Resolved issues
These are cumulative release notes. If a release does not appear in this section, then there are no associated resolved issues.

-
VSP-68803: In previous releases, if you chose "Automatically update app when new version is available" in the AppCatalog for VPP Apps, the update failed. In this release, the update occurs as expected.
-
VSP-68712: In previous releases, the User Portal displayed incorrect wording for device actions in the the German language browser. In this release, the correct wording is displayed.
-
VSP-68699: In previous releases, the following error is displayed when you try to save a new Compliance action: Alert subject is missing for language with I {0} when send email is NONE. In this release, saving a new Compliance action works as expected.
-
VSP-68623: In previous releases, after pushing an IOS software update policy to the devices, the update was downloaded but the installation did not happen automatically on the device. In this release, the installation occurs automatically.
-
VSP-68549: In previous releases, pairing of the Remote app/Control Center widget's remote control to an Apple TV device could not be disabled, due to an incorrect spelling in the configuration. In this release, pairing can be disabled.
-
VSP-68515: In previous releases, if you tried to edit the configuration file server.xml (/mi/tomcat/conf/server.xml) to control performance characteristics, the system failed to boot in FIPS mode due to package integrity check failures. In this release, you can edit the file.
-
VSP-68514: In previous releases, if the Admin Portal was associated with port 8443, and that port was not open to the Internet, the multi-user portal failed to load CSS files. In this release, loading CSS files is occurring normally.
-
VSP-68513: In previous releases, duplicate device identification entries in the mi_device_detail table caused reporting problems for Azure Intune compliance details in the Ivanti EPMM and Azure portals. In this release, there are no duplicate entries and the reporting is working as expected.
-
VSP-68471: In previous releases, while installing on iOS 16 devices, the User Enrollment registration failed with the following error: Profile.Error: Profile Failed to Install. In this release, the User Enrollment registration works as expected.
-
VSP-68462: In previous releases, the "Last sync time" field in the 'ActiveSync'' tab on the Admin Portal was not updated after Sentry and Ivanti EPMM were upgraded. In this release, after the upgrades, the "Last sync time" field is updated automatically.
-
VSP-68455: In previous releases, if you deactivated the iOS Restriction > Force Translation Processing Only on Device (iOS 15.0 and later), you could not edit the On-Device Mode in Translation > Settings on the iPhone or iPad. In this release, translation editing can occur.
-
VSP-68453: In previous releases, when "device language" was set to Arabic, the Amharic language was reported instead. In this release, the correct language (Arabic) is reported.
-
VSP-68450: In previous releases, the apps list in the Device Details page was not displayed if an app was imported into both the main device space and an alternate space. In this release, the list displays correctly.
-
VSP-68425: In previous releases, the device compliance processing flow prevented other devices from checking in reliably. In this release, the check-ins are completed normally.
-
VSP-68404: In previous releases, configuring email with 'smtpAuth' in the System Manager prevented Ivanti EPMM from sending email when administrators chose the option Devices > Send Message > Email. In this release, administrators can send email as expected.
-
VSP-68385: In previous releases, enrollment of a device that was externally decommissioned changed the old device record to "Retired Pending." In this release, the record displays as "Retired."
-
VSP-68120: In previous releases, even though the Avaya Managed App configuration had been deleted, Ivanti EPMM pushed the configuration to the device, and displayed Avaya values as if they were still present. In this release, Ivanti EPMM no longer pushes the configuration or displays the Avaya values.
-
VSP-68088: In previous releases, LDAP synchronization occurred twice a day even if synchronization was set for once every 24 hours. In this release, synchronization occurs only once a day.
-
VSP-67872: In previous releases, when the Ivanti Tunnel Cisco VPN setting Per App VPN was set to No, domains remained visible. Users could still enter domain details, which could disrupt device wide tunnel configurations. In this release, setting Per App VPN to No correctly hides the domains.
-
VSP-67353: In previous releases, Ivanti EPMM software update information (such as descriptions) for iPad/iPhone devices was either incorrect or missing due to errors communicating with Apple, Inc. Sometimes the latest release number would be missing in release number drop-down fields. In this release, an explanation replaces missing or incorrect information, and you can enter the version number in drop-down fields manually.
-
VSP-66298: In previous releases, script-run Get MDM Profile API requests failed when the special characters "+", "/", or "=" were included in the deviceInfo parameter. In this release, the API requests run correctly.
-
VSP-65148: In previous releases, the latest wallpaper policy was not applied when there was a change in distribution and the policy was in a pending state. In this release, the latest wallpaper policy is applied.
