This section lists common issues encountered with Mobile Device Manager (MDM) software distribution. You use MDM Software Distribution Console to view the status of software distribution on individual managed devices and run reports. To enable logging on software distribution, use the MDM Connect Now tool. In this tool, select Menu, select Logging, select Enable Alerter Log, and then select Software Distribution.
The DeviceUpdate.log file is located in the root directory. For
more information about the MDM Connect Now tool, please visit the
MDM Resource Kit Tools page at this Microsoft Web site:
File Signature Verification Failed when You Create a Signed .Cab File
This error indicates that the computer that is running the console does not have the required public certificate to sign the .Cab file in the root certificate store. The certificate that you use to sign the .Cab file must be trusted by the following:
- The computer that is running MDM Software Distribution Console
- MDM Device Management Server
Therefore, the public certificate must be in the root store of these computers.
To publish updates, make sure that the system (and not just the logged-on user) trusts the signature on the .Cab files. If you run the software distribution console on a separate computer, then follow these steps on both computers: the one with the console and the Device Management/WSUS server.
- Install the root certificate into the
Trusted Root Certificate Authoritiesstore on the Device
Management/WSUS server and the computer running the software
distribution console, if different.
- Install the public certificate used to sign the .Cab file into
the
Trusted Publisherscertificate store on the Device
Management/WSUS server and the computer running the software
distribution console, if different.
For more information about signing .Cab files, see the
Signing CAB Files in Packagestopic at this Microsoft Web
site:
Distributed Application Does Not Appear Under Installed Software
After distributing an application, if it does not appear in MDM Software Distribution Console on the Installed Softwaretab on the device, it is likely because you must update the inventory collection.
To view the distributed packages on the Installed Softwaretab quickly, run the following MDM Shell cmdlet to view a list of objects for which you can set the collection frequency:
Copy Code | |
---|---|
Get-InventoryItem | format-list |
To set the collection frequency of the device inventory collection item to Every Connect, run the following command:
Copy Code | |
---|---|
Set-InventoryItem -identity “InstalledApplications” -collectionfrequency “EveryConnect" |
Package Installation Fails
If the device is physically accessible, check the failure code in the Managed ProgramsUI on the device.
- Verify that the device can contact MDM Device Management
Server:
- Start Internet Explorer on the device, and type the URL to MDM
Device Management Server (including "
:8530
", where 8530 is the port number assigned to WSUS). For
example:
http(s)://<DeviceManagementServer FQDN>:8530/Content.
- If the device can contact the Device Management/WSUS server,
then the browser should respond with the
Directory Listing Denied
message.
- Start Internet Explorer on the device, and type the URL to MDM
Device Management Server (including "
:8530
", where 8530 is the port number assigned to WSUS). For
example:
http(s)://<DeviceManagementServer FQDN>:8530/Content.
- If the device cannot resolve the page, check the following:
- The WSUS Web site cannot be installed under the Default Web
site.
- The WSUS Web site must be configured to use port 8530 and 8531.
- The WSUS Web site cannot be installed under the Default Web
site.
- Verify that the file is located on the server.
- Open the Software Distribution console, select
Packages, and then select the specific package. Or, locate
the share that holds the files, and browse to the specific .Cab
file.
- The console shows the package status, including the number of
devices with the package installed. If you receive a text box
stating that the credentials need to be verified, then the file is
no longer present on the server. To resolve this issue, add the
public root and signing certificate that belong with the package to
the Device Management Server (and console computer, if different),
and then re-publish the package.
- Install the root certificate into the
Trusted Root Certificate Authoritiesstore on the Device
Management/WSUS server and the computer running the software
distribution console, if different.
- Install the public certificate used to sign the .Cab file into
the
Trusted Publisherscertificate store on the Device
Management/WSUS server and the computer running the software
distribution console, if different.
- Open the Software Distribution console, select
Packages, and then select the specific package. Or, locate
the share that holds the files, and browse to the specific .Cab
file.
- Verify that the device can reach and download the .Cab file,
and that the .Cab file is correctly signed.
- The device should prompt the user to download or open the .Cab
file.
- When the user selects
Open, the .Cab file should install.
- If the device cannot find the .Cab file, then it probably does
not exist on the Device Management Server. Follow step 3 to verify
the file.
- If the device successfully downloads the .Cab file but does not
install it, then the .Cab file is either broken, not meant for the
device type (standard, professional, or classic), or the Windows
Mobile version on the device does not have the public root and
public code signing certificates installed in the appropriate
stores. You must import and install the .cer file for the managed
Windows Mobile powered device in the SPC store and in the
Privileged Execution Trust Authoritiesstore. You can perform
this import through the Group Policy Management Console (GPMC) on a
computer or server that has the Group Policy Extensions installed.
- The device should prompt the user to download or open the .Cab
file.