Resolved issues

These are cumulative release notes. If a release does not appear in this section, then there are no associated resolved issues.

Product nomenclature: This is cumulative documentation and the product names you encounter in this documentation were accurate at the time of publication. Ivanti updates each new section to reflect evolving product nomenclature, but leaves legacy citations intact to ensure proper frame of reference for the reader.

  • 1717953: Previously, the DigiCert ONE certificate generation was failing. This issue is now fixed.

  • 1714061: In EPMM FIPS mode, previously the Elliptic Curve certificate is upload for iOS enrollment would fail. This issue is now fixed.

  • 1724546: Previously, the Outgoing TLS connections from MIFS were not working in Strict SSL mode if the outgoing service was only using Online Certificate Status Protocol (OCSP) for certificate revocation check. This issue is now fixed.

  • 1350523: Previously, the delete label public API would throw an exception if invalid labels IDs were added in the request payload list. That issue is now fixed.
  • 1390384: Previously, when a user logged in without a VPP manage license role the api/v2/vpp/version API produced 401 error. This issue is now fixed and the admin can get VPP version with PERM_SETTINGS_VIEW.
  • 1475934: Once the Alert is processed, the changes are updated to the Database and child alerts also created in the database.
  • 1500112: For Android kiosk policy, adding custom packages now works for both lower and upper case (Google supports upper and lower case bundle IDs).
  • 1504909: The Device and User Certificate Renewal audit event is now logged in the audit logs.
  • 1506313: In FIPS mode, the ActiveMQ starting issue is now fixed.
  • 1513689: The Minimum number of character classes in password option is now working for same number and higher number of selected classes.
  • 1516755: The HA Status of Secondary EPMM on Primary EPMM server now displays IP=exact server IP address. This issue is now fixed.
  • 1521384: Pushing out an older In-House iOS app version does not replace newer versions on the devices. This issue is now fixed.
  • 1537009: Previously, EPMM was unable to delete the pending retired device from the Core for MDM_RETIRED or CLIENT_RETIRED states. This issue is now fixed.
  • 1538315: The Update badge is now working on Apps@Work for MacOS.
  • 1547805: Starting from EPMM 12.5.0.0, the deferral dictionaries keys in Software Update setting for iOS are now made optional. This issue is now fixed.
  • 1547816: EPMM was unable to auto install Android Enterprise Public app in spaces. When an app is available in multiple device spaces and has different app properties across these spaces. Then the properties of the device space is considered. This issue is now fixed.
  • 1547818: Removed the Content Blocker Anti-phishing option from the MTD-Anti Phishing policy.
  • 1547830: Previously, the CA certificate field in "Samsung KNOX IPsec" VPN configuration was not showing the available certificate configs. This issue is now fixed.
  • 1562028: Previously, the Advanced search filter for Installed count was displaying "Internal server error" message. This issue is now fixed.
  • 1564723: The performance issues that were observed due to thread blocking post upgrading from EPMM 12.x.x.x to EPMM 12.4.x.x are now fixed.

  • 1526283: The Save option is now displayed and is able to save configuration for the following policies or configurations:

    • Safari_Extension
    • Software_Update_Settings
    • Software_Update_Enforcement_Specific
    • MacOS Restrictions

  • 1537260: Previously in EPMM 12.4.0.0, the Save option was not displayed for Certificate Enrollment configurations created in custom spaces. This issue is now fixed.

  • 1535994: Previously, Safari domains with Kerberos realms would not save if there was an underscore used for VPN types. This issue is now fixed.

  • 1522023: Auto install Android Enterprise Public app doesn't work if we upload a app which has same app ID for both iOS and Android platforms. This issue is now fixed.

  • 1514704: The macOS VPP Apps that were installed from EPMM 11.12.0.0 instance can now be updated from Apps@Work, if the update for the app is available after upgrading to 12.4.0.0. A new checkbox option Send convert unmanaged to managed app request is now added in macOS VPP app edit section that helps admin to install or update the app as managed app. This issue is now fixed.

  • 1473805: Previously, bulk enrollment profile delete action was not allowed for multiple selection. This issue is fixed.