- TPUBS-2811: To increase clarity, in the Ivanti EPMM Device Management Guide of your OS:
- TPUBS-2807: Updated Security Policies in the Getting Started with Ivanti EPMM Guide to explain that password and data protection are not supported on tvOS. If you apply a policy that requires either a password or data protection to a tvOS devices, the devices fails to meet the requirements and will be out of compliance.
- TPUBS-2791: For clarity, added cross-references in "Hide or display Activity Logs and Settings menu" so the reader can easily find time settings. See the Ivanti Device Management Guide of your OS: Android, iOS, Windows.
- TPUBS-2784: Updated Signing your shell script for macOS in the Ivanti EPMM Device Management Guide for iOS and macOS devices with the link to downloading the Ivanti EPMM signing tool.
- TPUBS-2783: To assist with troubleshooting managed app configurations, added new topic "Troubleshooting configurations" in the Ivanti EPMM Device Management Guide Android, iOS.
- TPUBS-2782: Updated Apple Device Enrollment with Ivanti EPMM overview in the Ivanti EPMM Device Management Guide for iOS and macOS devices with a NOTE stating Apple Device Enrollment is different from other methods of enrolling / registering devices.
- TPUBS-2762: Updated "Managing Duplicate Devices" with information about Ivanti EPMM matching devices by device type in the Ivanti EPMM Device Management Guide iOS, Windows.
- TPUBS-2761: Updated Managing devices in Apple MDM lost mode in the Ivanti EPMM Device Management Guide for iOS and macOS devices with information about finding a lost device.
- TPUBS-2754: Updated Android File Transfer Configurations for improved clarity in the Ivanti EPMM Device Management Guide for Android and Android Enterprise devices.

- VSP-68335: In previous releases, Recommendation Cadence did not work correctly because the cadence value was a string, but an integer is required instead. In this release, the cadence value is an integer, and Recommendation Cadence works as expected.
- VSP-68333: In previous releases (when you upgraded to 11.6.0.1 or 11.7.0.0), certificate-based authentication failed for new devices on Android enterprise application configuration, if, prior to upgrade, you had already registered a device and Ivanti EPMM generated a user certificate, or you uploaded you own certificate. In this release, Ivanti EPMM uses a different method of caching certificates, and certificate-based authentication for both new devices and existing devices works as expected.
- VSP-68280: In previous releases, when you searched for devices to apply an action, the Found dialog window erroneously displayed the Force Retire checkbox. This checkbox should only be displayed when performing a Retire action. In this release the checkbox no longer appears in the Found window.
- VSP-68161: In previous releases, the Need Android Setting button was coupled with the Enable Lock Task Mode. That is, when you selected the Enable Lock Task Mode option, the gear icon became visible in both non-shared and shared kiosk policies. In this release, the Need Android Setting button is only shown in the shared kiosk, whether or not the Enable Lock Task Model is selected.
- VSP-68103: In the previous releases, in German, when you upgraded to Ivanti EPMM 11.7.0.0, then pushed the user profile, the view logs for the Device and Software Version Update were not visible. In this release, the view logs display as expected.
- VSP-68095: In the previous releases, the Volume Purchase Program (VPP) apps failed to be installed because the apps were not supported. In this release, the VPP apps are supported and install normally.
- VSP-68046: In previous releases, when you registered an Android device as a managed device and added the $DEVICE_SN$ variable as the lock screen message in the lock-down policy, the device lock screen erroneously displayed the registration UUID. In this release, the screen correctly displays the serial number instead.
- VSP-68018: In previous releases, when you set the allowDeviceSleep restriction for the Apple TV to True, then registered the Apple TV in the DEP or other registered device, the restriction was displayed as not set. In this release, the restriction status displayed as expected.
- VSP-67939: In the Ivanti EPMM 11.7.0.0, a change was made that caused backups to CIFS shares to stop working. In this release, the backups are working as expected.
- VSP-67818: In previous releases, Apple-driven UE registration failed when the email ID was used as the username. In this release, registration no longer fails.
- VSP-67770: In previous releases, you could not send Data Access Point Name (APN) settings through a cellular policy. In this release, sending the settings works correctly.
- VSP-67686: In previous releases, you received an Internal Server Error message if you tried to enter a special character in the Custom Attribute field because this field did not accept special characters. In this release, the Custom Attribute field accepts special characters.
- VSP-67672: In previous releases, when you tried to edit a VPN with a Device Channel type in the configuration view, the channel type was erroneously displayed as a User Channel type. If you tried to change the User Channel type back to a Device Channel type, the system displayed the following error: Nothing has changed. The channel type was correctly displayed in the Configuration Details pane on the configuration page. In this release, the channel type is displayed correctly.
