This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iOS devices having issues syncing exchange data.

TO: Sophos Support
RE: Sophos Mobile Control and Exchange 2010 Sync Issues.  
PRIORITY: HIGH

Starting in the last 10 days, user have complained about syncing issues with iOS devices running iOS 12.1.2.  They all complain of some sort of sync issues with exchange when enrolled in SMC, and exchange profile controlled via SMC.  We have 310 devices in SMC.  

USER #1- mail and contacts sync ok, mail is late to notify.  Calendar groups either are triplicated, duplicated or gone all together from just the exchange account.  GMAIL has no issues syncing.  This happens several times an hour.  I verified the password was correct.    I have removed the exchange profile, and added again.  Issue persist.  I removed the device from the Exchange server, and removed SMC all together.  Issue persist.  I removed the device from the Exchange server, and removed SMC all together and restarted the iPhone.  Added the profile back via SMC, the phone started to sync again.  I have verbose logging turned on, I see this repeated error:    D | 2019/01/17 09:53:45:878 | Saved server info in keychain, repeated 62 times over 4 minute period.  

USER #2- mail hasn’t synced since Jan 7th, 10 days.  The calendar & contacts were syncing.  The mail was not.  However, the user could successfully send email.  Removed the exchange profile from SMC.  Added back, issues persist, mail wont sync.  Tried to remove and add the SMC profile various ways, but all failed to get the mail to sync.  I removed the device from the exchange server, deleted the profile, and removed the SMC app.  Installed the SMC app, pushed the profiles, mail still won’t sync.  Removed the device from both exchange server and SMC, then powered off the iPhone and powered back on.  I enrolled the iPhone via SMC, delivered the profiles, syncs without issue.  This user also has the above error repeated several times (Saved server info in keychain,.)  The weird part with this user- I removed the device from exchange OWA.  When I re-enrolled the device via SMC, the mobile device did not enter quarantine for administrator approval, thus never received approval to sync anything, yet its fully syncing the exchange info- BIG PROBLEM.   This user doesn’t have any permission to sync this phone, but it’s working from the SMC side of things.  (Please note that we are required to have an admin approve every device that joins our network. Once any device attempts to connect to exchange, it sends me the quarantine email indicating there’s a device ready for approval, then I log in and grant the approval per device. This step is critical for security, and this must get solved ASAP.    

It appears that for whatever reason, the account is not saving the proper credentials in Keychain.  Even if iCloud keychain sync is turned off, the issue happened.  iPhones running iOS 12 using SMC are the ones having issues.  If I use the old configuration route- outlook.#####.com, users have no issues syncing.  If the go through smc.#####.com, it’s causing problems. Or, it’s allowing devices to sync without admin approval.

I have 9 people having sync issues, all have the error related to pinned hashes in Keychain.  I opened a support ticket Thursday, support sent docs related to SMC as a Service.  We host our own Sophos Mobile Control, so the directions were worthless to me.  Nothing since, and I have forwarded logs and emailed several times.   This is getting critical.  People connected directly through exchange DO NOT HAVE THIS ISSUE.  ITS ONLY WITH SMC.  PLEASE ADVISE.    

 

Line 7: V | 2019/01/21 14:28:24:468 | No 'pinnedHashes' data in keychain
Line 8: V | 2019/01/21 14:28:24:469 | No 'pinnedHashes' data in keychain
Line 11: V | 2019/01/21 14:28:24:477 | No 'pinnedHashes' data in keychain
Line 12: V | 2019/01/21 14:28:24:478 | No 'pinnedHashes' data in keychain
Line 63: D | 2019/01/21 14:28:24:980 | Saved server info in keychain
Line 64: V | 2019/01/21 14:28:24:984 | No 'lastInvalidHash' data in keychain
Line 65: V | 2019/01/21 14:28:24:984 | No 'lastInvalidHash' data in keychain
Line 74: V | 2019/01/21 14:28:25:056 | No 'pinnedHashes' data in keychain
Line 75: V | 2019/01/21 14:28:25:057 | No 'pinnedHashes' data in keychain
C:\Users\hafercb\Desktop\smclog\vh 1 smclog\com.sophos.mobilecontrol.mdmclient 2019-01-17--14-28-18-616.log (12 hits)
Line 6: D | 2019/01/17 09:28:37:429 | Saved server info in keychain
Line 7: V | 2019/01/17 09:28:37:438 | No 'lastInvalidHash' data in keychain
Line 8: V | 2019/01/17 09:28:37:439 | No 'lastInvalidHash' data in keychain
Line 15: D | 2019/01/17 09:28:38:989 | Saved server info in keychain
Line 16: V | 2019/01/17 09:28:38:992 | No 'lastInvalidHash' data in keychain
Line 17: V | 2019/01/17 09:28:38:994 | No 'lastInvalidHash' data in keychain
Line 26: D | 2019/01/17 09:30:00:566 | Saved server info in keychain
Line 27: V | 2019/01/17 09:30:00:575 | No 'lastInvalidHash' data in keychain
Line 28: V | 2019/01/17 09:30:00:576 | No 'lastInvalidHash' data in keychain
Line 38: D | 2019/01/17 09:31:34:014 | Saved server info in keychain
Line 39: V | 2019/01/17 09:31:34:018 | No 'lastInvalidHash' data in keychain
Line 40: V | 2019/01/17 09:31:34:020 | No 'lastInvalidHash' data in keychain



This thread was automatically locked due to age.
Parents
  • After taking a deep dive into this issue, I believe the issue is related to the Sophos Mobile Control iOS app version 8.6.1.5 released Jan 15th.  I started to receive reports of syncing issues starting the 16th.  These users have been enrolled and syncing without issue for months.  Then the sync issues started.  All have the keychain error mentioned above, all had the updated app, all have their exchange profile controlled through SMC>  

  • Beyond this post, I created a ticket 6 days ago, and have heard nothing from Support for 2 days.  I have uploaded the server and device logs as requested, still no action. I had the users update to iOS 12.1.3 yesterday, issue persist.  I continue to add to my list of users with sync issues, with nothing to tell them.   I need HELP!

     

    THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     THIS IS CRITICAL!!!     

  • Hi  

    Sincere apologies for the delays in the response times. I have managed to find your ticket number and will make sure that it is followed up properly. 

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Could you solve the Problem and how?

    Do you use an EAS Proxy?

  • No, we are still working with Support.  This ticket was kicked up to Global Response Team to help dignose.  I will keep you posted once we know more.  

Reply Children