  • 1466740: The MTD activation configuration is now saved with a license key only.

  • 1434875: Starting from the current release, if you update the administrator roles or permissions, the system will impact any active MIFS portal sessions for that user and the session will not get validated. This ensures that the users do not have access to unauthorized pages.

  • 1487066: This release improves performance for the Apps@Work flow.

  • 1487524: This release improves overall system performance.

  • 1495678: Fixed the Add OR Save VLAN configuration issue.

  • 1254858: Previously, the "Show devices in selected states" in "Automated device Cleanup" showed retired devices with status as None. This issue is now fixed.

  • 1254904: Previously, in EPMM 11.12.0.0 and later versions, adding or removing routes no longer worked.
    This issue is now fixed.

  • 1254954: Previously, the CLI limited top-level domains in email addresses and URLs to six characters. This issue is now fixed.
    The character size is now increased to 63 characters for consistency with RFC-1034.

  • 1255026: Previously, using CLI to perform an upgrade, failed. This issue is now fixed.

  • 1377292: Previously, the time required for data validation during pre-upgrade and HA sync was very high.
    This issue is now fixed and the time is reduced.

  • 1398233: Previously, the "Extensible SSO Kerberos" configuration was not pushed to Mac devices.
    This issue is now fixed.

  • 1396643: Previously, the Device Battery Health was not updating from the device when the device was upgraded from incompatible to compatible iOS version.
    This issue is now fixed.

  • 1432347: Previously, Apps@Work took time to load or did not load when huge number of applications were assigned to the device.
    This issue is now fixed.

  • 1441962: Previously, when accessing Apps@Work applications with Apps@Work port other than 443, Image request was forwarded to Tomcat instead of processing at Apache.
    This issue is now fixed.

  • 1487061: This release improves performance for the Apps@Work flow.

  • 1487523: This release improves overall system performance.

  • 1495677: Fixed the Add OR Save VLAN configuration issue.

  • 1254711: Previously, performing "Check for Updates" in Mobile@Work on iOS devices caused uninstalled AppConnect applications to appear in the EPMM device app inventory list.
    This issue is now fixed.

  • 1254749: Previously, for compliance action with tier 1, message sent earlier on device compliance violation status was not displayed.
    This issue is now fixed.

  • 1254903: Previously, clicking 'Upgrade log' in the MICS portal displayed an error.
    This issue is now fixed.

  • 1254907: Previously, devices were not registered successfully on MDMPP enabled EPMM.
    This issue is now fixed.

  • 1254939: Previously, wallpaper policy failed to apply to the device if client check-in did not happen on time.
    This issue is now fixed.

  • 1396643: Previously, the Device Battery Health was not updated from the device when the device was upgraded from incompatible to compatible iOS version.
    This issue is now fixed.

  • 1397878: Previously, the extensible SSO kerberos and extensible SSO configurations were skipped for macOS devices.
    This issue is now fixed.

  • 1416348: Previously, configuring push mechanism performed int conversion on long values for Quarantine Compliance action resulting in 'Out of range value' exception.
    This issue is now fixed.

  • 1487509: This release improves performance for the Apps@Work flow.

  • 1487522: This release improves overall system performance.

  • 1495673: Fixed the Add OR Save VLAN configuration issue.

  • 1401114: This release includes security fixes.

  • 1419172: Performance improvement fixes.

  • 1390124: Previously, multiple connection errors occurred and service was unavailable.
    This issue is now fixed.

  • 1413776: Previously, when pre-upgrade check was done for Ivanti EPMM 12.1.x.x, the procedure was stuck at data validation.
    This issue is now fixed.

  • 1413865: Performance improvement fixes.

  • Security updates to third-party components: This release also includes the following security fix to third-party components:

    • CVE-2024-6387

  • 1355134: Previously, EPMM Connector 12.1.0.0 failed to work with 12.1.0.0 EPMM.
    This issue is now fixed.

  • 1369664: Previously, the HA heartbeat failed when host header validation was enabled.
    This issue is now fixed.

  • 1371928: Previously, upgrades from Ivanti EPMM 12.0.0.0 to 12.1.0.0 failed when mi_device_details had both iPhone product and product values.
    This issue is now fixed.