- VSP-67619: In previous releases, you could not save Sentry settings when you tried to disable the previously enabled ActiveSync service with Kerberos authentication. In this release, you can save Sentry settings with ActiveSync service disabled.
- VSP-67600: In previous releases, even though you deleted a VPN configuration from a device, Ivanti EPMM continued to issue new SCEP certificates for the device. In this release, no new SCEP certificates are issued for devices whose VPN configuration has been deleted.
- VSP-67599: In previous releases, iOS device users who did not have Apple User Enrollment privileges could still complete Apple user enrollment for their device. In this release, users without the privileges cannot complete the enrollment.
- VSP-67598: In previous releases, using the Advanced search criteria for the RETIRE_PENDING status in combination with other criteria resulted in an error. In this release, the error no longer occurs.
- VSP-67587: In previous releases, audit log entries were unreliably retrieved by syslog through file monitoring. In this release, the log entries are injected directly into syslog.
- VSP-67421: In previous releases, when you applied multiple Single-App Mode policies to a device, only the policy that arrived first was applied, even if another policy with higher prioritization was applied later. In this release, policy application functions as expected.
- VSP-67393: In previous releases, when you install a custom app from Apple Business manager, the app's latest details and version sometimes failed to update in the App Catalog. In this release, the updates occur as expected.
- VSP-66718: In previous releases, a booting or rebooting of a system that had both FIPS and Common Criteria modes enabled caused a package integrity check to occur. If the check failed, the system performed several reboots and then shut down. Pressing Enter during the reboots allowed a compromised, inherently insecure system to function. In this release, a failed check causes the system to fall into immediate emergency recovery mode. In addition, the root account is disabled, and the system prompts you to enter a root password. Contact Ivanti Support to provide the requested password and to help recover the system.
- VSP-66123: In previous releases, Ivanti EPMM audit logs listed fake installation, which filled audit logs. In this release, Ivanti EPMM audit logs do not list fake installations, but existing audit log entries of fake installations will continue to show up in the listing.
- VSP-63894: In previous releases, when a user device state changed to non-compliant, Ivanti EPMM published the device status change event to its subscribers, and erroneously continued to publish the status at regular intervals. In this release, publishing occurs only once.
- VSP-63785: In previous releases, a race condition prevented App Tunnel from re-populating in Ivanti EPMM when the App Tunnel was deleted. In this release, repopulating occurs as expected.

- VSP-67777: In previous releases, when you tried to register an iOS device in iReg using an email address as the username and RegMode as the password, a Role Lookup error occurred. In this release, registration with an email username and RegMode as password proceeds as expected.
- VSP-67582: When adding a single device, there were JSON parsing errors. This issue has been fixed.
- VSP-67503: In previous releases, custom apps from the Apple Business manager sometimes failed to update the latest details and versions in the App Catalog. In this release, app detail and version updates occur correctly.
-
VSP-67300: In previous releases, the iOS Trusted Operating System (TOS) email to the admin was not delivered. In this release, email delivery occurs normally.
-
VSP-67285: In previous releases, copying an existing managed app configuration with the default app configuration failed. In this release, copying the app configuration works as expected.
-
VSP-67267: In previous releases, [email protected] on the iPad did not start in full-screen mode even though it was configured correctly. In this release, [email protected] opens in full-screen mode.
-
VSP-67244: In previous releases, a blank page and an invalid JSON string were sometimes displayed when accessing the Labels tab in the Core UI. In this release, the Labels tab is displayed correctly.
-
VSP-67238: In previous releases, on the Android platform, when the browser language is German, the user portal did not display the registration PIN when the Request Registration PIN operation was performed. In this release, the PIN is displayed as expected.
-
VSP-67234: In previous releases, using iReg to download the [email protected] client failed if the admin portal was not configured to run on port 443. In this release, the download is successful.
-
VSP-67225: In previous releases, entering information in the Notes field of the Devices dialog box automatically enabled the Retire action button. In this release, you must specifically select the new checkbox to enable the button.
-
VSP-67204: In previous releases, licenses corresponding to retired devices were erroneously displayed as still in use, and Apple continued to associate the license with the retired device. In this release, these licensing issues no longer occur.
-
VSP-67174: In previous releases, quotes and angle bracket errors in the syslog templates caused incorrectly generated syslog configuration files. In this release, the configuration files are generated correctly.
-
VSP-67141: In previous releases, failover client-connection commands that disable or enable client connections were only successful on non-mutual-auth cores. In this release, the commands are also successful on mutual-auth cores.
