Jump to content

Deleted devices reappear in L&F


Recommended Posts

Strange one... a test Android device I had connected in ERA, and deleted last week, keeps reappearing in the Lost & Found container.  I delete it again and within a minute it reappears.  The last contact date is on March 8, which was when I wiped the device.  What could be causing this to reappear?

Link to comment
Share on other sites

  • ESET Staff

Hello.

Before deleting a device, you need to uninstall its "virtual agent" created on mobile device connector. You have to run "stop managing - uninstall era agent task" before deleting the device (you need to wait, until the task is executed).

Then you can delete the device and it will not reappear.

Link to comment
Share on other sites

I created this task but after 6 hours it's still "running".  The device is now gone, for this purpose let's say it was dropped to the bottom of the Atlantic.  Is there a mechanism for forcefully removing devices that cannot check in?

Link to comment
Share on other sites

I tried the delete and it came back again.  That was after 14 hours of the "stop managing" task still in a Running state.  When it reappeared all of the data came back with it, and it still shows the task as Running.

Link to comment
Share on other sites

  • ESET Staff

Hello, I have checked, that there was a bug in version 6.2 of ESET Mobile Device Connector.

It was fixed in ESET Mobile Device Connector V 6.3 (agent instance is removed the moment MDMC receives "stop managing task". If you are using version 6.3 of MDMC, and it is not working, we recommend you to open a support ticket with your local ESET office.

 

So first resolution would be to update the MDMcore to version 6.3 and re-trying. Alternatively, you can stop MDMcore service, and manually remove the line in the database, in where the device is located. You will be able to identify the device by the deviceID (which you have used for enrollment - IMEI / Wifi Mac Address).

Link to comment
Share on other sites

Hi,

 

same problem but occurred in Version 6.3.113.0 not in 6.2.X

It could be a old data (creating device under 6.2) but first delete "try" was under 6.3.

Device is not available so please fix this.

 

Thx HSW

Link to comment
Share on other sites

Just adding to this with an update... I started with mobile connector 6.3 so mine wasn't a record from 6.2 or previous.  I haven't had the chance to stop the MDMCore service but attempting to remove it from the database didn't work.  I took a guess on which database and table, used database era_mdm_db and table "Device".  The device is still there in L&F.

Link to comment
Share on other sites

I had a kernel update that required a reboot so I went ahead and rebooted the ERA server.  I was then able to delete the device and it did not return.

 

@MichaelJ, you had suggested that I stop the MDMcore service.  I see that in the documentation that it should be registered as a service in linux and allow for the 'service MDMcore stop/start' commands but that was not the case on my system which is Debian 8.  I did locate mdmcore at /opt/eset/RemoteAdministrator/MDMCore/eramdmcore but have not found any documentation on how to stop/start/recycle it individually.

Link to comment
Share on other sites

We have Windows 2012 R2 + SQLExpress DB

I try a reset of the service -> no change

I try a reboot of the system -> no change

 

The device appiers again under lost and found

Edited by HSW
Link to comment
Share on other sites

I think the order I ran them in was:

1. Attempt "stop managing" task (pretty sure that did nothing)

2. Manually remove the record from the database:

  • Open the era_mdm_db database
  • select * from Device (to get the DeviceID you want to delete)
  • delete from Device where DeviceID='yourdeviceid'

3. Rebooted server

4. Deleted in the ERA Web UI

 

Hope that helps.

Link to comment
Share on other sites

  • 11 months later...
  • ESET Staff

In previous (6.4 and older) versions of MDC stop managing task triggered 7 day interval where MDC tried to reach device and erase data which MDC put on it.

- This is (also) for security reasons. When You want to stop manage device we don't know if it was stolen, sold, or lost to toilet :)

 

In 6.4 (or was it second 6.3 ?) we allowed enrollment of stop managed device (ie device which was in 7 day we want to erase You period).

- Many users don't care for re-enrollment and when something goes boom, they reinstall :) reenrollment can keep Your previous data (logs, policy and user setup), it's basically meant to re-connect device which for whatever reason stopped communication (due to our bugs, unforseen issues, wipe. etc..).

 

In 6.5 this was enhanced so that when You "stop manage" and then "delete"  device this does not re-appear in webconsole. We still try to reach the device and we still try to give You results of stop management task (ie You may want to know if Your profile with email password etc... was deleted, or if You must change passwords which were present on device before thief took it).

- This however has other issues which are built-in architecture we use. If You stop manage device and immediately delete it, stop manage task may not reach mdc, so device will re-appear. So these two actions still must be separated by single replication cycle (usually few minutes is good enough, but depends on MDM replication settings)

 

Enrollment of device on which "stop managing" task was never executed is prohibited. (users tend to cure this via DELETE from devices table :))

- This is for security reasons. From MDC point of view device is still managed, so whoever is trying to enroll may be attacker, which would gain access to policies meant for other device and prevent previously enrolled device to connect to MDC)

Edited by LegacyConnectorSupport
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...