Windows Modern Device Management (MDM) Troubleshooting Tips
search cancel

Windows Modern Device Management (MDM) Troubleshooting Tips

book

Article ID: 280516

calendar_today

Updated On: 11-13-2024

Products

IT Management Suite Client Management Suite

Issue/Introduction

While setting up Windows Mobile Device Management, MDM, you may encounter some issues. This article contains some helpful information that may assist you in troubleshooting.

Environment

8.7.1

Resolution

Always start by reviewing the documentation found at the following location:  Modern Device Management

  • When attempting to enroll the device, you may experience issues with this step.  This is probably related to the certificates you are using.  "You must obtain a certificate for the MDM Server from a trusted certificate authority (such as DigiCert), and then import it. The name of the certificate must be the same as the Fully Qualified Domain Name (FQDN) of the MDM Server, even if the MDM Server is configured to work via the Symantec Management Platform’s Internet Gateway. If you configured the MDM Server to use a custom external FQDN, issue the server certificate to the custom FQDN." Source:  Obtaining and Importing the MDM Server Certificate for Windows
    • Tip:  Make sure the certificate for the MDM certificate is in .PFX format.  When your endpoints connect to this MDM server, the certificate will need to be trusted by the endpoints in your environment.

After a windows device is enrolled to the MDM server, you may wish to check the Device sync status.  This is found, on Windows 11, at Windows Settings > Accounts > Access work or school, Expanding the section Connected by youremailaddress@example.com > Info button : Enrolling Devices with MDM for Windows

Make sure that you have a valid sync date/time before troubleshooting further.

  • After enabling policies on the SMP server in the Endpoint Management Workspaces section, it may take up to 60 minutes for the device to receive the policy.  This is configurable and can be changed.
    • Tip:  The policy may not show under Windows Settings > Accounts > Access work or school on the device section.  Please check the registry at the following locations:
      • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current
      • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers
    • Tip:   You can generate an Advanced Diagnostic Report by using the Create Report button found under Windows Settings > Accounts > Access work or school >Expanding the section Connected by youremailaddress@example.com > Info button.  Review the report and find the policies section.
    • Tip:  Some policies may require you to logoff and log back on to the client before they will show correctly.
    • Tip:  You can also check the table in SQL Inv_Windows_MDM_Current_Policies to see if the GUID of the endpoint is there.

Review the mdm.log on the MDM server located by default at C:\Program Files\Altiris\Altiris Agent\Agents\WMDM\MDMServer\logs.  This may help identify the root cause of any issues with enrollment or policies.

Make sure the Broadcom Windows MDM service is started and running

 

Powered by Wolken Software