Lab 4: Troubleshooting Endpoints

Objective and Tasks

Resolve various problems related to enrollment and endpoints:

  1. Restore Device Enrollment with Directory Accounts
  2. Verify Device Communication with the Workspace ONE UEM Console
  3. Enable Targeted Logging for Devices

Task 1: Restore Device Enrollment with Directory Accounts

Scenario: After importing a directory user account to enroll a new device into the Asia Pacific Japan organization group (OG), the user received an Invalid User Credentials error message.

 

In the Workspace ONE UEM environment, you verified that AirWatch Cloud Connector and directory services are connected, and you verified that enrollment with directory user accounts works for the North America OG.


You help the administrator troubleshoot an endpoint enrollment issue in the Asia Pacific Japan OG.

  1. From the lab environment interface, log into the uem-01a VM.
    • Username: techseals\administrator
    • Password: Pa$$w0rd
  2. Open the Workspace ONE UEM administration console.
    1. On the uem-01a VM Windows taskbar, click the Google Chrome icon.
    2. From the bookmarks bar, select UEM.
      You can also enter https://wsone.techseals.co/AirWatch in the address bar to access the console page.
    3. Log in to Workspace ONE UEM:
      • User name: admin
      • Password: Pa$$w0rd
  3. On the Workspace ONE UEM console menu bar, select Asia Pacific Japan from the Organization Group drop-down menu.
  4. In the navigation pane on the left, select Groups & Settings > All Settings > Devices & Users > General > Enrollment.
  5. On the Authentication tab, make sure that Override is selected for Current Setting.
  6. Next to Authentication Mode(s), select the Directory check box.
  7. Scroll down and click Save.
  8. Click x in the upper-right corner to close the Settings dialog box.
  9. Connect to the w11Client-02a VM.
  10. Log in with the
    1. User: Nancy
    2. Password: Pa$$w0rd
  11. On the w11Client-02a desktop, double click the Workspace ONE Intelligent Hub icon in the Taskbar or search for Intelligent Hub in the start menu.
    The Workspace ONE Intelligent Hub application should open with an Email or Server Address prompt.
NOTE
If the Intelligent Hub application does not load the enrollment screen or does not display correctly, you go to Start > Settings > Apps > Apps & features to uninstall the Workspace ONE Intelligent Hub and Workspace ONE Intelligent Hub Installer applications.
After the applications are uninstalled, you go to https://getwsone.com in a web browser to download and install the latest version of the Workspace ONE Intelligent Hub application installer.
  1. If you receive a prompt from the User Account Control to permit the application to change the w11Client-02a VM, click Yes.
  2. Configure the Workspace ONE UEM settings in the Workspace ONE Intelligent Hub application.
    1. Enter wsone.techseals.co in the Email or Server Address text box.
    2. Click Next.
    3. Enter APAC in the Group ID text box.
    4. Click Next.
  3. Log in to Workspace ONE Intelligent Hub.
    1. User name: Nancy
    2. Password: Pa$$w0rd
      You are authenticated and the Workspace ONE Intelligent Hub application begins enrolling the device.
NOTE 
The enrollment process can take up to 5 minutes to finish.
  1. Click Not Now on the Want an even better experience? page.
  2. Click Done when the Congratulations message appears.
  3. Click Get Started on the Hello, Nancy window.

Task 2: Verify Device Communication with the Workspace ONE UEM Console

You perform a manual device synchronization on the newly enrolled Windows endpoint.

  1. Open the Workspace ONE UEM administration console.
    1. On the uem-01a Windows taskbar, click the Google Chrome icon.
    2. If prompted, log in to Workspace ONE UEM.
      • Username: admin
      • Password: Pa$$w0rd
  2. On the menu bar, select Asia Pacific Japan from the Organization Group drop-down menu.
  3. In the navigation pane on the left, select Devices > Devices.
  4. Locate the newly enrolled Windows endpoint. for Nancy
  5. Verify that the value under the Last Seen column is less than 5 minutes.
  6. If the Last Seen value is greater than 5 minutes, force a synchronization from the Windows endpoint.
    1. Switch to the w11Client-02a VM.
    2. On the w11Client-02a VM desktop, double-click the Workspace ONE Intelligent Hub shortcut.
    3. In the Workspace ONE Intelligent Hub window, click on Nancy at the bottom-left of the screen.
    4. Click Sync Device.
  7. Return to the uem-01a Windows VM, and go back to the Workspace ONE UEM Admin console.
  8. In the navigation pane on the left, select Devices > Devices.
  9. If the Last Seen value did not update, refresh the Workspace ONE UEM Admin console page.
  10. Verify that the Last Seen value of the enrolled Windows device is less than 5 minutes.

Task 3: Enable Targeted Logging for Devices

Scenario: Recently, latency is being reported for the enrolled device of user Craig. Profiles and applications take too much time to download and install, and the device's status is not reported to Workspace ONE UEM in a timely manner. So far, this enrolled device is the only one with this problem.


Root cause: Because only one device is having the latency problem, the issue is most likely specific to the affected device.


You enable Targeted Logging for the affected device.

  1. Open the Workspace ONE UEM administration console.
    1. On the uem-01a Windows taskbar, click the Google Chrome icon.
    2. If prompted, log in to Workspace ONE UEM.
      • User name: admin
      • Password: Pa$$w0rd
  2. On the Workspace ONE UEM console menu bar, select Techseals from the Organization Group drop-down menu.
  3. In the navigation pane on the left, select Devices > Devices.
  4. On the Devices List View page, click the Craig W11CLIENT-01A hyperlink.
    The Details View for the device appears.
  5. Click on More from the drop-down tab, select Targeted Logging.
    The Targeted Device Logging page appears.
  6. Enable Targeted Logging for the selected Windows device for 1 hour.
    1. Click the CREATE NEW LOG button.
    2. Select 1 Hour.
    3. Click Start.
      Targeted Logging is started for the selected device for 1 hour. The Targeted Logging stops after 1 hour or after you click Stop.
      After Targeted Logging stops, a log file is generated on the UEM Device Services server:
      • If your Workspace ONE UEM console is SaaS hosted, you must contact the support team to retrieve the targeted log for you.
      • If your Workspace ONE UEM console is hosted on-premises, you can collect the targeted log from the Device Services server by navigating to the UEM_installation_path\Logs\Targeted Logging folder.
  7. Close Google Chrome.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.