Note: After disabling client connections on mutual-auth cores, the connections can become spontaneously reenabled if you make changes that affect the port 443 listener configuration, such as when adding or removing ciphers. -
VSP-67113: In previous releases, the Core server erroneously sent uninstall requests for Android apps that were not in a device's inventory. In this release, only apps that are in the device's inventory receive uninstall requests.
-
VSP-67082: In previous releases, when you registered an Android 10 or above device in DA mode on a mutual-auth core, entries in the Devices page were deleted. In addition, LDAP and Space syncs failed. In the current release, the entries are no longer deleted and the syncs occur successfully.
-
VSP-67046: In previous releases, an authentication error occurred when you sent emails from System Manager through a StartTLS-required Simple Mail Transfer Protocol (SMTP) server. In this release, no error occurs and the emails are sent out as expected.
-
VSP-66937: In previous releases, certificate expiry warnings were issued to all certificates in a certificate chain. In this release, certificate expiry warnings are only issued to the certificates that are actually expiring.
-
VSP-66907: In previous releases, when an Apple Device Name policy was attached to a Label and later removed, the Device page continued to show the policy as Pending. In this release, the policy is removed from the device as expected.
-
VSP-66905: In previous releases, when you selected the Data Sweeper app from the App Catalog, you received an internal server error if the restriction field for restriction_type="BUNDLE" was empty. In this release, no internal error occurs and the values are parsed correctly.
-
VSP-66771: In previous releases, an APN configuration failed to be applied to a device if that device was registered to a user who did not have mail. In this release, the configuration is applied successfully.
-
VSP-66509: In previous releases, upgrading a FIPS or Common Criteria system using the validate feature could cause a package verification failure and render the system unbootable. In this release, the process works as expected as long as you use the re-validate function instead of the resume validation function during the upgrade.
-
VSP-66278: In previous releases, on Windows 10 Desktop touch devices, there was no Core Admin Portal scroll bar. In this release, the scroll bar is visible.
Note: To scroll through tables and lists, scroll while holding down the left button on the track pad or mouse. -
VSP-66002: In previous releases, the purgedb operation failed when it did not receive a number of days parameter from the optimizedb operation. In this release, when the optimizedb script does not send a number of days parameter, purgedb purges the records that are older than 7 days.
-
VSP-65679: In previous releases, if an administrator specified Auto as the configuration proxy type in the Device Wi-Fi configuration, but did not provide a proxy automatic configuration (PAC) URL, the generated Wi-Fi configuration set the type as None. In this release, the Wi-Fi configuration does not require a proxy automatic configuration URL to generate an Auto configuration type.
Note: To correct the error in a legacy device whose configuration proxy was already erroneously interpreted in the Device Wi-Fi configuration, repush the configuration proxy.
-
VSP-65554: In previous releases, iOS device users could complete the Apple User Enrollment process even if they did not have enrollment privileges. In this release, unenrolled users cannot complete the enrollment.
-
VSP-65283: In previous releases, the Storage Capacity and Storage Free fields in the Device Details page were shown only with a power of 10 divisor (for example, MB, GB). In this release, the fields now also shown with a power of 2 divisor (for example, MiB, GiB). For more information, see "Advanced Searching" in the Core Device Management Guide of your OS.
-
VSP-64912: In previous releases, when the Core Admin portal was configured to access port 8443, the self-service user portal text was misaligned due to a stylesheet issue. In this release, the text is no longer misaligned.

-
VSP-67181: There was an issue when upgrading Core from release 11.5.0.0 to 11.6.0.0. After the upgrade, Android apps that require Certificate Enrollment configuration stopped working, with the following Tunnel error message: "Waiting for identity certificate installation." This issue has been fixed. With this patch, Android apps using the Certificate Enrollment configuration will operate normally after an upgrade to Core 11.6.0.1.
Specifically for Single File Identity type Certificate enrollment configuration: if the configuration is pushed to any device after upgrading to Core 11.6.0.0, there are chances of running into the same issue in Core 11.6.0.1.
Workaround: The configuration needs to be re-pushed by re-uploading the same pkcs12 file to the Single File Identity type Certificate enrollment configuration. If it is a direct upgrade to Core 11.6.0.1 (aka, bypassing Core 11.6.0.0), this issue will not arise. -
VSP-67246: Configuring Google Chrome app restrictions no longer fails.
-
VSP-67205: The new "Cancel retire" feature in Core 11.6.0.0 was causing Core to update the registration date to the timestamp of the Cancel retire. This is incorrect because the device registration date was unchanged. This issue has been fixed.

