Android device enrolment issue - Third party MDM app is not being installed during the sign-in process
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2024 07:34 AM
Hello Android Enterprise Team,
We are experiencing a new issue with our Android device enrolments where the third-party MDM app(CyberArk MDM App) is not being installed during the sign-in process. App is configured in Android Management between our CyberArk tenant and Google domain, and user accounts are configured to do set-up for device owner enrolment.
Previous device enrolments are still working as expected, and we first noticed this issue on 13-11-2023. No changes have been made to either the CyberArk configuration/device policy or to Google Admin.
This issue is affecting all new Android device enrolments, even across Android versions (Android 10-14 affected).
Could you please help to fix this issue?
Thanks in advance
Error Log:
11-24 14:35:49.411 3842 4105 I Auth : (REDACTED) [BroadcastManager] [BroadcastManager] Broadcasting bad device management=%s
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Error when fetching package info [CONTEXT service_id=343 ]
11-24 14:35:49.414 3842 4105 I Auth : sdq: Invalid package signature for app=com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : at sdr.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):190)
11-24 14:35:49.414 3842 4105 I Auth : at sdr.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):39)
11-24 14:35:49.414 3842 4105 I Auth : at sbq.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):221)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.p(:com.google.android.gms@234414022@23.44.14 (100400-580326705):34)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.q(:com.google.android.gms@234414022@23.44.14 (100400-580326705):8)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.m(:com.google.android.gms@234414022@23.44.14 (100400-580326705):11)
11-24 14:35:49.414 3842 4105 I Auth : at sss.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):610)
11-24 14:35:49.414 3842 4105 I Auth : at ssy.b(:com.google.android.gms@234414022@23.44.14 (100400-580326705):94)
11-24 14:35:49.414 3842 4105 I Auth : at ssv.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):642)
11-24 14:35:49.414 3842 4105 I Auth : at slx.h(:com.google.android.gms@234414022@23.44.14 (100400-580326705):3)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.n(:com.google.android.gms@234414022@23.44.14 (100400-580326705):284)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):1087)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.h(:com.google.android.gms@234414022@23.44.14 (100400-580326705):2)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.fe(:com.google.android.gms@234414022@23.44.14 (100400-580326705):147)
11-24 14:35:49.414 3842 4105 I Auth : at mzt.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):117)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.transact(Binder.java:949)
11-24 14:35:49.414 3842 4105 I Auth : at bdrr.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):10)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.transact(Binder.java:949)
11-24 14:35:49.414 3842 4105 I Auth : at awwb.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):147)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.execTransactInternal(Binder.java:1056)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.execTransact(Binder.java:1029)
11-24 14:35:49.414 3842 4105 I Auth : Caused by: android.content.pm.PackageManager$NameNotFoundException: com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : at android.app.ApplicationPackageManager.getPackageInfoAsUser(ApplicationPackageManager.java:275)
11-24 14:35:49.414 3842 4105 I Auth : at android.app.ApplicationPackageManager.getPackageInfo(ApplicationPackageManager.java:244)
11-24 14:35:49.414 3842 4105 I Auth : at akut.e(:com.google.android.gms@234414022@23.44.14 (100400-580326705):7)
11-24 14:35:49.414 3842 4105 I Auth : at sdr.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):16)
11-24 14:35:49.414 3842 4105 I Auth : ... 20 more
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Canceling DM notification because of DM suppression [CONTEXT service_id=343 ]
11-24 14:35:49.416 3842 4105 W Auth : [GetToken] GetToken failed with status code: ThirdPartyDeviceManagementRequired
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2024 11:01 PM
Hi mdas,
i recommend to investigate this with your 3rd party MDM (CyberArk).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2024 08:51 AM - edited 02-02-2024 08:56 AM
Thanks for the update!
3rd party MDM is already available in https://androidenterprisepartners.withgoogle.com/emm
This is working fine for existing user who already enrolled to their devices. All of a sudden, this stops working for new users who tries to enroll in device owner mode. Not able to download the third-party MDM app during sgin-in process.
These are the steps, we are using to download MDM app during device owner mode set-up
Company-owned device
If you have a new or factory-reset device, add your managed Google account during device setup:
- Turn on your device.
- Follow the on-screen steps until you're prompted to enter a Google Account.
- Enter your managed Google account and password.
- Follow the on-screen steps until setup is complete.
https://androidenterprisepartners.withgoogle.com/emm/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2024 08:45 AM
These are the steps, we are using to download MDM app during device owner mode set-up
Company-owned device
If you have a new or factory-reset device, add your managed Google account during device setup:
- Turn on your device.
