Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎11-23-2020 01:27 PM Edited on ‎03-18-2024 04:55 AM By Moderator

Article Id 194925

Technical Tip: Hosts imported from Airwatch is less than expected

Description

 
This article provides steps to determine if there are invalid entries.
 
The number of hosts imported from Airwatch is less than the number expected.
 
Hosts imported from Airwatch will not be imported due to the following reasons:
  • Invalid MAC address (contains all zeros or duplicates).
  • Invalid enrollment status (anything other than 'Enrolled').


Scope

 

Version: 8.x.

Solution

 

Enable Debug and collect logs:
 
  1. Enable debug. Login to CLI as root and type:

    nacdebug -name AirWatchServer true
    nacdebug -name MdmManager true

  2. Start tail of output.master. Type:

    cd /bsc/logs
    tail -F output.master | tee MdmAWPollmaster.txt

  3. Under System -> Settings -> System Communication -> MDM Services, and select the AirWatch entry.

  4. Select Poll now.  The poll will take several minutes to complete.

  5. Once the UI displays poll is successful, ctrl-c to stop the tail.

  6. Disable debug. Type:

    nacdebug -name AirWatchServer false
    nacdebug -name MdmManager false
 
Evaluate Logs:
 
Invalid addresses (all zeros)
 

Command:


grep macAddress MdmAWPollmaster.txt | tr ',' '\n' | grep macAddress | grep 00000000 | wc -l

 

Example:  

 

grep macAddress MdmAWPollmaster.txt | tr ',' '\n' | grep macAddress | grep 00000000 | wc -l
4

 

Duplicate addresses:
Command:

 

grep macAddress MdmAWPollmaster.txt | tr ',' '\n' | grep macAddress | wc -l
grep macAddress MdmAWPollmaster.txt | tr ',' '\n' | grep macAddress | sort | uniq | wc -l

 

Example:  Even though there are:

 

grep macAddress MdmAWPollmaster.txt | tr ',' '\n' | grep macAddress | wc -l
8878

grep macAddress MdmAWPollmaster.txt | tr ',' '\n' | grep macAddress | sort | uniq | wc -l
8769

 

Invalid enrollment state:

FortiNAC will only import hosts whose enrollmentStatus=Enrolled.

Command:


grep enrollmentStatus MdmAWPollmaster.txt | tr ',' '\n' | grep enrollmentStatus | sort | uniq -c

 

Example:  8525 hosts have a valid enrollment status. The rest will not be imported.


grep enrollmentStatus MdmAWPollmaster.txt | tr ',' '\n' | grep enrollmentStatus | sort | uniq -c
34 enrollmentStatus=DeviceWipePending
5 enrollmentStatus=Discovered
4 enrollmentStatus=E
1 enrollmentStatus=En
1 enrollmentStatus=Enr
1 enrollmentStatus=Enro
3 enrollmentStatus=Enrol
2 enrollmentStatus=Enroll
1 enrollmentStatus=Enrolle
8525 enrollmentStatus=Enrolled
7 enrollmentStatus=EnrollmentInProgress
172 enrollmentStatus=Unenrolled
20 enrollmentStatus=WipeInitiated

For integration details, see the Airwatch MDM Integration reference manual in the Document Library.

Related Articles:

Technical Tip: Troubleshooting MDM registration issues

Technical Note: Airwatch polling stops before all records are returned

Labels:
256
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.