-
VSP-66904: When mutual authentication is enabled on Core, there was an issue when Android devices were retired (Relinquish Ownership). The device remained in the Pending state, and did not resolve to Retired. This issue has been fixed for new devices. Android devices now move as expected through the retirement process from Active to Pending to Retired, whether or not mutual authentication is enabled.
Note: the upgrade does not resolve the problem for devices already affected by the issue. -
VSP-66772: Previously, the Extensible Single Sign-On (SSO) configuration custom data key (AppAllowList) was limited to 255 characters. With this release, the AppAllowList extensible SSO configuration custom data key will accept key values of up to 1024 characters.
-
VSP-66769: Previously, PIN details were not being exported from Core to Android devices in the following modes:
- Zero Touch and Samsung Knox enrollment
- Managed Device/Device Owner
With this release, the registration PIN details are included in the Comma Separated Values (CSV) file that Core creates for these devices, as expected.
-
VSP-66754: Previously, Core would validate an incoming Sentry connection using the X-Forwarded-For (XFF) HTTP header field. If, during the transaction, the XFF header was changed, Core would reject the connection request. With this release, Core relies on application-specific identifiers which are exchanged between Sentry and Core.
-
VSP-66751: Previously, there was an issue with [email protected] iOS app configurations in a mutually-authenticated Core system. If the configuration contained one or more custom Lightweight Directory Access Protocol (LDAP) user attributes, Core failed to push the configuration to the device. This issue has been fixed. With this release, Core can successfully push an iOS [email protected] app configuration with custom LDAP user attributes to its target devices.
-
VSP-66750: Previously, the Apple Magnifier app (com.apple.magnifier) was not available for selection from our Core System App Catalog (Policies & Configs > Configs > App Restrictions). With this release, you can now select this magnifying app for whitelisting or blacklisting.
-
VSP-66733: Previously, if there was a custom LDAP user attribute within a compliance rule for iOS devices, Core was not replacing that attribute with an actual device user when generating an alert, causing the action to fail. With this release, Core correctly replaces LDAP user attributes within compliance rules during alerts, as expected.
-
VSP-66724: Previously, when Core running 11.5.0.0 was rebooted, the following entry was appearing more than once in the /etc/sysconfig/iptables file:
- -A CPP -p icmp -m icmp --icmp-type 3 -j ACCEPT
In this release, no duplicate iptable entries are generated when Core 11.5.0.0 reboots.
-
VSP-66633: Previously, Android device users were not able to download apps to their devices using [email protected] from a mutual authentication-enabled Core system. In this release, device users can successfully download apps from [email protected] from a Core configured for mutual authentication.
-
VSP-66625: Previously, the Pull Client Logs device token expiry time for capturing device bug report information was 36,000 milliseconds (36 seconds), which was not long enough to add the bug report to the milogs.zip file. With this release, the default token expiry time has been extended to 180,000 milliseconds (3 minutes). The nonce validation can be extended or adjusted by updating the client.logs.upload.nonceValidity property in the mins.properties file. For more information, see Working with Logs in the Troubleshooting chapter of the Ivanti EPMM System Manager Guide.
-
VSP-66562: There was an issue with macOS reports appearing in the mobile device management (MDM) device logs for shared iPads. This issue has been fixed. The "macOS Restriction Report" has been renamed "Restriction Report."
-
VSP-66548: There was an issue with the Mobile4ERP public app failing to install on Android Enterprise devices. The app went into a loop updating details and never resolved. The issue has been fixed. The Mobile4ERP public app now installs on Android Enterprise devices as expected.
-
VSP-66496: Previously, administrators were unable to generate Security Assertion Markup Language (SAML) metadata, because there was no option for them to enter a custom URL (known as an entity-based URL) from the mifs.properties file. With this release, administrators can enter an entity-based URL from the mifs.properties file, which can then be used to generate the SAML metadata.
To add an entity-based URL:
- Delete the existing SAML configuration.
- Add the property saml.spEntityBaseUrl with the custom URL to the mifs.properties file.
- Set up SAML again.
The new entity-base URL should reflect in the sp-metadata.xml file, for example, https://<Core FQDN>:443/mifs.
-
VSP-66485: Previously, installing Core using RPM Package Manager by way of the CLI command install rpm url could prevent later RPM package installation attempts from succeeding. In this release, RPM installations via CLI command do not block later installation attempts.
-
VSP-66462: Previously, the Apple User Enrollment registration process sometimes generated incorrect managed Apple IDs. This issue has been fixed.
