This purpose of this article is to help XenMobile administrator troubleshoot issues related to iOS policy deployment failures and also provide additional information on settings up XenMobile server with right values

Instructions

 Symptom(s) of the Issue:

1. User/Administrator reports saying polices are not getting pushed or updated on iOS devices by XenMobile server.
2. Policy Deployment status in XenMobile server either shows as pending or failed.
3. Administrator unable to perform or deploy any actions (Like Selective wipe, location device, pushing apps etc.)

1. First make sure the Policy which is failing is part the correct delivery group and the user is part of that delivery group.
2. Log in to XenMobile server admin console > Select the user to whom the policy is not deployed > Select Assigned Policies tab and see if the policy is under Pending or Failed state.
   •  If the policy is in under pending state it will get deployed to the device once it connects back to the server or you can also do Deploy now from XenMobile server which will deploy the policy immediately. Alternately from Secure Hub you can also do a Refresh Policy. 
   • If the policy is in failed state, grab XenMobile server debug logs and looks for failed error codes which can gives some insight on the reason for failure.

3. If the XenMobile servers are load balanced by NetScaler, make sure both MDM load balancers are enabled for SSL Stickiness persistent (i.e. Persistence is SSL Session).

4. Make sure all the XenMobile servers are able to reach to APNS server. To verify log into XenMobile server admin console support portal > select XenMobile Connectivity Checks > Select Apple Push Notification Server and click test.

 

• Perform same test on all XenMobile server nodes. 
• Make sure the oldest node of XenMobile server is able to communicate to APNS as this is the server which servers all APNS requests.
• To verify which XenMobile server node is Oldest node, in the same support portal under Advanced click on Cluster information.

5. Verify the value of Push services heart beat interval in XenMobile server. To do so Login to XenMobile server admin console > Configure > Settings > Server properties and search for “ios.apns.heartbeat.interval”

• This setting determines how frequently an iOS device checks if an APNs notification is not delivered in the interim. Increasing the APNs heartbeat frequency can optimize database communications. Too large a value can add unnecessary load. This setting applies only to iOS. Default is 6 hours.
• If you have a large number of iOS devices in your environment, the heartbeat interval can lead to higher load than necessary. Security actions, such as selective wipe, lock, full wipe, and so on do not rely on this heartbeat, as an APNs notification is sent to the device when these actions are executed. This value governs how quickly a policy updates after Active Directory Group membership changes. As such, it is often suitable to increase this value to something between 12 and 23 hours to reduce load

6. If the XenMobile servers are deployed in clustered environment, try shutting down all the nodes except one node and verify if the issue still exists.  Try to run this test on all other nodes as well and see if you are able to figure out the faulty node and replace or shut down that node.