Popular topics: How to contact Customer Support? How to manage legal entities using Factorial

Support Home / IT Management / Factorial IT / Mobile Device Management (MDM) / Guides & Ressources
Back

Resolve enrollment issues

Learn how to quickly and effectively resolve any enrollment issues you may encounter, ensuring a smooth and hassle-free registration process.

Table of Contents

Why This Status? During Deployment When the Device is Already Enrolled Missing or Inactive Agent Missing MDM Profile (Mac only) Identifying Partially Enrolled Devices Troubleshooting

Why This Status?

During Deployment

A device is considered partially enrolled when the enrollment process in Factorial IT (or MDM deployment) has not been fully completed. As a result, the MDM is not yet active on the device.

This can happen for several reasons:

  • The user did not complete all the enrollment steps.
  • The Fleet agent installation is incomplete (mainly on macOS).
  • The user did not stay connected long enough to complete synchronization.
  • The agent or MDM profile was uninstalled or blocked.

 

When the Device is Already Enrolled

Here are the different possible scenarios:

Missing or Inactive Agent

This status indicates that the FleetDM agent installed on the device is no longer sending data to FleetDM. 

Possible causes:

  1. The agent was uninstalled or corrupted 
    • The user or a script manually removed the agent. 
    • A system update or configuration error corrupted the installation.
  2. The agent is no longer running 
    • The osqueryd service (used by FleetDM) has stopped. 
    • The agent fails to start due to permission issues.
  3. Network or connectivity issues 
    • The device is on a network that blocks access to the FleetDM server. 
    • The device has been offline for too long, preventing the agent from reconnecting. 
    • A proxy or firewall is blocking communication between the agent and the FleetDM server.
  4. The certificate or MDM configuration has expired or is corrupted 
    • If your APN (Apple Push Notification) certificate has expired.
  5. FleetDM issue
 
 

Missing MDM Profile (Mac only)

This status indicates that the MDM profile is either missing or inactive on the device. 

Possible causes:

  1. The profile was removed by the user 
    • On macOS, an admin user can remove an unlocked MDM profile.
  2. The profile has expired or is invalid 
    • An issue with Apple Push Notification Service (APNS) may prevent the device from validating its profile. 
    • If the APNS token has expired or been revoked, the MDM profile may become invalid.
  3. The device was accidentally removed from MDM management
    • If the turn off mdm action was executed from FleetDM on the device.
 
 

 

Identifying Partially Enrolled Devices

In your Factorial IT cockpit, you can identify partially enrolled devices in two ways:

  1. The device's enrollment status provides insights into potential errors:
    1. Missing agent
    2. Missing profile
    3. Enrolled in another MDM
  2. The device appears offline even though it is actively used by an employee.

 

Troubleshooting

Here are the solutions for each situation:

  • Missing Profile (on macOS): Ask the employee to follow the detailed steps in this guide, section "Installation on macOS".
  • Missing Agent (on macOS): In the device panel, click on the device status button to remotely trigger the agent installation. If this does not work, ask the employee to log into their Factorial IT enrollment page and click on their assigned device. They can then download the agent independently.
  • Enrolled in another MDM: find here all the necessary documentation regarding migration from your previous MDM to Factorial IT: Migrate your device from another MDM
  • Offline Device: Ask the employee to re-enroll their device. You can automate this action in Settings > Remote Management > Enable Auto-Unenrollment.

Once the employee completes these actions, the device should appear as correctly enrolled in Factorial IT within 30 minutes (the synchronization period between Fleet and Factorial IT).

Save time by automating employee re-enrolment

In Settings > MDM, enable Auto-Unenrollment and select the option to automatically resend MDM invitations to employees whose devices have been purged (i.e., devices that have been offline for a certain duration).

Image

 

 

 

Was this article helpful?

Give feedback about this article

Related articles

Can’t find what you’re looking for?

Our customer care team is here for you.

Contact us

Knowledge Base Software powered by Helpjuice