-
VSP-66442: There was an issue when upgrading from Core 10.8.0.0 or older to a Core 11.X release. Backups taken of the upgraded 11.X release failed to restore properly, due to a change in the Unique Identifier (UID) or Globally Unique Identifier (GUID) across the versions. This issue has been fixed.
-
VSP-66402: Previously, the German translation of the new In-house app update notification text was incorrect. With this release, the text has been updated to read as expected.
- Previous (incorrect) text: Update für die Anwendung(en) {0} verfügbar
- Updated (correct) text: Update für {0} Anwendung(en) verfügbar.
-
VSP-66196: Previously, some iOS restrictions, such as Join only WiFi networks installed by a WiFi payload were not displaying correctly in the Policies & Configs > Configurations > Configuration Details page. This has been fixed. In this release, selected iOS restrictions display as expected.
-
VSP-64191: Previously, Core was unable to sync more than 1,000 Lightweight Directory Access Protocol (LDAP) organizational unit (OU) objects from the LDAP server, regardless of how many OUs there actually were. This has been fixed. With this release, Core admins can now sync and view up to the tested limit of 15,000 OUs.
-
VSP-66218: There was an issue with devices running the Samsung Knox operating system (OS) 3.8 and later. The Core attestation check would fail, even when the check was successful. This was due to an update in the Knox Attestation API from version 2 to version 3. This issue has been fixed. Ivanti now supports Knox Attestation API version 3.

- VSP-66503: There was an issue with the Enterprise Connector displaying the Certificate Pinning option from the System Manager Certificate Mgmt page, although this option is not supported on the connector. This issue has been fixed. The Certificate Pinning option displays for Core, but not for Connector, from the System Manager.
-
VSP-66265: There was an issue in which LDAP attributes present in the Core Devices & Users > Users > View logs for User > User Groups table were not displaying properly in the user interface. This issue has been fixed. All LDAP attributes now display as expected.
-
VSP-66264: Previously, when an iOS app specified a minimum OS version as an integer, that OS version did not display as expected in [email protected] or the app. This issue has been fixed.
-
VSP-66263: Previously, removing a subset of app restrictions against an iOS device would fail, due to improper generation of the action entry in the database. This issue has been fixed.
-
VSP-66236: Previously, the iOS section of the Security Policy menu did not include the option for iOS release 12.5.5 in the drop-down menu. This issue is resolved. Release 12.5.5 is now available in the Security Policy > iOS section.
-
VSP-66214: There was an issue with some of the Device Registration page submenu options listed under the wrong subheading. This issue has been fixed. The Device Registration menu options display as expected.
-
VSP-66110: Core no longer generates unnecessary system event alerts for expired local certificate authority (CA) certificates after the certificate has been retired.
-
VSP-66063: Previously, Windows 10 App Store searches would fail when run from new installations of Core 11.4.0.0. This issue has been fixed. New installations of Core 11.4.0.0 can successfully search Windows 10 App Store as expected.
-
VSP-66056: A bug fix incorporated into Core 11.3.0.0 and newer releases drastically slowed one of the Cisco Identity Service Engine (ISE) Application Programming Interface (API) calls. This issue is fixed in this release.
-
VSP-66028: There was an issue with Core not generating an error message when an invalid HTML app configuration file was uploaded. This issue has been fixed.
-
VSP-66016: Previously, when a Trusted Host was added, it would sometimes fail to display properly in the System Manager > Maintenance > HA Configuration > Manage SSH Keys popup window. This issue has been fixed.
-
VSP-65995: Previously, during an upgrade, Core did not report signature verification failures to the user interface, resulting in the download appearing to be successful. The subsequent attempt to stage for installation resulted in repeating the download, and it was not possible to successfully stage the upgrade under these conditions. This issue has been fixed.
-
VSP-65994: There was an issue in which Core pre-upgrade package files--which are necessary to complete an upgrade--were not being downloaded correctly when upgrading through the Command Line Interface (CLI). This issue has been fixed. Both upgrades from the CLI and the user interface now download the necessary files to complete the upgrade.
-
VSP-65991: Previously, in-house apps (.apk files) failed to upload to the Admin portal App Catalog due to a limitation in the Android application package (APK). This issue has been fixed.
-
VSP-65977: There was an issue with Core rejecting Android XML configurations for Zebra devices if they were larger than 32 KB. This issue has been resolved. Core accepts these configuration files up to 512 KB.
-
VSP-65925: With the release of Windows 11, there was a compatibility issue between Core and the Windows 11 Operating System Edition name and Platform name. This issue has been fixed. Core now supports Windows 11 OS as expected.
