change timeout contacting MDM Server
- Hello,
can i change the time interval (about 10 minutes) when device is trying to connect to MDM Server? (when VPN connection is active)
I Need this because VPN Mobile is not permanent opened and client is trying in scheduled time interval connect to MDM Server.
This caused battery drain and i prefer to establish "on demand" connection only to MDM Sever. (VPN connection independent)
In MDM Connect Now tool i need quicker status code "failed" not 10 mins but 2 mins for example.
Jan Schwarz
Réponses
There is no way of changing the timeout for a policy update. The best you can do is to decrease the policy update frequency. There are lots of timeouts for the VPN tunnel, NATT time detection etc but not for the policy updates.
If you are using a Private APN, which is a trusted network, why don’t you allow policy updates though the APN network. This would allow policy updates to complete through the Private network, eradicating your battery issue.Hope this helps
Cheers Wayne
Airloom- Marqué comme réponseWayne Phillips.MVP, Modérateurvendredi 9 octobre 2009 00:58
Toutes les réponses
- If I use the "Connect Now"-tool I get a feedback on the device in less than ten minutes. I don't think there's an option to change this however, and how much time it takes depends on a lot of factors.
But the connect now tool is not designed to be the end-user's interface to MDM, it's a utility primarily designed for troubleshooting.
I agree that a constant VPN connection is harder on the battery life than non-VPN, but I guess that's the trade-off one has to make. You can change the interval for connection, and you can also give the user the ability to turn off and on the VPN tunnel. But the design for SCMDM as a whole implies that you are using the scheduling.
If you really need an on-demand MDM solution I'd recommend coding a small client that will handle this. - I know that MDM Connect Now is only for Administrators but i use this as an example for better understanding.
When connection to MDM Server is active (for example via VPN Mobile) Connect Now returns feedback in less then one minute (Success Status)
but when connection to MDM server is not active, device (WM Professional 6.1.6) tries establish connection (via EDGE/UMTS) and it tries this for about 10 minutes.
When manualy close active data connection on device during this unsuccessful connection device tries this until timeout expires
I'm using Connect Now only as help tool to measure time period when device stops trying to connect. You can reproduce this behavior by disabling Mobile VPN and trying to use "Connect Now" (do not wait for next scheduled update) and you see device trying to connect for ten minutes (after this period you can successfuly disable data connection without next reconnection)
I need this one because we have private APN and i don't want to connect to corporate network via VPN.
Jan Schwarz - Ok, I see what you mean.
Is the private APN verifying you through the SIM card only, or is the connection using Radius to authenticate on a user-level too? I have seen issues when the APN has to do a Radius lookup, and certain applications will time-out waiting for a network connection. (Unless they have a "connection manager light" which I'm guessing the "Connect Now"-app does not have.)
Are the same problems present if you are connecting via a public APN, or WiFi? (Provided your firewall allows this.)
I'm not sure of the exact inner workings of "Connect Now", so I wouldn't know if this might be by design...
Slightly off-topic I'd like to add that while there are different variations of private APNs most of them are more like a VLAN than a VPN, so usually I'd recommend using a "proper" VPN solution in addition if you want the added security. But you may have already taken this into consideration :) There is no way of changing the timeout for a policy update. The best you can do is to decrease the policy update frequency. There are lots of timeouts for the VPN tunnel, NATT time detection etc but not for the policy updates.
If you are using a Private APN, which is a trusted network, why don’t you allow policy updates though the APN network. This would allow policy updates to complete through the Private network, eradicating your battery issue.Hope this helps
Cheers Wayne
Airloom- Marqué comme réponseWayne Phillips.MVP, Modérateurvendredi 9 octobre 2009 00:58
i'm not sure it is the policy update timeout problem, we are talking about. I want change the timeout that controls when the connection to MDM server is not successful and after that MDM "client side" stops reconnecting to MDM server and "says failed".
For example: (next policy update is scheduled to 1.7.2009 at 6:00 PM)
5:59PM no data and/or VPN connection exists to corporate network
6:00PM device opens data connection to internet and after some seconds MDM client side tries connect to MDM Server
6:01PM connection is unsuccesful and user closes data connection manualy for example for battery drain or data costs (this is per user decission)
6:01:30PM device tries to open data connections again and vpn connections are not enabled or active to corporate network
6:05PM same user action and same reconnection from MDM client side on device
6:10PM when user closes data connections, after this time MDM on device does not reconnect and wait for next scheduled time (for example after 8 hours)
When VPN connections are active or user connects to data network via "private" APN, MDM client side successfuly connects to MDM server and after 6:01 device does not try reconnect (because succesful) and waits for next scheduled time.
We have got some users that do not connect to corporate network via private APN but manually create connection to corporate network (manually enabled mobile VPN connection or via WiFi network) or users configured with private APN do not need to be connected permanently to the data network.
Jan SchwarzJan,
I understand your issue. The device keeps trying to perform a policy update until it is successful. It reties to perform a policy update every time you establish an active data connection.
I've had a look under the covers and I can't find a failed connect timeout setting.
The only thing I can think of to solve this, is exposing your Device Management Server to the Internet. Not a recommended solution, for security reasons, but it would mean your device would always be able to perform a Policy update.
Cheers Wayne
Airloom
