VIP PUSH notification not sent\received on a mobile device.

book

Article ID: 170100

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

VIP does not send PUSH notifications for 60 minutes, then begins sending again. 

VIP logs show: <status>600D</status><statusMessage>Operation not allowed in current state of credential.

The token VIP Access Push status shows as TEMPORARY LOCKED in VIP Manager. 

Cause

The PUSH lockout was designed to prevent PUSH spamming or looping. 

The PUSH function will temporarily lock for 60 minutes if 5 consecutive PUSH notifications to the same device are denied or unacknowledged by the user. While temporarily locked, end-users can enter a security code manually as long as the Allow Security Code Validation option in VIP Manager is set to Yes. If set to No, the end-user will see Login failed. Please contact your administrator while PUSH functionality is temporarily locked. 

Example of PUSH becoming temporarily locked:
 
Push sent, user Denies PUSH = fail count 1
Push sent, user Denies PUSH = fail count 2
Push sent, user ignores = fail count 3
Push sent, user ignores = fail count 4
Push sent, user ignores = fail count 5, PUSH temporarily locked
 

Environment

PUSH is enabled in a VIP account under the Policies tab in VIP Manager. VIP Access mobile is installed and the credential is registered to a user in VIP Manager. The credential shows a PUSH enabled.

Resolution

PUSH functionality will be restored 60 minutes after the last PUSH was sent. A VIP administrator can manually set the PUSH functionality status back to enabled in VIP Manager. 

The device must be able to accept the PUSH notifications (powered on, service available or on WiFi, not in airplane mode, not on silent mode, VIP notifications are not blocked, etc)

Below are some common causes of a PUSH notification not being received on a device:

  • PUSH notification sent to a different credential ID not registered to the user (example: A user gets a new phone and VIP credential ID but hasn't yet registered the new ID or removed the old)
  • Lack of connectivity to the internet via wifi or mobile data. 
  • Environmental\building conditions that affect network connectivity. 
  • Wifi connection firewall rules are blocking PUSH notifications sent to or from services.vip.symantec.com.
  • Notifications are disabled or hidden on the device
  • Notifications ignored or denied
  • Network latency
  • Misplaced or lost device
  • Misconfigured validation server and/or NAS or VPN settings, such as improper timeout or retry values.

Use VIP Manager end-user REPORTS to view PUSH notification history for a user.

Presently, there are no API calls to check what increments the counter value. VIP Manager cannot filter for users with temp. locked push credentials since it will automatically unlock. 

Attachments