-
VSP-65877: There was an issue where, after an upgrade to Core, administrators were unable to open the Core Admin portal in a browser. This issue has been fixed. After an upgrade to 11.5.0.0, the Admin portal will open on supported browsers, as expected.
-
VSP-65862: There was an issue whereby Core did not accept Apple Volume Purchase Plan (VPP) account tokens if the organization name contained 16-bit Unicode characters. This issue has been fixed. Core now accepts these tokens.
-
VSP-65837: Previously, if a user in the Pinned Server Certificate Policy menu clicked Save when no certificate was selected, the console would stop responding. This issue has been fixed. The Save button is not enabled if no certificate is selected.
-
VSP-65748: There was an issue when adding a new Device Space from the Admin > Device Spaces page. When adding a list with many different platforms, an incorrect error message would display: "Query size must be between 0 and 2000." This issue has been fixed. Core now behaves as expected when creating Device Spaces.
-
VSP-65689: The option to install Core 11.4.0.0 on the Core M2700 appliance with an ISO image from a bootable USB drive now works as intended.
-
VSP-65653: The System Manager > Settings > Network > Interfaces > Physical Interfaces table now correctly lists the number of network interface ports (NICs) on a Core M2700 appliance as six.
-
VSP-65481: There was an issue with retired Android devices receiving a new Azure device identifier, even when the new device registration used the previous Azure device identifier. This issue has been fixed.
-
VSP-65164: There was an issue with [email protected] for Android silent installation requests using the wrong user ID value for [email protected] requests. This issue has been fixed. Android silent app installation requests now work as expected.
-
VSP-64695: There was a minor corner-case issue related to privilege revocation. This issue has been fixed.
-
VSP-62502: There was an issue with an LDAP Sync attribute not syncing correctly. This issue has been fixed. The mS-DS-ConsistencyGuid LDAP attribute now syncs as a binary attribute, as expected.
-
VSP-61195: The "Touchdown" app has been removed from the Exchange configuration as it is no longer available on the Google Play store.

VSP-66305: Previously, Android Enterprise devices registered to Core 11.4.0.0 would have missing or incorrect application inventory for the following administrative portal areas:
- Apps > App Catalog page
- Devices and Users > Devices page > Apps tab
This issue has been fixed. Android Enterprise devices registered to Core 11.4.1.0 now report the correct device application inventory.

-
VSP-66024: A bug fix incorporated into Core 11.3.0.0 and newer releases drastically slowed one of the Cisco Identity Service Engine (ISE) Application Programming Interface (API) calls. This issue is fixed in this release.
-
VSP-65922: A new API class was introduced in Core 11.3.0.0, which inadvertently disabled a number of API calls. This issue has been fixed. The API calls now work as expected.
-
VSP-65830: There was an issue with iOS devices failing to register when using Apple Configurator (or other like tools) to manually push exported MDM profile. The first registration would succeed, but if the device was retired and reregistered, the second registration would fail and the admin console will give errors when trying to look at the device details. This issue has been fixed.
-
VSP-65829: Apple device configurations using the variable $USERID$ were not correctly generating individual user IDs. There was a similar problem with configurations using the variable $EMAIL$ not substituting the actual email addresses correctly. These issues have been fixed.
The following changes and updates have been made for this release:
- Substitution variable support was removed in the Single Sign On Configuration for $MANAGED_APPLE_ID$.
- $NULL$ (blank/null values) and email addresses are not accepted as valid Principal Names in the Single Sign On configuration when pushed down to the device. Apple will reject any configurations with either of these values.
- The information bubble has been changed to: Kerberos user name (required). User Name must be a Principal Name, e.g. $USERID$.
-
VSP-65789: There was an issue when enrolling iOS devices using Apple Automated Device Enrollment when the Await device configuration during Apple device enrollment option was selected. Despite the configured time limit for device enrollment, Core would ping the devices every 50 seconds perpetually until the core was restarted. This issue has been fixed. With this release, Core will ping the devices every 50 seconds until the configured time limit has passed, at which point it will stop.
-
VSP-65730: There was an issue where the system backup database dump integrity check would fail the backup procedure if the string CREATE TABLE was present in any text field (such as the Description field). This string was inadvertently taken by the database dump integrity check as a directive to create a table, and the resulting mismatched table count resulted in the error. This issue has been fixed. After this bug fix, only actual directives are counted by the integrity check.
-
VSP-65550: A change was made to the enable password code for the Core CLI that resulted in password rejection when used for MobileIron Connector or the Core relational database (RDB). This issue has been fixed. After update, an enable password you create in the Core CLI will authenticate correctly with MobileIron Connector and the RDB.
