Working with a customer on XenMobile project, we discover an issue with ELM Key Policy which fails to deliver to some Samsung Device.
A discussion was opened on Citrix forum the same day we discover the issue by other guys.
One of them from Canada explained that after reviewing the configuration and investigate in the Support Bundle he found a workaround.
I will not explain here the workaround in detail.
The fact is my customer has 9200 Devices enrolled, 6400 Samsung and more than 550 with the issue.
We have think about a way to implement the solution and in fact we have created on new policy to push the “good” value for ELM Key based on a new created Device Property.
Create a new Device property on 600+ devices will take a long time.
So I create a PowerShell script to do that.
First you will need to create a new Device Property (if you create it on a Device which not have the issue, it can be deleted after).
Create a new Device Property
Type: Other
Name: Samsung SAFE Regularization
Value: True
- After saving and editing the Device you should have this:
Create a new Device Policy with the “Good” ELM Key
- The Device Policy is Samsung MDM Licenses Key, provide a name and click on Next
- You will see the Macro that you need to replace by your Value (the value can be retrieved in the Support Bundle in XMSupportBundlexxxxx\XMS-xxxxxx\sas_config\variables.xml).
Note: This value seems to be the same for all installation and to save you time, here is the value: 999526C1F0E7D488002CC368CF6D7AE3858D41196C8B6BCA71AF301925C6820B2D7D455A7F7323714A10C66197CE7C45D42066799ECF41E1EFF22510D3268F77
- Uncheck Samsung KNOX and click on Deployment Rules
- Click on the Advanced Tab
- Click New, select Limit by known device property, select the property created on first step, example Samsung SAFE Regularization and set value to True. Click on + sign
- Click New, select Limit by known numerical device property, select the property Samsung SAFE API, select is greater thqn and set value to 1. Click on + sign
- Click on Next
- Select the required Delivery Group and click on Deployment Schedule
- Change default setting from On every connection to Only when previous deployment has failed and click on Save
Just before running the script let’s see a Device Properties:
All the prerequisites are done, now just run the script:
- Launch the script
- Provide the name or IP of the XMS server, the script verify that DNS cqn be resolved and port 4443 is opened
- You are prompt to authenticate (with Local ADMIN Account)
- The Number of enrolled Devices is shown
- The Number of Samsung Devices is shown
- The Number of Samsung Devices with SAMSUNG_MDM_VERSION greater than 1 is shown
- The Number of Samsung Device with SAMSUNG_SAFE API Available set to False is shown
- A function is called to create a new Device property for those Device (Samsung SAFE Regularization) is the property value is set to “True”
- At the end of the script the number of Device for which the value has been created is shown (for test purpose in the following screenshot I made a filter on 1 Device to test the script)
You can verify in the Device Property that the new property has been created:
You will just need to wait for Policies to be refreshed on Devices or select your Delivry Group and click on Deploy.
When the Policy will be refreshed on the device, you will have:
The script can be downloaded here