Notes from the field: The broken VMware Access, UEM, and HUB portal

On a recent project with a customer, we encountered the issue that the VMware integration of the three products would be sort of “broken”. We first observed the issue after implementing the Intelligent Hub Verify rule set and see that this wouldn’t work. The devices and UEM wouldn’t show in the portal and the access policy would never apply. This in turn was caused by having the wrong OG configured in VMware Access, this was a weird issue because the entire setup was configured that way months earlier and was validated to work.

After resolving that issue, we encountered that the HUB services integration was missing functionality and not completely show the devices being integrated in the HUB portal. After a VMware GSS case with the necessary troubleshooting, we even encountered a P1 scenario that all devices wouldn’t have access anymore to the Intelligent HUB. This was eventually resolved by removing the configuration from Access in UEM and removing the WS1Hubclient OAUTH in Access, the final part was creating a new Built-in IDP for your domain in Access. According to support there are some cases that the IDP can get corrupted. The only solution is to create a new one and migrate the authentication methods over and then delete the corrupted one.

To summarize it, the problem occurred after the migration from 19.x release to 20.x release and higher, the Built-in IDP will get a new name with a migrated from name in it. This then was renamed to a normal name. The troubleshooting part introduced multiple faulty WS1Hubclient OAUTH modules which needed to be removed. The misaligned OG in Access is also to blame that the entire integration wasn’t working. After correcting all this the setup was instantly working again, there is no loss of data because the HUB services co-host within Access.

 

Hope it helps!

Notes from the field: VMware App Volumes LDAP(S) lockout

This is a quick blog to address a lockout issue if you are having troubles with LDAP(S) and or the validation of the certificate. When you want to validate this or for that matter resolve it because you can’t login to the App Volumes Manager anymore do the following on the database:

Select the dbo.ldap_domains entry and click the Select Top 1000 Rows to view the entries

Edit Top 200 Rows to edit the value in question and flip it to your value

Afterwards you can login again with LDAP(S) enabled and/or the verification as well.

Hope it helps!