Actions Not Being Processed
Introduction
In school environments and other scenarios where iOS devices are centrally managed using Mobile Device Management (MDM), disruptions can occasionally occur. One common issue is the failure of devices to process MDM actions, which can cause significant problems – either during ongoing lessons or in the general operation of the devices. This article describes potential error patterns, analyzes their underlying causes, and provides solutions to address such situations.
Expired Certificates
Error Pattern:
MDM actions remain in the pending status and are not executed by the device.
Cause: The identity certificate of the iOS device has expired. This often occurs in devices that have been stored for an extended period and were not in communication with the MDM server shortly before the automatic renewal of the certificate.
Note: Identity certificates are valid for 1 year and are automatically renewed once a successful communication with the server takes place.
Solution:
The simplest way to resolve this issue is to manually renew the certificate. In Relution, navigate to the Device Details section, then go to Security and select Renew under Identity Certificate.
If manual renewal is not possible, resetting the device to factory settings is an alternative.
VPN Apps
Error Pattern: iOS devices get stuck during lessons, or time-based configurations, such as starting or ending a lesson, are not executed.
Cause:
Often, end users, particularly in educational contexts, install VPN apps on their own, which blocks communication with the MDM server.
Some VPN apps also offer a Kill-Switch feature, allowing users to intentionally disconnect all internet communication. This interrupts MDM actions, such as starting or ending lessons.
On affected devices, VPN apps can be identified in Relution under Installed Apps.
Solution:
In Relution, it is possible to restrict the installation or use of VPNs. To achieve this, go to the Restrictions and enable the option Disable VPN Configuration.
With this setting, it will no longer be possible to create unmanaged VPN configurations on the devices.
DNS
Error Pattern: iOS devices get stuck during lessons, or time-based configurations – such as starting or ending a lesson – are not executed.
Cause:
A common reason is that end users, especially in schools, configure an alternative DNS manually. This can block communication with the MDM server, causing MDM actions to fail.
On affected devices, navigate to Settings > WiFi > DNS to check for custom DNS configurations.
Solution:
To prevent such issues, you can apply a configuration for Encrypted DNS Settings in Relution. This ensures that changes made to the DNS by end users will not take effect (even if the configuration remains possible), prioritizing communication through the managed DNS server.