Home
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
Troubleshooting
This section is intended to help you solve problems that might occur when installing BigFix MCM and BigFix Mobile.
Enrollment fails with 401 authentication error
Learn how to resolve the issue when the enrollment fails with 401 authentication error when there is no issue with LDAP.

Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
- Modern Client Management and BigFix Mobile
  This guide is intended for HCL BigFix Master Operators (MO) and those who administer BigFix deployments. If you are looking for information about using Modern Client Management (MCM) and BigFix Mobile, see the WebUI User's Guide.
- BigFix MCM
  Read this section to learn enrolling and managing Windows and macOS desktop and laptop devices.
- BigFix Mobile
  BigFix Mobile enables you to enroll and manage Android, iOS, and iPadOS devices.
- SCEP Certificate-based authentication
  BigFix MCM supports certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- SAML-authenticated enrolment flow
  When you configure SAML as the authentication method, when a user hits the enrollment URL and click Enroll, the user is first authenticated via the identity provider before proceeding with the enrollment process.
- Application management
  Application management in BigFix MCM enables IT admins to centrally control, distribute, and maintain Windows and macOS applications. It allows IT administrators to streamline the deployment, update, and security of apps on enrolled devices.
- Email configuration management
  With BigFix MCM and BigFix Mobile, you have the ability to install and set up email application that can connect to your email system. This allows users to easily connect, verify their identity, and synchronize their work email accounts on their devices.
- VPN management
  BigFix MCM and BigFix Mobile enable organizations to manage and configure Virtual Private Network (VPN) settings on enrolled Android, Apple, and Windows devices, ensuring secure remote access to corporate networks.
- Wi-Fi configuration management
  BigFix MCM and BigFix Mobile offer WiFi configuration management, where administrators can control and configure the wireless network settings on MCM-enrolled devices. This helps organizations to maintain a secure and reliable wireless network infrastructure while providing flexibility for users to connect to authorized networks.
- Known limitations
  Read this topic to get familiarized with MCM v3.0 known limitations.
- Troubleshooting
  This section is intended to help you solve problems that might occur when installing BigFix MCM and BigFix Mobile.
  - Verify if PPKG generation point is set for bulk enrollment
    To troubleshoot bulk enrollment issues, ensure if the targeted device is designated as the provisioning package generation point.
  - Enrollment fails with 401 authentication error
    Learn how to resolve the issue when the enrollment fails with 401 authentication error when there is no issue with LDAP.
  - Policy is deployed, but is not effective on the device
    This page provides information to troubleshoot the issue if a policy is deployed but is not effective on the device.
  - Apple profile displayed as unverified
    Read this section to troubleshoot if the Apple mobile displays the deployed Apple profile as “Unverified.”
  - Android Kiosk not connected to Internet
    Read this section to troubleshoot Android Kiosk Wi-Fi connection issues.
  - Endpoint not disconnected from AD after unenrollment
    Read this page to remove an ODJ-enrolled endpoint from Active Directory (AD) on unenrollment to prevent it from accessing network resources.
  - Health Check MDM Plugin Status is not displayed properly
    Read this section to troubleshoot when WebUI Health Check MDM Plugin Status section keeps loading for longer time and does not display the required information.
  - Generating Encryption Recovery Key Escrow fails
    Read this page to troubleshoot Encryption Recovery Key Escrow generation failure when the BigFix Server is installed on RHEL 10.0.
  - Setting the Home Page for MicroSoft Edge on Windows
    You can set the home page for Microsoft Edge on Windows 10 and Windows 11 devices by using the restriction policy through the WebUI.
- Frequently Asked Questions
  Read this section for commonly asked questions and their answers to manage the MCM deployments better.

Enrollment fails with 401 authentication error

Learn how to resolve the issue when the enrollment fails with 401 authentication error when there is no issue with LDAP.

Problem

Enrollment fails with 401 authentication error. On ping tests, Docker containers could not ping properly. For example, Openresty is not able to reach MDM server.

Cause

DNS resolution issues. Docker containers on MDM server do not resolve DNS network hostnames.

Solution

Restart Docker using the service Docker restart command.
If the issue persists, if you are not using the DNS, enter the following extra_hosts entry manually in the docker-compose.yml file at /var/opt/BESUEM/ and restart the MDM server containers.
```
extra_hosts:
- "<hostname>:<IP>"
```
where <hostname>:<IP> is the MDM server hostname and IP Address.
Note:
- You must indent the added entries properly to get the expected result.
- If the install or upgrade Fixlet is run after the changes in the .yml file, you must add the entries manually again and restart MDM server containers.
Login to the windowsmdm container using docker exec -it windowsmdm sh and check if the /etc/hosts file has the above hostname and IP address entry.
Ping the hostname from within the container to see if it is resolving properly.

The following docker-compose.yml screenshot shows the sample extra-hosts line added. You must add the extra-hosts entries for windowsmdm, androidmdm, and applemdm docker containers as applicable for your environment. This allows docker containers to resolve hostnames that are not resolvable.