Understanding Symantec VIP Push Notification Delays: Common Causes and Troubleshooting Guidelines
search cancel

Understanding Symantec VIP Push Notification Delays: Common Causes and Troubleshooting Guidelines

book

Article ID: 402645

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Users may occasionally experience delays in receiving push notifications from the Symantec VIP Service even when the VIP push service itself is fully operational. These delays can hinder timely access, especially when using VIP-based MFA for sensitive systems such as VPN, Windows logon, or web applications.

This article explains possible causes, recommends actions for end-users, and outlines steps to collect diagnostic data to assist the Broadcom support team in deeper analysis.

Environment

VIP Service (Push notifications)

Cause

Possible Causes of Push Notification Delays (When VIP Push Service is Operating Normally):

  1. Device Network Connectivity:

    • The mobile device is on a weak Wi-Fi or cellular network.

    • Background data restrictions or VPNs on the mobile device may block the push notification.

    • Device is in Do Not Disturb or Airplane mode.

  2. Battery Optimization or App Throttling:

    • Power-saving settings or battery optimization can delay app notifications, especially on Android devices.

    • The VIP Access app may be restricted from running in the background.

  3. Push Token/credential Expiry or Device Reconfiguration:

    • The push token used for routing notifications may have expired or become invalid (e.g., after device OS update or reinstalling the app).

  4. Time Skew Between Server and Device:

    • Significant time mismatch between the endpoint and VIP servers can impact OTP or push-based authentication.

  5. Firewall/Proxy Interruption:

    • Firewalls or outbound proxy configurations may delay or block mobile device traffic to Apple/Google push notification services or VIP endpoints.

Resolution

What Users Can Do When Experiencing Delays:

  • Basic Troubleshooting:

    • Switch between mobile data and Wi-Fi to rule out local network issues.

    • Confirm the VIP Access app is allowed to run in the background and not battery-optimized.

    • Restart the mobile device and ensure it's connected to the internet.

    • Test the Push functionality by visiting https://vip.symantec.com. If no delays are encountered here, the delays are likely related to your setup, environment, or network configuration.

  • Device & App Checks:

    • Check for OS updates or VIP Access app updates.

    • Verify the VIP Access app has notification access enabled on the user's mobile device.

    • If issue persists, uninstall and reinstall the VIP Access app.

  • Confirm Server Reachability:

    • Ensure your mobile device can reach:

      • VIP Cloud (e.g., https://vip.symantec.com)

      • Apple Push Notification Service (APNS)

      • Google Firebase Cloud Messaging (FCM)

When to Contact Support and What to Share:

To assist Broadcom Support in diagnosing push delay issues, please capture the following data at the time of issue:

  1. JHASH or Username:
    The account/credential ID used at the time of the push request.

  2. Approximate Timestamp:
    Exact time (with time zone) when the push was initiated and when it was received (if delayed).

  3. Mobile Device Details:

    • Device model and OS version

    • VIP Access app version

    • Network type (Wi-Fi, LTE, 5G, etc.)

  4. Screenshot or screen recording of the delay behavior, if reproducible.

Additional Information

Advanced Options:

  • Avoiding BCP Risks: If delays are consistent and impact business-critical workflows, we recommend enabling Business Continuity Mode (BCP) as a temporary fallback (where applicable). However, setting the BCP mode to 'enabled' could create a risky scenario since all cloud MFA is interrupted.

    To obtain similar results without disrupting MDA (Managed Device Authentication), you can disable VIP Push Authentication in the Validation Server settings. If Access Challenge is enabled, this will force the user to enter the OTP manually and remove PUSH from the flow.

  • Review Validation Server Logs: Enable debug logging and review logs around the time of the delay.

  • Mobile Device Testing: Confirm if the delay is reproducible across multiple devices and/or mobile networks.

Additional information:

Powered by Wolken Software