Deleted devices reappear in L&F

[cliffennis 1]

Strange one... a test Android device I had connected in ERA, and deleted last week, keeps reappearing in the Lost & Found container.  I delete it again and within a minute it reappears.  The last contact date is on March 8, which was when I wiped the device.  What could be causing this to reappear?

[MichalJ 434]

Hello.

Before deleting a device, you need to uninstall its "virtual agent" created on mobile device connector. You have to run "stop managing - uninstall era agent task" before deleting the device (you need to wait, until the task is executed).

Then you can delete the device and it will not reappear.

[cliffennis 1]

I created this task but after 6 hours it's still "running".  The device is now gone, for this purpose let's say it was dropped to the bottom of the Atlantic.  Is there a mechanism for forcefully removing devices that cannot check in?

[MichalJ 434]

I will check with devs. But I would now try to remove the device. Please let me know if it works.

[cliffennis 1]

I tried the delete and it came back again.  That was after 14 hours of the "stop managing" task still in a Running state.  When it reappeared all of the data came back with it, and it still shows the task as Running.

[MichalJ 434]

Hello, I have checked, that there was a bug in version 6.2 of ESET Mobile Device Connector.

It was fixed in ESET Mobile Device Connector V 6.3 (agent instance is removed the moment MDMC receives "stop managing task". If you are using version 6.3 of MDMC, and it is not working, we recommend you to open a support ticket with your local ESET office.

 

So first resolution would be to update the MDMcore to version 6.3 and re-trying. Alternatively, you can stop MDMcore service, and manually remove the line in the database, in where the device is located. You will be able to identify the device by the deviceID (which you have used for enrollment - IMEI / Wifi Mac Address).

[HSW 9]

Hi,

 

same problem but occurred in Version 6.3.113.0 not in 6.2.X

It could be a old data (creating device under 6.2) but first delete "try" was under 6.3.

Device is not available so please fix this.

 

Thx HSW

[cliffennis 1]

Just adding to this with an update... I started with mobile connector 6.3 so mine wasn't a record from 6.2 or previous.  I haven't had the chance to stop the MDMCore service but attempting to remove it from the database didn't work.  I took a guess on which database and table, used database era_mdm_db and table "Device".  The device is still there in L&F.

[cliffennis 1]

I had a kernel update that required a reboot so I went ahead and rebooted the ERA server.  I was then able to delete the device and it did not return.

 

@MichaelJ, you had suggested that I stop the MDMcore service.  I see that in the documentation that it should be registered as a service in linux and allow for the 'service MDMcore stop/start' commands but that was not the case on my system which is Debian 8.  I did locate mdmcore at /opt/eset/RemoteAdministrator/MDMCore/eramdmcore but have not found any documentation on how to stop/start/recycle it individually.

[HSW 9]

We have Windows 2012 R2 + SQLExpress DB

I try a reset of the service -> no change

I try a reboot of the system -> no change

 

The device appiers again under lost and found

Edited March 22, 2016 by HSW

[cliffennis 1]

I think the order I ran them in was:

1. Attempt "stop managing" task (pretty sure that did nothing)

2. Manually remove the record from the database:

• Open the era_mdm_db database
• select * from Device (to get the DeviceID you want to delete)
• delete from Device where DeviceID='yourdeviceid'

3. Rebooted server

4. Deleted in the ERA Web UI

 

Hope that helps.

[Mirek S. 18]

In previous (6.4 and older) versions of MDC stop managing task triggered 7 day interval where MDC tried to reach device and erase data which MDC put on it.

- This is (also) for security reasons. When You want to stop manage device we don't know if it was stolen, sold, or lost to toilet

 

In 6.4 (or was it second 6.3 ?) we allowed enrollment of stop managed device (ie device which was in 7 day we want to erase You period).

- Many users don't care for re-enrollment and when something goes boom, they reinstall reenrollment can keep Your previous data (logs, policy and user setup), it's basically meant to re-connect device which for whatever reason stopped communication (due to our bugs, unforseen issues, wipe. etc..).

 

In 6.5 this was enhanced so that when You "stop manage" and then "delete"  device this does not re-appear in webconsole. We still try to reach the device and we still try to give You results of stop management task (ie You may want to know if Your profile with email password etc... was deleted, or if You must change passwords which were present on device before thief took it).

- This however has other issues which are built-in architecture we use. If You stop manage device and immediately delete it, stop manage task may not reach mdc, so device will re-appear. So these two actions still must be separated by single replication cycle (usually few minutes is good enough, but depends on MDM replication settings)

 

Enrollment of device on which "stop managing" task was never executed is prohibited. (users tend to cure this via DELETE from devices table :))

- This is for security reasons. From MDC point of view device is still managed, so whoever is trying to enroll may be attacker, which would gain access to policies meant for other device and prevent previously enrolled device to connect to MDC)

Edited February 25, 2017 by LegacyConnectorSupport