Forum Discussion
Android device enrolment issue - MDM app is not being installed during the sign-in process
Hello,
We are experiencing a new issue with our Android device enrolments where the MDM app is not being installed during the sign-in process. App is configured in Android Management between our CyberArk tenant and Google domain, and user accounts are configured to do set-up for device owner enrolment.
Previous device enrolments are still working as expected, and we first noticed this issue on 13-11-2023. No changes have been made to either the CyberArk configuration/device policy or to Google Admin.
This issue is affecting all new Android device enrolments, even across Android versions (Android 10-14 affected).
Would you please able to assist to fix this issue?
Error Log:
11-24 14:35:49.411 3842 4105 I Auth : (REDACTED) [BroadcastManager] [BroadcastManager] Broadcasting bad device management=%s
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Error when fetching package info [CONTEXT service_id=343 ]
11-24 14:35:49.414 3842 4105 I Auth : sdq: Invalid package signature for app=com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : at sdr.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):190)
11-24 14:35:49.414 3842 4105 I Auth : at sdr.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):39)
11-24 14:35:49.414 3842 4105 I Auth : at sbq.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):221)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.p(:com.google.android.gms@234414022@23.44.14 (100400-580326705):34)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.q(:com.google.android.gms@234414022@23.44.14 (100400-580326705):8)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.m(:com.google.android.gms@234414022@23.44.14 (100400-580326705):11)
11-24 14:35:49.414 3842 4105 I Auth : at sss.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):610)
11-24 14:35:49.414 3842 4105 I Auth : at ssy.b(:com.google.android.gms@234414022@23.44.14 (100400-580326705):94)
11-24 14:35:49.414 3842 4105 I Auth : at ssv.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):642)
11-24 14:35:49.414 3842 4105 I Auth : at slx.h(:com.google.android.gms@234414022@23.44.14 (100400-580326705):3)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.n(:com.google.android.gms@234414022@23.44.14 (100400-580326705):284)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):1087)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.h(:com.google.android.gms@234414022@23.44.14 (100400-580326705):2)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.fe(:com.google.android.gms@234414022@23.44.14 (100400-580326705):147)
11-24 14:35:49.414 3842 4105 I Auth : at mzt.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):117)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.transact(Binder.java:949)
11-24 14:35:49.414 3842 4105 I Auth : at bdrr.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):10)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.transact(Binder.java:949)
11-24 14:35:49.414 3842 4105 I Auth : at awwb.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):147)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.execTransactInternal(Binder.java:1056)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.execTransact(Binder.java:1029)
11-24 14:35:49.414 3842 4105 I Auth : Caused by: android.content.pm.PackageManager$NameNotFoundException: com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : at android.app.ApplicationPackageManager.getPackageInfoAsUser(ApplicationPackageManager.java:275)
11-24 14:35:49.414 3842 4105 I Auth : at android.app.ApplicationPackageManager.getPackageInfo(ApplicationPackageManager.java:244)
11-24 14:35:49.414 3842 4105 I Auth : at akut.e(:com.google.android.gms@234414022@23.44.14 (100400-580326705):7)
11-24 14:35:49.414 3842 4105 I Auth : at sdr.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):16)
11-24 14:35:49.414 3842 4105 I Auth : ... 20 more
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Canceling DM notification because of DM suppression [CONTEXT service_id=343 ]
11-24 14:35:49.416 3842 4105 W Auth : [GetToken] GetToken failed with status code: ThirdPartyDeviceManagementRequired
Hi jeremy ,
We are using the following device set-up method as per the documentation "Setup devices using managed Google accounts"
Company-owned device
If you have a new or factory-reset device, add your managed Google account during device setup:
- Turn on your device.
- Follow the on-screen steps until you're prompted to enter a Google Account.
- Enter your managed Google account and password.
- Follow the on-screen steps until setup is complete.
Suddenly we saw the issue for new enrollment devices, existing enrolled devices are working fine. No changes to existing policies/configuration.
Looking forward your help, thanks!
Hi mdas86
How are you?
I have done some research into your question -
Are you receiving specific prompts when the MDM app fails to install? Is the issue with MDM app installation occurring on all devices?
One possibility is that Cyberark has undergone a password rotation, possibly due to an auto annual rotation. It might be helpful to verify the password values assigned to the Android Management account within Cyberark to ensure they match the intended password.
Additionally, it's worth checking within the Google Admin directory or identity services to confirm if the account used to set up the owner enrollment is active and free from any flags or token issues.
To troubleshoot, you could create a local account in your MDM and utilize those credentials to temporarily enroll a device. This test would help determine if the issue persists with a different set of credentials.
I hope the above helps, if you have solved the issue please let us know 😊Reece.
Hi ReeceK ,
Thanks for the update!
Are you receiving specific prompts when the MDM app fails to install? - No,
Its completing the device set-up without downloading the MDM app and after this when I tried to open Play Store app, its not connecting (account sync is not happening). Actually it should connect to see all managed apps (https://play.google.com/work/apps)
if I connect(using my test account) to https://play.google.com/work/apps in chrome browser, I could able to connect and see all managed apps without any issue.
Is the issue with MDM app installation occurring on all devices? - Yes
create a local account in your MDM - I have created test account in Google Admin with third-party integration with Android EMM, unfortunately same issue is happening
FYI - These steps have been used to download MDM app
Company-owned device
If you have a new or factory-reset device, add your managed Google account during device setup:
- Turn on your device.
- Follow the on-screen steps until you're prompted to enter a Google Account.
- Enter your managed Google account and password.
- Follow the on-screen steps until setup is complete.
Hi mdas86
Thanks for getting back to me.
I am going to go back to my colleagues and get more answers for you, the problem sounds like it might lie with the MDM app installation process or perhaps with the permissions/authentication during the installation.
Whilst I await a response on my end, have you reached out to your internal support channels of the MDM provider to investigate this matter further?.
Additionally, have you double-checked the permissions and configurations within your Google Admin console and Android EMM settings related to app installations and device management could also be beneficial in troubleshooting this issue?.
Just want to make sure that this has been looked into internally on your end, as well as here in the community.Thanks again mdas86
