KB – Device status: discovered
We all know the different device status like “Enrolled”, “Unenrolled”, “Enrollment in Progress”….
But ever heard of “Discovered”?
After some investigations and help from Sergiu Constantin, we were able to reproduce the status and found the root cause.
Basically the discovered status means, that the device was connected to UEM but now the device is blocked.
How to reproduce the discovered status?
First of all, you need to pre-register the device via serial number.
After you pre-register the device you can now enroll the device. The enrollment will work as expected and the device will show up as “Enrolled” in the console. Normally we wouldn’t touch the registration entry again BUT in case you do a bulk import for blocking devices the existing entry gets overwritten and the device gets blocked.
This means, we have a normal working device but then we blocking the devices – maybe by accident – via bulk import, then this will result in the “discovered” status.
Step by step
First – register the device via serial number
Enroll the device
Upload the CSV via Bulk import and block the device.
As you can see, the entry gets overwritten.
Device shows status “Discovered” but still managed by UEM.
As we can see here, the “Break the MDM Relationship” command is queued.
After that, the device is not able to communicate with UEM anymore.
The HUB shows still the status as enrolled – so there is no identification that the connection is broken
The HUB logs are showing a HMAC Authentication failed error
{"@t":"2021-10-06T15:19:56.8880021Z","@mt":"Hmac retrieval with OTA from Installer Argument failed : SOURCE: [AgentSideLoad], ERROR_CODE: [2012], ERROR_MESSAGE: HMAC Authentication failed., ERROR_RESPONSE: Authentication status : Failed, Description : Failed, Status-Code : AUTH-1005","@l":"Error","SourceContext":"AW.Win32.Unified.Hmac.HmacHelper","ThreadId":3,"ProcessId":6228,"ProcessName":"AWProcessCommands","MachineName":"AUTOPILOT-86"}
{"@t":"2021-10-06T15:19:56.8880021Z","@mt":"Hmac recovery from recovery token failed","@l":"Error","SourceContext":"AW.Win32.AWCommandBusiness.RequestHandler","ThreadId":1,"ProcessId":6228,"ProcessName":"AWProcessCommands","MachineName":"AUTOPILOT-86"}
While the OMA DM still sends data:
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncHdr>
<VerDTD>1.2</VerDTD>
<VerProto>DM/1.2</VerProto>
<SessionID>43</SessionID>
<MsgID>1</MsgID>
<Target>
<LocURI>https://ds137.awmdm.com/DeviceServices/Dm.svc/token/Kw8zb</LocURI>
</Target>
<Source>
<LocURI>E9A2B93C11502B4A857FB41112F43B97</LocURI>
</Source>
</SyncHdr>
<SyncBody>
<Alert>
<CmdID>2</CmdID>
<Data>1201</Data>
</Alert>
<Alert>
<CmdID>3</CmdID>
<Data>1224</Data>
<Item>
<Meta>
<Type xmlns="syncml:metinf">com.microsoft/MDM/LoginStatus</Type>
</Meta>
<Data>user</Data>
</Item>
</Alert>
<Alert>
<CmdID>4</CmdID>
<Data>1224</Data>
<Item>
<Meta>
<Type xmlns="syncml:metinf">com.microsoft/MDM/AADUserToken</Type>
</Meta>
<Data>eyJ0eXAiOiJKV1QiLCJhya3MuZGUiLCJ1dGkiOiI2em05alJHQ3pFS0MwNUN2w3nl30FyzK5AGyzionnlxFDw</Data>
</Item>
</Alert>
<Replace>
<CmdID>5</CmdID>
<Item>
<Source>
<LocURI>./DevInfo/DevId</LocURI>
</Source>
<Data>E9A2B93C11502B4A857FB41112F43B97</Data>
</Item>
<Item>
<Source>
<LocURI>./DevInfo/Man</LocURI>
</Source>
<Data>Microsoft Corporation</Data>
</Item>
<Item>
<Source>
<LocURI>./DevInfo/Mod</LocURI>
</Source>
<Data>Virtual Machine</Data>
</Item>
<Item>
<Source>
<LocURI>./DevInfo/DmV</LocURI>
</Source>
<Data>1.3</Data>
</Item>
<Item>
<Source>
<LocURI>./DevInfo/Lang</LocURI>
</Source>
<Data>en-US</Data>
</Item>
</Replace>
<Final />
</SyncBody>
</SyncML>
Overall the device itself acts like nothing happened – but its not actively managed anymore.
Even if you “unblock” the device again, the device will not be able to re-establish the connection again.
How to fix it?
Uninstallation of the HUB + reinstallation / reenrollment of the device.
Unfortunately there is no other option to get the device working again.
Empowering customers in client management since 2012.
Empowering customers in modern management since 2018.