- Follow the on-screen steps until you're prompted to enter a Google Account.
- Enter your managed Google account and password.
- Follow the on-screen steps until setup is complete.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-04-2024 10:59 PM - edited 02-04-2024 11:00 PM
Hi mdas,
i personally don't know about an management enrollment using a managed Google Account.
Also on the website of Cyber ark these are the enrollment methods to be used:
SMS | Enter your phone number (including the country code and area code), and then click Send. CyberArk Identity sends an SMS message to your device with links to the CyberArk Identity mobile app. |
Enter an email address that is accessible from your mobile device, and then click Send. CyberArk Identity sends an email with links to the CyberArk Identity mobile app. | |
QR code | Scan the QR code |
Direct link | Click the link to the appropriate app store for your device. If you are signed in to your Google or Apple account in your browser as well as on your device, you can install the CyberArk Identity mobile app from your desktop browser. |
Nothing about a managed Google account. What kind of enrollment you try to do? BYOD, COBO or COPE?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 01:59 AM - edited 02-05-2024 02:06 AM
Hi @Moombas ,
Thanks for update!
Company owned devices which was enrolling with following steps as per Google documentation
If you have a new or factory-reset device, add your managed Google account during device setup:
- Turn on your device.
- Follow the on-screen steps until you're prompted to enter a Google Account.
- Enter your managed Google account and password.
- Follow the on-screen steps until setup is complete.
With the above steps, it is expected to download the third-party MDM app and complete the enrolment which is not happening.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 02:07 AM - edited 02-05-2024 02:14 AM
Which management sets can you deploy with this setup method? - Full device management
what is the EMM provider? - Use a third-party Android EMM provider (CyberArk, previously registered as Centrify)
https://support.google.com/work/android/answer/9415508?sjid=3084105063576651002-AP
Which set-up method is used for enrolment? - Set up an Android device with a managed Google account
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 02:24 AM
Again: You should reach out to CyberArk support because i still think you are trying to enroll it the wrong way.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 02:15 AM
As @Moombas previously said, you will get better support directly from CyberArk as this is an issue related to their product.
While we're glad to help, without proper inside knowledge of CyberArk product this will be hard to debug unless you're escalating this to CyberArk support team.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 02:27 AM
Hi @jeremy ,
I am from CyberArk need Android Enterprise Team help to troubleshoot this issue.
The authentication is failed in android package itself and not able to sync the account in PlayStore app, please see the following error log:
11-24 14:35:49.414 3842 4105 I Auth : sdq: Invalid package signature for app=com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Canceling DM notification because of DM suppression [CONTEXT service_id=343 ]
11-24 14:35:49.416 3842 4105 W Auth : [GetToken] GetToken failed with status code: ThirdPartyDeviceManagementRequired
The MDM app stops working suddenly without any changes to configuration whereas the existing enrolled devices are working as expected.
Would like to understand if any changes to Android Enterprise policies? or why it is not able to sync the Google managed account from PlayStore?
Thank your patience!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 03:08 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 02:29 AM
So if you're from CyberArk you should post your question and open a support ticket in the dedicated EMM Support Community where you have access to Android Engineers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 02:48 AM
Hi @jeremy ,
I was not aware of this. Could you please help me to provide the link where I could proceed to raise the support ticket?
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 02:59 AM - edited 02-05-2024 03:00 AM
Hi mdas,
I'm a bit scared that you seem to have bought a product and want to do administration to it but just can't find the relevant support information which requires maximum 1 minute to find via Google search and their website:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 03:21 AM
Hi @Moombas ,
I was looking for the process to directly riase the support ticket to dedicated EMM Support Community where I should have access to Google Android Engineers.
I am well aware about the process to raise CyberArk support ticket, might be something misunderstood on my query.
As I saw the issue in Android package auth failure, I need to verify and troubleshoot in collaboration with Teams help.
Thanks for your time!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2024 03:32 AM - edited 02-05-2024 04:39 AM
Hey @mdas86 ,
Hope you're doing well!
Just going through the replies to catch up on the thread. Sorry to hear you're having trouble setting up your Android device. As mentioned before, reaching out to your EMM support and opening a ticket could be a good move.
If that doesn't do the trick, feel free to drop an update here so we can help out more. If you find a solution, it'd be awesome to hear about it!
Thanks, Reece.