Skip to main content

GravityZone policy and tasks not getting applied on iOS

This article helps you troubleshoot the issue with the BitdefenderGravityZone configuration policy/profile and tasks not getting applied on iOS devices.

The issue can be noticed with managed iOS devices, immediately after installing and activating GravityZone Mobile Client, or sometimes at a later time, and manifests as follows:

29887_1.png
  • GravityZone Mobile Client displays an issue about the currently assigned policy not being active on the iOS device.

  • In GravityZoneControl Center, in the Mobile Device Details window of the iOS device, the policy is marked as pending, even though the device is connected to the Internet and should be able to receive the policy.

  • Tasks run from Control Center on iOS devices do not work, even though the devices are connected to the Internet and should be able to receive tasks.

The issue is usually related to the Apple Push Notifications system. Whenever there's a new policy update or task to be applied to an iOS device, the GravityZone MDM system sends a push notification to the device, via the Apple Push Notifications servers, to trigger synchronization. Upon receiving the push notification, the device synchronizes with the GravityZone MDM server to receive the latest policy or task. If the push notification cannot be sent or is lost, the policy/task does not get applied.

Refer to the following table for information on troubleshooting the issue.

Possible cause

Solution

Apple Push Notifications service (APNs) certificate has not been configured, has expired or is invalid. Consequently, Control Center is unable to send push notifications via the APNs servers.

Check APNs certificate status in Control Center > Configuration > Certificates (company administrator privilege is required). If everything seems ok with the certificate, but none of the subsequent solutions work, you might want to generate a new APNs certificate.

The ports used to communicate with APNs (2195, 2196, 5223) are blocked by a firewall or gateway.

Note

Ports 2195 and 2196 are used by the communication server appliance to communicate with the APNs servers. Port 5223 is used by managed iOS devices to communicate with the APNs servers over Wi-Fi in specific conditions. For more information, refer to this Apple KB article.

Make sure the APNs ports are allowed.

Note

Ports 2195 and 2196 must be open for outgoing connections.

An issue with the APNs system might cause the push notification to get lost or delayed. Note that sometimes the APNs server might be busy, resulting in push notifications being delayed.

Check again after a few hours to see if the issue still occurs.

Overview

The issue can be noticed with managed iOS devices, immediately after installing and activating GravityZone Mobile Client or sometimes at a later time, and manifests as follows:

  • GravityZone Mobile Client displays an issue about the currently assigned policy not being active on the iOS device.

  • In GravityZoneControl Center, in the Mobile Device Details window of the iOS device, the policy is marked as pending, even though the device is connected to the Internet and should be able to receive the policy.

  • Tasks run from Control Center on iOS devices do not work, even though the devices are connected to the Internet and should be able to receive tasks.

29887_1.png

Troubleshooting

The issue is usually related to the Apple Push Notifications system. Whenever there's a new policy update or task to be applied to an iOS device, the GravityZone MDM system sends a push notification to the device, via the Apple Push Notifications servers, to trigger synchronization. Upon receiving the push notification, the device synchronizes with the GravityZone MDM server to receive the latest policy or task. If the push notification cannot be sent or is lost, the policy/task does not get applied.

Refer to the following table for information on troubleshooting the issue.

Possible cause

Solution

Apple Push Notifications service (APNs) certificate has not been configured, has expired or is invalid. Consequently, Control Center is unable to send push notifications via the APNs servers.

Check APNs certificate status in Control Center > Configuration > Certificates (company administrator privilege is required). If everything seems ok with the certificate, but none of the subsequent solutions work, you might want to generate a new APNs certificate.

The ports used to communicate with APNs (2195, 2196, 5223) are blocked by a firewall or gateway.

Note

Ports 2195 and 2196 are used by the communication server appliance to communicate with the APNs servers. Port 5223 is used by managed iOS devices to communicate with the APNs servers over Wi-Fi in specific conditions. For more information, refer to this Apple KB article.

Make sure the APNs ports are allowed.

Note

Ports 2195 and 2196 must be open for outgoing connections.

An issue with the APNs system might cause the push notification to get lost or delayed. Note that sometimes the APNs server might be busy, resulting in push notifications being delayed.

Check again after a few hours to see if the issue still occurs.