KB – Device status: discovered

We all know the different device status like “Enrolled”, “Unenrolled”, “Enrollment in Progress”….
But ever heard of “Discovered”?

After some investigations and help from Sergiu Constantin, we were able to reproduce the status and found the root cause.

Basically the discovered status means, that the device was connected to UEM but now the device is blocked.

How to reproduce the discovered status?

First of all, you need to pre-register the device via serial number.
After you pre-register the device you can now enroll the device. The enrollment will work as expected and the device will show up as “Enrolled” in the console. Normally we wouldn’t touch the registration entry again BUT in case you do a bulk import for blocking devices the existing entry gets overwritten and the device gets blocked.

This means, we have a normal working device but then we blocking the devices – maybe by accident – via bulk import, then this will result in the “discovered” status.

Step by step

First – register the device via serial number

Device registered

Enroll the device

Device enrolled

Upload the CSV via Bulk import and block the device.
As you can see, the entry gets overwritten.

Device blocked via Bulk import

Device shows status “Discovered” but still managed by UEM.

Device details after block

As we can see here, the “Break the MDM Relationship” command is queued.

Break MDM command is queued

After that, the device is not able to communicate with UEM anymore.

HMAC errors showing the communication channel is broken

The HUB shows still the status as enrolled – so there is no identification that the connection is broken

HUB does not show any information that the connection is broken

The HUB logs are showing a HMAC Authentication failed error

{"@t":"2021-10-06T15:19:56.8880021Z","@mt":"Hmac retrieval with OTA from Installer Argument failed : SOURCE: [AgentSideLoad], ERROR_CODE: [2012], ERROR_MESSAGE: HMAC Authentication failed., ERROR_RESPONSE: Authentication status : Failed, Description : Failed, Status-Code : AUTH-1005","@l":"Error","SourceContext":"AW.Win32.Unified.Hmac.HmacHelper","ThreadId":3,"ProcessId":6228,"ProcessName":"AWProcessCommands","MachineName":"AUTOPILOT-86"}
{"@t":"2021-10-06T15:19:56.8880021Z","@mt":"Hmac recovery from recovery token failed","@l":"Error","SourceContext":"AW.Win32.AWCommandBusiness.RequestHandler","ThreadId":1,"ProcessId":6228,"ProcessName":"AWProcessCommands","MachineName":"AUTOPILOT-86"}

While the OMA DM still sends data:

<SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncHdr>
    <VerDTD>1.2</VerDTD>
    <VerProto>DM/1.2</VerProto>
    <SessionID>43</SessionID>
    <MsgID>1</MsgID>
    <Target>
      <LocURI>https://ds137.awmdm.com/DeviceServices/Dm.svc/token/Kw8zb</LocURI>
    </Target>
    <Source>
      <LocURI>E9A2B93C11502B4A857FB41112F43B97</LocURI>
    </Source>
  </SyncHdr>
  <SyncBody>
    <Alert>
      <CmdID>2</CmdID>
      <Data>1201</Data>
    </Alert>
    <Alert>
      <CmdID>3</CmdID>
      <Data>1224</Data>
      <Item>
        <Meta>
          <Type xmlns="syncml:metinf">com.microsoft/MDM/LoginStatus</Type>
        </Meta>
        <Data>user</Data>
      </Item>
    </Alert>
    <Alert>
      <CmdID>4</CmdID>
      <Data>1224</Data>
      <Item>
        <Meta>
          <Type xmlns="syncml:metinf">com.microsoft/MDM/AADUserToken</Type>
        </Meta>
        <Data>eyJ0eXAiOiJKV1QiLCJhya3MuZGUiLCJ1dGkiOiI2em05alJHQ3pFS0MwNUN2w3nl30FyzK5AGyzionnlxFDw</Data>
      </Item>
    </Alert>
    <Replace>
      <CmdID>5</CmdID>
      <Item>
        <Source>
          <LocURI>./DevInfo/DevId</LocURI>
        </Source>
        <Data>E9A2B93C11502B4A857FB41112F43B97</Data>
      </Item>
      <Item>
        <Source>
          <LocURI>./DevInfo/Man</LocURI>
        </Source>
        <Data>Microsoft Corporation</Data>
      </Item>
      <Item>
        <Source>
          <LocURI>./DevInfo/Mod</LocURI>
        </Source>
        <Data>Virtual Machine</Data>
      </Item>
      <Item>
        <Source>
          <LocURI>./DevInfo/DmV</LocURI>
        </Source>
        <Data>1.3</Data>
      </Item>
      <Item>
        <Source>
          <LocURI>./DevInfo/Lang</LocURI>
        </Source>
        <Data>en-US</Data>
      </Item>
    </Replace>
    <Final />
  </SyncBody>
</SyncML>

Overall the device itself acts like nothing happened – but its not actively managed anymore.
Even if you “unblock” the device again, the device will not be able to re-establish the connection again.

How to fix it?

Uninstallation of the HUB + reinstallation / reenrollment of the device.
Unfortunately there is no other option to get the device working again.

Written by
+ posts

Empowering customers in client management since 2012.
Empowering customers in modern management since 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

BCF Shop Theme By aThemeArt.
BACK TO TOP