This purpose of this article is to help Xenmobile administrator troubleshoot issues related to Android policy deployment failures and also provide additional information on settings up XMS server with right values.

Instructions

Symptom of Error:

• User/Administrator reports saying polices are not getting pushed or updated on Android devices by Xenmobile server.
• Policy Deployment status in XMS server either shows as pending or failed.
• Administrator unable to perform or deploy any actions (Like Selective wipe, location device, pushing apps etc.)

Troubleshooting Steps:

1. First make sure the Policy which is failing is part of the correct delivery group and the user is part of that delivery group.
2. Log in to XMS server admin console > Select the user to whom the policy is not deployed > Select Assigned Policies tab and see if the policy is under Pending or Failed state.

• If the policy is in under pending state it will get deployed to the device once it connects back to the server or you can also do Deploy now from XMS server which will deploy the policy immediately. Alternately from Secure Hub you can also do a Refresh Policy.
• If the policy is in failed state, grab XMS server debug logs and looks for failed error codes which can gives some insight on the reason for failure.

Additional Information:
 
For Android deployment failures you can look for the error codes by selecting device on which deployment has failed and click on Delivery Groups which will give the error codes as highlighted in the below screenshot (i.e. error code 5 and 8 in below screenshot)


 

3. If the XMS servers are load balanced by NetScaler, make sure both MDM Load balancers are enabled for SSL Stickiness persistent (i.e. Persistence is SSLSession).



4. Make sure the device has stable Data connection (Network connection).

5. Verify if there are any Android Scheduling policies configured on XMS, if there is a scheduling policy configured then the policy updates will happen according to the schedule. Below is the sample screenshot of scheduling policy.



Please refer to below link for more details on scheduling policy:
https://docs.citrix.com/en-us/xenmobile/10-3/xmob-device-policy-wrapper/xmob-device-policy-connection-scheduling.html

6. If you are using GCM (Google Cloud Messaging) or FCM (Firebase Cloud Messaging) instead of above scheduling policy, you will get the policy updates immediately on the devices. If the policies are not getting updated immediately even after enabling GCM/FCM please make sure firewall port 443 is open from XMS server to Android.apos.google.com and google.comPlease refer to below link for more details on FCM/GCM:
https://docs.citrix.com/en-us/xenmobile/10-4/provision-devices/google-cloud-messaging.html

7. If you have not configured either Android Scheduling policy or GCM/FCM, Android Secure Hub has the default internal heartbeat mechanism which makes the device check in every 6 hours for any policy updates.      

8. If the XMS servers are deployed in clustered environment, try shutting down all the nodes except one node and verify if the issue still exists.Try to run this test on all other nodes as well and see if you are able to figure out the faulty node and replace or shut down this node.
 
9. If the issue still exists you can collect Android device logs by enabling USB debugging and view logs using the below command              

-adb shell setprop log.tag.Secure Hub DEBUG

Please refer to the following link for more information:

https://www.citrix.com/blogs/2015/06/02/mobility-experts-how-to-collect-android-device-logs-for-troubleshooting-xenmobile-issues/