  • 1377560: Previously, pre-upgrade schema validation did not display the actual difference on schema validation failure.
    This issue is now fixed.

  • VSP-70613: Previously, Ivanti EPMM did not display the latest iOS version to be updated. This issue is now fixed.

  • VSP-70984: Previously, some configurations such as fonts had an internal version parameter associated with them and were not removed from devices.
    This issue is now fixed.

  • VSP-71013: Previously, device details from Wi-Fi MAC was unable to be retrieved.
    This issue is now fixed.

  • VSP-71039: Previously, EPMM sent retire commands to Enhanced Profile Owner (EPO) mode devices for RSN difference.
    This issue is now fixed.

  • VSP-71112: Previously, deleting retired macOS devices failed.
    This issue is now fixed.

  • VSP-71152: Previously, removing or disabling a critical internal system account, such as misystem, caused major startup problems.
    This is now fixed. Such accounts cannot be disabled now.

  • VSP-71290: Previously, Android devices could not be re-registered if the devices were registered through bulk enrollment earlier.
    This issue is now fixed.

  • VSP-71335: Previously, when adding an Android device, the username was not provided in the registration instructions.
    This issue is now fixed.

  • VSP-71344: Previously, during iOS device registration, EPMM added duplicate requests that caused repush of configurations multiple times.
    This issue is now fixed.

  • VSP-71399: Previously, the text in the iOS restriction configuration did not have the comment that "Allow iCloud Documents & Data" is only available for supervised devices.
    This issue is now fixed.
    The configuration now displays a text to "Allow iCloud Documents & Data (iOS 13 or later with Supervised devices only)".

  • VSP-71417: Previously, the Splunk indexing configuration was not compatible with Splunk' documentation with regards to resource specifications.
    This issue is now fixed.

  • VSP-71621: Previously, when an application was reimported or updated automatically, the global app policy setting was reset. This issue is now fixed.

  • 1429458: This release includes security fixes.

  • 1377292: Previously, the time required for data validation during pre-upgrade and HA sync was very high.
    This issue is now fixed and the time is reduced.

  • 1413769: Previously, when pre-upgrade check was done for Ivanti EPMM 12.1.x.x, the procedure was stuck at data validation.
    This issue is now fixed.

  • 1413869: Performance improvement fixes.

  • 1413877: Previously, multiple connection errors occurred and service was unavailable. This issue is now fixed.

  • Security updates to third-party components: This release also includes the following security fix to third-party components:

    • CVE-2024-6387

  • 1371285: Previously, binary logging was enabled by default after upgrading to 12.0.x.x .
    This issue is now fixed.

  • 1373469: Previously, Connector remained disabled when an administrator enabled EPMM Connector from Connector preference.
    This issue is now fixed.

  • 1374971: Previously, the HA heartbeat failed when host header validation was enabled.
    This issue is now fixed.

  • 1376679: Previously, pre-upgrade schema validation did not display the actual difference on schema validation failure.
    This issue is now fixed.

  • The following CVEs are addressed in this patch release:

    • CVE-2023-46806

    • CVE-2023-46807

Ivanti EPMM 12.0.0.1 - Resolved issues

  • VSP-71554: Previously, MySQL had binary logging enabled that occupied some disk space. This issue is now fixed.

  • VSP-71569: Previously, EPMM 12.0.0.0 upgrade failed and system did not boot when using a labeled swap space.
    This issue is now fixed.

  • VSP-66770: Previously, Ivanti EPMM did not update its filter Labels to reflect changes in LDAP groups.
    This issue is now fixed.

  • VSP-67642: Previously, on MDM Protection Profile mode, the available software updates were not displayed. This issue is now fixed. Administrators can now enter the software version number in the drop-down box provided.

  • VSP-69039: Previously, for Microsoft Graph Service, administrators could not assign an "App protection policy" to excluded groups in the "Assign Policy to User Groups" window. This issue is now fixed.

    • A new column "INTUNE GROUPS" is added to with two options - Included or Excluded.

    • The selected section the already assigned groups as Included or Excluded based on the data at Microsoft Intune end.

