OPERATIONAL DEFECT DATABASE
...
...
Customers facing an issue with Windows Push Notification Services (WNS) communication after deploying the Windows Firewall Profile.The WNS status changes to disconnected and causes communication issues with the Windows device via WNS push notification.Communication between client and server is not broken but might be delayed due to the WNS disconnection.
In the default rules of the Windows Firewall Profile that gets deployed via Workspace ONE, the WpnService is not whitelisted. Also, this service is not whitelisted by Windows in the default configuration. Once the Firewall Profile is installed, the WNS communcation stops.
Add the following rules to every Windows Firewall Profile: NameDirectionService NameTypeWNSServiceININWpnServiceAllowWNSServiceOUTOUTWpnServiceAllow After adding the rules, the WNS communcation should be re-established.
Current default rules in the Windows Firewall profile: Name Direction File path Interfaces Type WhiteListAWAgentININ%ProgramFiles(x86)%\AirWatch\AgentUI\AW.ProtectionAgent.PowershellExecutor.exeRemoteAccess,Wireless,LanAllow (1)WhiteListAWAgentOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\AW.ProtectionAgent.PowershellExecutor.exeRemoteAccess,Wireless,LanAllow (1)AwWindowsIpcININ%ProgramFiles(x86)%\AirWatch\AgentUI\AwWindowsIpc.exeRemoteAccess,Wireless,LanAllow (1)AwWindowsIpcOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\AwWindowsIpc.exeRemoteAccess,Wireless,LanAllow (1)AwTunnelAgentININ%ProgramFiles(x86)%\AirWatch\AgentUI\TunnelAgentDesktop.exeRemoteAccess,Wireless,LanAllow (1)AwTunnelAgentOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\TunnelAgentDesktop.exeRemoteAccess,Wireless,LanAllow (1)AwTAServiceININ%ProgramFiles(x86)%\AirWatch\AgentUI\TAService.exeRemoteAccess,Wireless,LanAllow (1)AwTAServiceOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\TAService.exeRemoteAccess,Wireless,LanAllow (1)omadmclientININC:\Windows\System32\omadmclient.exeRemoteAccess,Wireless,LanAllow (1)omadmclientOUTOUTC:\Windows\System32\omadmclient.exeRemoteAccess,Wireless,LanAllow (1)AWProcessCommandsININ%ProgramFiles(x86)%\AirWatch\AgentUI\AWProcessCommands.exeRemoteAccess,Wireless,LanAllow (1)AWProcessCommandsOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\AWProcessCommands.exeRemoteAccess,Wireless,LanAllow (1)AwTaskSchedulerININ%ProgramFiles(x86)%\AirWatch\AgentUI\TaskScheduler.exeRemoteAccess,Wireless,LanAllow (1)AwTaskSchedulerOUTOUT%ProgramFiles(x86)%\AirWatch\AgentUI\TaskScheduler.exeRemoteAccess,Wireless,LanAllow (1) VMware has engaged Microsoft about adding these rules to the default firewall whitelist. This article will be updated as more information becomes available.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
