Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Customers facing an issue with Windows Push Notification Services (WNS) communication after deploying the Windows Firewall Profile.The WNS status changes to disconnected and causes communication issues with the Windows device via WNS push notification.Communication between client and server is not broken but might be delayed due to the WNS disconnection.
In the default rules of the Windows Firewall Profile that gets deployed via Workspace ONE, the WpnService is not whitelisted. Also, this service is not whitelisted by Windows in the default configuration. Once the Firewall Profile is installed, the WNS communcation stops.
Add the following rules to every Windows Firewall Profile: NameDirectionService NameTypeWNSServiceININWpnServiceAllowWNSServiceOUTOUTWpnServiceAllow After adding the rules, the WNS communcation should be re-established.
Current default rules in the Windows Firewall profile: Name Direction File path Interfaces Type WhiteListAWAgentININ%ProgramFiles(x86)%\AirWatch\AgentUI\AW.ProtectionAgent.PowershellExecutor.exeRemoteAccess,Wireless,LanAllow (1)WhiteListAWAgentOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\AW.ProtectionAgent.PowershellExecutor.exeRemoteAccess,Wireless,LanAllow (1)AwWindowsIpcININ%ProgramFiles(x86)%\AirWatch\AgentUI\AwWindowsIpc.exeRemoteAccess,Wireless,LanAllow (1)AwWindowsIpcOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\AwWindowsIpc.exeRemoteAccess,Wireless,LanAllow (1)AwTunnelAgentININ%ProgramFiles(x86)%\AirWatch\AgentUI\TunnelAgentDesktop.exeRemoteAccess,Wireless,LanAllow (1)AwTunnelAgentOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\TunnelAgentDesktop.exeRemoteAccess,Wireless,LanAllow (1)AwTAServiceININ%ProgramFiles(x86)%\AirWatch\AgentUI\TAService.exeRemoteAccess,Wireless,LanAllow (1)AwTAServiceOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\TAService.exeRemoteAccess,Wireless,LanAllow (1)omadmclientININC:\Windows\System32\omadmclient.exeRemoteAccess,Wireless,LanAllow (1)omadmclientOUTOUTC:\Windows\System32\omadmclient.exeRemoteAccess,Wireless,LanAllow (1)AWProcessCommandsININ%ProgramFiles(x86)%\AirWatch\AgentUI\AWProcessCommands.exeRemoteAccess,Wireless,LanAllow (1)AWProcessCommandsOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\AWProcessCommands.exeRemoteAccess,Wireless,LanAllow (1)AwTaskSchedulerININ%ProgramFiles(x86)%\AirWatch\AgentUI\TaskScheduler.exeRemoteAccess,Wireless,LanAllow (1)AwTaskSchedulerOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\TaskScheduler.exeRemoteAccess,Wireless,LanAllow (1) VMware has engaged Microsoft about adding these rules to the default firewall whitelist. This article will be updated as more information becomes available.