applications to devices based on use case. @Camille Debay created a great write up to go through all the different options that affect installations on Windows. Make sure to give it a look on Tech Zone to be as informed as can be before rolling out you apps. https://techzone.omnissa.com/resource/windows-application-installation-behavior

Okta is pretty flexible with its own authentication policies and routing rules, so you won't create any kind of loops even so you integrate them both as IdP for Access and Acces as IdP for Okta. You would create a set of rules and enforce Okta's own login methods for the Access SP/Application, whilst setting up Okta as authentication method for enrollments for example in the default access policy in Access. You and then leverage Access as IdP or IdP Authenticator in Okta. The newer method of the integration uses Access as possession factor inside of Okta authentication policies. For that you create a webapp in Access and specify a policy for it that requires Mobile SSO and compliance. You could even go further and integrate Okta as IdP yet again just to use it as MFA solution if you want to have a step up auth from Mobile SSO and compliance. I'm writing on a guide at the moment for Techzone, just a lot of configs to cover. There are also other solutions if compliance is the priority by using Tunnel or APIs to talk to Okta's Workflow solution.

Good to know, got around testing today and couldn't replicate and just wanted to ask how you import the settings or if you create new.

@Asma Alfayyad do you have the show pool info? cant really see much from the capture without looking into the requests themselves. It looks like the handshake is finished so.

You followed this guidance? https://avinetworks.com/docs/latest/load-balancing-ws1-access-with-nsx-alb/ cannot really relate the error from your screenshot to it, as this seems sshd process and on high port numbers. Is the health monitoring failing or in general? you can do a packet capture on the traffic and check it in wireshark.

Let me point the owners of that KB to the discussion internally and ask for an update.