-
VSP-65523: There was an issue where the activation link for the [email protected] Enterprise License from the MobileIron Customer Success portal did not work after migrating from MobileIron to Ivanti Salesforce platforms. This issue has been fixed. The [email protected] Enterprise License link from the MobileIron Customer Success portal now works as expected.
-
VSP-65417: Beginning with Core 11.3.0.0, weaker ciphers were moved from the Selected to the Disabled list in the System Manager > Security > Advanced > Incoming SSL Configuration > TLS Cipher Suites configuration list, but only for new installations. This has been corrected. After installation or upgrade to Core 11.4.0.0, the following cipher suites are disabled by default:
Incoming:
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Outgoing:
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
For more information about cipher suites, see the sections "Advanced: Incoming SSL Configuration" and "Advanced: Outgoing SSL Configuration" in the Security Setting chapter of the Core System Manager Guide.
-
VSP-65411: There was an issue with Core not supporting the iOS AirPrint hostname configuration. iOS AirPrint allows you to control the printing resources that iOS 7 and later devices can access. This issue has been fixed. With this release, you can configure iOS AirPrint hostname configuration from the Admin portal > Policies & Configs > Configurations > New AirPrint Configuration page. For more information about AirPrint settings, see "AirPrint settings" in the Configuring iOS and macOS settings and restrictions chapter of the Ivanti EPMM Device Management Guide for iOS and macOS devices.
-
VSP-65367: There was a tooltip in the System Settings > Password Policy > Auto-Lock Time that repeated itself. The issue has been fixed.
-
VSP-65335: There was an issue where Apple Automated Device Enrollment tokens were erroneously deleted from the Apple Device Enrollment page when the page was refreshed several times after clicking Check for Updates. This issue has been fixed.
-
VSP-65153:There was an issue when the Core Admin portal was assigned to port 8443 and the fully-qualified domain name (FQDN) for the user portal was entered into a browser, the request redirected the user through a URL on port 8443 even though the user portal is running on port 443. This redirect would cause the request to fail if 8443 was firewalled off from the user. This issue has been fixed. The action now stays on port 443 as it should.
-
VSP-64979: There was an issue where the Localhost IP address was erroneously included in the Terms of Service (ToS) registration email. This issue has been fixed. With this release, The ToS registration email works as expected.
-
VSP-64883: There was an issue where the fields in the Core App Catalog > Edit App Configuration window > Managed App Configurations menu were limited to only 512 characters each. This issue has been fixed, and entries of more than 1000 characters are accepted.
-
VSP-64318: The Core self-service user portal uses the mi_settings property defaultUserPortalDeviceOwnership to set the default device ownership during registration. Previously, this property was not configurable. After upgrade, device users can configure or modify the default device owner when they register. This property is listed in the user portal database under the field EMPLOYEE.
To configure this property:
- In the Admin portal, go to Settings > Registration > Ownership Settings, and set the default ownership type for a newly-registered device to Company owned.
- Navigate to the employee portal (https://<core fqdn>/employee).
- Click on the Registration link. The default option selected is Employee.
- Enter the default device owner.
For more information, see the chapter "Self-service User Portal" in the Ivanti EPMM Device Management Guide for your operating system.
-
VSP-63919: On some devices, disabling Chrome from System Apps caused [email protected] to crash. This has been fixed.
-
VSP-63798: There was an issue in the Core App Catalog, in which only the primary "version" value of an app displayed, and the "alt_version" value did not. This could occasionally cause the App Catalog page to list what looked like the same app twice, even though their alt_version values differed. This issue has been fixed. The fix adds an app alt version column to the detail view of the Installed Apps page.
-
VSP-63217: There was an issue with the option "Removable" not being properly displayed for apps in the Managed app and iBooks inventory list in the Device Details section of the Devices & Users > Devices page. This issue has been fixed. Managed apps in the inventory list can now be tagged as "removable," allowing users to delete the app if they choose.
-
VSP-60223: Some devices have an internal limit on the value that can be set for the policy value Maximum Inactivity Timeout. In these cases, the device uses the lowest configured value. For example, the maximum inactivity timeout value for iOS on an iPhone is 5 minutes, and for an iPad is 15 minutes. If, from Admin portal > Policies & Configs > Policies > Security Policy page you set the Core Maximum Inactivity Timeout for 10 minutes, iPhones with this policy will still time out in 5 minutes (because it hit the device's internal limit), while iPads will time out in 10 minutes (because the specified limit is lower than the device's internal limit). We have added a tooltip to the Security Policy page, reminding Administrators of this.