Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Unable to sync devices from the Apple Business Manager (ABM) with the Workspace ONE UEM ConsoleThis behavior may occur when: Communication between the Workspace ONE UEM Console and Apple Business Manager (ABM) has stopped.Apple has released new terms and conditions that must be accepted.The AirWatch Batch Processing Service needs to be restarted (applicable for on-premise environments).The Device Enrollment Program (DEP) token has been invalidated by Apple > When attempting to renew the token > error is displayed: "Save Failed Invalid Token"The DEP token has expired. Error Message is displayed in Console: "The Dep token appears to have been deleted or the system is unable to request the required information. Please check the status of the token in Apple Business Manager portal"
This article addresses how to resolve syncing issues between Workspace ONE UEM console and Apple Business Manager/Apple School Manager. The resolution may vary according to the error message displayed.
To resolve syncing issues between Apple Business Manager ADE/DEP devices and Workspace ONE UEM Console review the following:Note: DO NOT proceed unless the first option does not resolve the issue. Option 1: The Token is Expired: Renew the Automated Device Enrollment Program (ADE) (DEP) token. Within the Workspace ONE UEM Console, navigate to Groups & Settings > All Settings > Devices & Users > Apple > Device Enrollment Program and make sure that the DEP token is still valid. If the token has expired, renew it by following these step-by-step instructions: Renew the Apple Server token for DEP deployments and then factory reset the affected Apple iOS/iPad devices. For macOS devices, the profile can simply be renewed the reset the DEP connection by typing the following command in the command-line interface of the affected device. sudo profiles renew -type enrollment Option 2: The Token is Not Expired: Check Terms and Conditions in ABM and Renew the token again. Navigate to the Apple Business Manager portal and make sure that the Apple terms and conditions are accepted. If the conditions are not accepted, renew the token again (even if the expiration date is still valid), and then accept the conditions and then try syncing the devices from the Console. If you have an on-premise instance of Workspace ONE: Navigate to the Console Server. Within the Console Server, navigate to the Services tab within Server Manager. Here you should see a service called AirWatch Batch Processing Service. Restart this service and then attempt syncing the devices from the Console again. Option 3: The Token is Not Expired: Terms and Conditions are accepted > "Save Failed Invalid Token" Occasionally the token will become invalidated by Apple for various reasons. VMware is unable to provide root cause analysis in these situations. When this error is display during the process of "saving" the "renewed" token, it is advised to contact Apple and/or reconfigure the Automated Device Enrollment (ADE) (DEP) page in the Workspace ONE console. WARNING: This scenario will not affect currently enrolled devices or unenroll any previously connected (ADE/DEP) device, but all profile configurations will need to be recreated. It is highly advised to screenshot any configurations prior to undertaking this process. This will simply result in re-populating the registration records on the console lifecycle status page and creating a new MDM server instance on the Apple Business Manager portal. Disable the configuration on the settings page in the UEM console at Devices and Users > Apple > Device Enrollment Program > Disable. Note: This requires a console administrator pin and can take ~24 hours to clear. Edit the MDM server instance on Apple Business Manager Console > See Edit mobile device management (MDM) servers in Apple Business Manager Download a new public key certificate from Devices and Users > Apple > Device Enrollment Program > upload this certificate into the ABM portal MDM server. This will create a new token that can be uploaded and renewed into Workspace ONE. Complete the initial DEP profile setup in Workspace ONE with the fresh token from ABM. > Save. This initial setup should be completed within the same browser session and within a 5-minute time frame to avoid save errors.Recreate the device registration records if not already present > Devices and Users > Apple > Device Enrollment Program > Fetch All DevicesConfirm Device registration records are populated in the console and are recent.
For additional details, please refer to this resource: DEP Device ManagementYou may also reference these articles for related information and relevant issues: FAQ's - Apple Automated Device Enrollment Program (ADE) (Formerly DEP) for Workspace ONEUnable to assign or remove DEP profileDEP Profile stuck in “Assignment in Progress”How to unenroll, reconfigure, and re-enroll DEP devices“Invalid Profile” error in DEP devices