All, Currently doing PoC for BigFix MCM 2.0 with customer. Setup is completed in Azure and when testing the Enrollment from the corporate network, I’m able to enroll device, install bigfix agent and I can see device in the console.
I’m trying to do the same from device on the Internet, but running into issue with syncing of policies to the device.
I’m using Bulk Enrollment (.ppkg package), I’m able to login/authenticate to the portal, I can download the .ppkg package, it executes on my device and checking “School and Work account” I see that package is installed and device enrolled. When trying to click on “Sync” I’m getting below error
"The Sync could not be initiated (0x80190193). Checking EventViewer on that PC I’m seeing following message “MDM Session: OMA-DM message failed to be sent. Result: (Forbidden (403).).”
The only difference for Internet Enrollment is the use of “Azure Application Gateway” which is requirement from the customer for Internet facing Web applications. The Firewall rules are all in place.
Troubleshooting
- confirm connectivity to the Enrollment server (I’m able to connect from the internet and name resolves to external IP)
- Authentication works fine over the internet and package is downloaded
- Opened ticket with HCL Support and enabled debug/verbose logging, unfortunately when trying to click “Sync” these entries are not logged in any of the logs I could find back.
- Opened ticket with the Azure Cloud Ops team to see if they can check logs on the application gateway
- Installed WireShark but as all traffic is encrypted does not show much either in that respect.
hopefully somebody in the forum has installed BigFix MCM 2.0 using Application Gateway or other type of load balancer and might be able to provide some insight into the issue.