  • VSP-69576: Previously, Managed Apps were not getting removed from Android devices even though the device was quarantined. This occurred when a compliance action with the quarantine option was selected and the "Enforce Compliance Actions Locally on Devices" field was de-selected.
    This issue is now fixed.

  • VSP-69842: Previously, the Pulse secure VPN configuration sent out an incorrect identifier (net.pulsesecure.PulseSecure.vpnplugin). This issue is now fixed and the correct identifier 'net.pulsesecure.pulsesecure' is sent out.

  • VSP-70109: Previously, users could change the AppleTV device names despite the restriction settings configured to disallow the change. This issue is now fixed.

  • VSP-70323: Previously, editing the wallpaper policy corrupted the image files and the files could not be rendered. This issue is now fixed.

  • VSP-70435: Previously, high availability health checks were performed by the secondary servers by contacting the primary web servers. Due to these checks, the hosts were not reachable. This issue is now fixed.

  • VSP-70591: Previously, when an admin initiated a wipe request from Ivanti EPMM and if the user performed a check-in from device, even before the device got wiped, an email was sent to user even if admin unchecked "Send notification of wipe to registered user".
    This issue is now fixed.

  • VSP-70634: Previously, the home country name was mapped to 3733 on admin portal for the mcc=222 and mnc=01. This issue is now fixed. It is now mapped to 3791.

  • VSP-70643: Previously, the freshly installed instances of Ivanti EPMM did not write logs to miserviceswatch.log for MIFS service. This issue is now fixed.

  • VSP-70657: Previously, iOS devices displayed all previous wallpapers in sequence. When a new wallpaper was applied, multiple wallpapers were applied to the device that were used in the past. This issue is now fixed.

  • VSP-70672: Previously, the automated device cleanup pop up test provided multiple choices to select the devices. A pop up window provided confirmation for maximum devices instead of actual number of devices in current state. Also, the message reads that Ivanti EPMM would retire the devices. This issue is now fixed.

  • VSP-70690: Previously, the option for 'Auto delete retire pending device schedule' deleted devices without last check-in during the scheduled activity. This issue is now fixed.

  • VSP-70782: Previously, Windows devices reported application author name with more than 255 characters. So, Ivanti EPMM failed to process the application inventory data. This issue is now fixed.

  • VSP-70787: Previously, the Android WiFi configuration priority information was not updated with support information. This issue is now fixed. The text is now updated with "Wi-Fi priority values do not work with Android devices from version 8 and higher."

  • VSP-70808: Previously, when using a proxy, if the signing key was not already present on the system, the attempt to download it failed and the verification of the downloaded upgrade also failed. This is now fixed, and verification now succeeds.

  • VSP-70838: Previously, the rp_filter (reverse path filtering) setting for individual interfaces was not persisting across reboots. This issue is now fixed.

  • VSP-70869: Previously, AppCatalog displayed a random string as the application name and the bundle ID number was incorrect when uploading the PKG files for macOS. This issue is now fixed.

  • VSP-70876: Previously, Cisco ISE v3 API was not working correctly and returned an incorrect response. This issue is now fixed.

  • VSP-70892: Previously, Sentry displayed a RemoteAccessException error while verifying Sentry logs from Ivanti EPMM. This issue is now fixed.

  • VSP-70915: Previously, info logs displayed 'device compromised' inappropriate logs even if the iOS devices were not compromised. This issue is now fixed.

  • VSP-71034: Previously, the error message was not displayed when adding a new connector with ldap timeout duration less than the ldap server connect timeout duration. This issue is now fixed.
    In this release, validations are included over LDAP Server Connect Timeout and Connector Timeout using ldap/Connector preferences.
    If the connector timeout is not set higher than the LDAP server's connect timeout, an error message "LDAP Server Connect Timeout should be less than Connector Service Timeout having value =>" displays.

  • VSP-71174: Previously, in Device and Users > Users tab, when the number of entries per page was set to greater than 50, the scroll bar automatically scrolled up and did not allow the users to scroll down. This issue is now fixed.

  • VSP-71222 : Previously, bulk application updates and install process took long time to process the request. This issue is now fixed.