ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

VIP PUSH notification not sent\received on a mobile device.

book

Article ID: 170100

calendar_today

Updated On:

Products

VIP Authentication Service VIP Access for Mobile

Issue/Introduction

VIP does not send PUSH notifications for 60 minutes, then begins sending again. 

VIP logs show: <status>600D</status><statusMessage>Operation not allowed in current state of credential.

The token VIP Access Push status shows as TEMPORARY LOCKED in VIP Manager. 

Cause

The PUSH lockout was designed to prevent PUSH spamming or looping. 
Setting the status from 'Temporarily Locked' to 'Enabled' by a VIP Manager administrator will unlock the PUSH. 

The PUSH lock activates after 5 consecutive failed/unanswered PUSH attempts and remains locked for 60 minutes after the last PUSH attempt. While locked, end-users will be prompted to enter a security code manually. 

If entering security codes manually is disabled in VIP Manager while the PUSH is temporarily locked, logins will fail with the error "Login failed. Please contact your administrator". 

For example, 5 pushes are:
 
Push Denied = fail count 1
Push Denied = fail count 2
Ignored = fail count 3
Ignored = fail count 4
Ignored = fail count 5, push is  temp locked.

 
The fail counter resets back to zero 60 minutes after the last PUSH was sent, or when the user accepts an active PUSH notification while the credential is not temporarily locked. 
 
Presently, there are no API calls to check what increment the counter value. VIP Manager cannot filter for users with temp. locked push credentials since it will automatically unlock. 

Environment

PUSH is enabled in a VIP account under the Policies tab in VIP Manager. VIP Access mobile is installed and the credential is registered to a user in VIP Manager. The credential shows a PUSH enabled.

Resolution

Possible causes of a PUSH notification not being received on a device:

  • PUSH being sent to a different credential ID not yet registered to the user (user is using a new device or the app was reinstalled on the current device)
  • Lack of connectivity to the internet via wifi or mobile data due to environmental conditions
  • Wifi connection firewall rules do not allow PUSH notifications.
  • Notifications are disabled or hidden on the device
  • Notifications ignored or denied
  • Network latency
  • Misplaced or lost device
  • Misconfigured validation server and/or NAS or VPN settings, such as improper timeout or retry values.
  • Check Firewall rules to see if is blocking the URL services.vip.symantec.com

The device must be able to accept the PUSH notifications (powered on, service available or on WiFi, not in airplane mode, not on silent mode, VIP notifications are not blocked, etc)

Use VIP Manager end-user REPORTS to view PUSH notification history for a user.

Attachments