Forum Discussion
Android device enrolment issue - Third party MDM app is not being installed during the sign-in process
Hello Android Enterprise Team,
We are experiencing a new issue with our Android device enrolments where the third-party MDM app(CyberArk MDM App) is not being installed during the sign-in process. App is configured in Android Management between our CyberArk tenant and Google domain, and user accounts are configured to do set-up for device owner enrolment.
Previous device enrolments are still working as expected, and we first noticed this issue on 13-11-2023. No changes have been made to either the CyberArk configuration/device policy or to Google Admin.
This issue is affecting all new Android device enrolments, even across Android versions (Android 10-14 affected).
Could you please help to fix this issue?
Thanks in advance
Error Log:
11-24 14:35:49.411 3842 4105 I Auth : (REDACTED) [BroadcastManager] [BroadcastManager] Broadcasting bad device management=%s
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Error when fetching package info [CONTEXT service_id=343 ]
11-24 14:35:49.414 3842 4105 I Auth : sdq: Invalid package signature for app=com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : at sdr.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):190)
11-24 14:35:49.414 3842 4105 I Auth : at sdr.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):39)
11-24 14:35:49.414 3842 4105 I Auth : at sbq.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):221)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.p(:com.google.android.gms@234414022@23.44.14 (100400-580326705):34)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.q(:com.google.android.gms@234414022@23.44.14 (100400-580326705):8)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.m(:com.google.android.gms@234414022@23.44.14 (100400-580326705):11)
11-24 14:35:49.414 3842 4105 I Auth : at sss.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):610)
11-24 14:35:49.414 3842 4105 I Auth : at ssy.b(:com.google.android.gms@234414022@23.44.14 (100400-580326705):94)
11-24 14:35:49.414 3842 4105 I Auth : at ssv.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):642)
11-24 14:35:49.414 3842 4105 I Auth : at slx.h(:com.google.android.gms@234414022@23.44.14 (100400-580326705):3)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.n(:com.google.android.gms@234414022@23.44.14 (100400-580326705):284)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):1087)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.h(:com.google.android.gms@234414022@23.44.14 (100400-580326705):2)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.fe(:com.google.android.gms@234414022@23.44.14 (100400-580326705):147)
11-24 14:35:49.414 3842 4105 I Auth : at mzt.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):117)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.transact(Binder.java:949)
11-24 14:35:49.414 3842 4105 I Auth : at bdrr.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):10)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.transact(Binder.java:949)
11-24 14:35:49.414 3842 4105 I Auth : at awwb.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):147)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.execTransactInternal(Binder.java:1056)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.execTransact(Binder.java:1029)
11-24 14:35:49.414 3842 4105 I Auth : Caused by: android.content.pm.PackageManager$NameNotFoundException: com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : at android.app.ApplicationPackageManager.getPackageInfoAsUser(ApplicationPackageManager.java:275)
11-24 14:35:49.414 3842 4105 I Auth : at android.app.ApplicationPackageManager.getPackageInfo(ApplicationPackageManager.java:244)
11-24 14:35:49.414 3842 4105 I Auth : at akut.e(:com.google.android.gms@234414022@23.44.14 (100400-580326705):7)
11-24 14:35:49.414 3842 4105 I Auth : at sdr.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):16)
11-24 14:35:49.414 3842 4105 I Auth : ... 20 more
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Canceling DM notification because of DM suppression [CONTEXT service_id=343 ]
11-24 14:35:49.416 3842 4105 W Auth : [GetToken] GetToken failed with status code: ThirdPartyDeviceManagementRequired
Hi mdas,
i recommend to investigate this with your 3rd party MDM (CyberArk).
Thanks for the update!
3rd party MDM is already available in https://androidenterprisepartners.withgoogle.com/emm
This is working fine for existing user who already enrolled to their devices. All of a sudden, this stops working for new users who tries to enroll in device owner mode. Not able to download the third-party MDM app during sgin-in process.
These are the steps, we are using to download MDM app during device owner mode set-up
Company-owned device
If you have a new or factory-reset device, add your managed Google account during device setup:
- Turn on your device.
- Follow the on-screen steps until you're prompted to enter a Google Account.
- Enter your managed Google account and password.
- Follow the on-screen steps until setup is complete.
https://androidenterprisepartners.withgoogle.com/emm/
These are the steps, we are using to download MDM app during device owner mode set-up
Company-owned device
If you have a new or factory-reset device, add your managed Google account during device setup:
- Turn on your device.
- Follow the on-screen steps until you're prompted to enter a Google Account.
- Enter your managed Google account and password.
- Follow the on-screen steps until setup is complete.
Hi mdas,
i personally don't know about an management enrollment using a managed Google Account.
Also on the website of Cyber ark these are the enrollment methods to be used:
SMS
Enter your phone number (including the country code and area code), and then click Send. CyberArk Identity sends an SMS message to your device with links to the CyberArk Identity mobile app.
Email
Enter an email address that is accessible from your mobile device, and then click Send. CyberArk Identity sends an email with links to the CyberArk Identity mobile app.
QR code
Scan the QR code
Direct link
Click the link to the appropriate app store for your device. If you are signed in to your Google or Apple account in your browser as well as on your device, you can install the CyberArk Identity mobile app from your desktop browser.
Nothing about a managed Google account. What kind of enrollment you try to do? BYOD, COBO or COPE?
Hi Moombas ,
Thanks for update!
Company owned devices which was enrolling with following steps as per Google documentation
If you have a new or factory-reset device, add your managed Google account during device setup:
- Turn on your device.
- Follow the on-screen steps until you're prompted to enter a Google Account.
- Enter your managed Google account and password.
- Follow the on-screen steps until setup is complete.
With the above steps, it is expected to download the third-party MDM app and complete the enrolment which is not happening.
Hi jeremy ,
I am from CyberArk need Android Enterprise Team help to troubleshoot this issue.
The authentication is failed in android package itself and not able to sync the account in PlayStore app, please see the following error log:
11-24 14:35:49.414 3842 4105 I Auth : sdq: Invalid package signature for app=com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Canceling DM notification because of DM suppression [CONTEXT service_id=343 ]
11-24 14:35:49.416 3842 4105 W Auth : [GetToken] GetToken failed with status code: ThirdPartyDeviceManagementRequiredThe MDM app stops working suddenly without any changes to configuration whereas the existing enrolled devices are working as expected.
Would like to understand if any changes to Android Enterprise policies? or why it is not able to sync the Google managed account from PlayStore?
Thank your patience!
So if you're from CyberArk you should post your question and open a support ticket in the dedicated EMM Support Community where you have access to Android Engineers.
Hi mdas,
I'm a bit scared that you seem to have bought a product and want to do administration to it but just can't find the relevant support information which requires maximum 1 minute to find via Google search and their website:
Hey mdas86 ,
Hope you're doing well!
Just going through the replies to catch up on the thread. Sorry to hear you're having trouble setting up your Android device. As mentioned before, reaching out to your EMM support and opening a ticket could be a good move.
If that doesn't do the trick, feel free to drop an update here so we can help out more. If you find a solution, it'd be awesome to hear about it!
Thanks, Reece.
