Home
Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
Troubleshooting
This section is intended to help you solve problems that might occur when installing BigFix MCM and BigFix Mobile.
Apple profile displayed as unverified
Read this section to troubleshoot if the Apple mobile displays the deployed Apple profile as “Unverified.”

Administrator Guide
Read this guide to learn about enrolling, administering, and troubleshooting endpoints through BigFix MCM and BigFix Mobile.
- Modern Client Management and BigFix Mobile
  This guide is intended for HCL BigFix Master Operators (MO) and those who administer BigFix deployments. If you are looking for information about using Modern Client Management (MCM) and BigFix Mobile, see the WebUI User's Guide.
- BigFix MCM
  Read this section to learn enrolling and managing Windows and macOS desktop and laptop devices.
- BigFix Mobile
  BigFix Mobile enables you to enroll and manage Android, iOS, and iPadOS devices.
- SCEP Certificate-based authentication
  BigFix MCM supports certificate-based authentication through Simple Certificate Enrollment Protocol (SCEP). SCEP is the fastest and most secure way to provision certificates to all your MCM-managed devices. With SCEP, IT Admins can automate issuing certificates to the endpoints to provide access to corporate Wi-Fi, VPN, and secure e-mail through encryption.
- SAML-authenticated enrolment flow
  When you configure SAML as the authentication method, when a user hits the enrollment URL and click Enroll, the user is first authenticated via the identity provider before proceeding with the enrollment process.
- Application management
  Application management in BigFix MCM enables IT admins to centrally control, distribute, and maintain Windows and macOS applications. It allows IT administrators to streamline the deployment, update, and security of apps on enrolled devices.
- Email configuration management
  With BigFix MCM and BigFix Mobile, you have the ability to install and set up email application that can connect to your email system. This allows users to easily connect, verify their identity, and synchronize their work email accounts on their devices.
- VPN management
  BigFix MCM and BigFix Mobile enable organizations to manage and configure Virtual Private Network (VPN) settings on enrolled Android, Apple, and Windows devices, ensuring secure remote access to corporate networks.
- Wi-Fi configuration management
  BigFix MCM and BigFix Mobile offer WiFi configuration management, where administrators can control and configure the wireless network settings on MCM-enrolled devices. This helps organizations to maintain a secure and reliable wireless network infrastructure while providing flexibility for users to connect to authorized networks.
- Known limitations
  Read this topic to get familiarized with MCM v3.0 known limitations.
- Troubleshooting
  This section is intended to help you solve problems that might occur when installing BigFix MCM and BigFix Mobile.
  - Verify if PPKG generation point is set for bulk enrollment
    To troubleshoot bulk enrollment issues, ensure if the targeted device is designated as the provisioning package generation point.
  - Enrollment fails with 401 authentication error
    Learn how to resolve the issue when the enrollment fails with 401 authentication error when there is no issue with LDAP.
  - Policy is deployed, but is not effective on the device
    This page provides information to troubleshoot the issue if a policy is deployed but is not effective on the device.
  - Apple profile displayed as unverified
    Read this section to troubleshoot if the Apple mobile displays the deployed Apple profile as “Unverified.”
  - Android Kiosk not connected to Internet
    Read this section to troubleshoot Android Kiosk Wi-Fi connection issues.
  - Endpoint not disconnected from AD after unenrollment
    Read this page to remove an ODJ-enrolled endpoint from Active Directory (AD) on unenrollment to prevent it from accessing network resources.
  - Health Check MDM Plugin Status is not displayed properly
    Read this section to troubleshoot when WebUI Health Check MDM Plugin Status section keeps loading for longer time and does not display the required information.
  - Generating Encryption Recovery Key Escrow fails
    Read this page to troubleshoot Encryption Recovery Key Escrow generation failure when the BigFix Server is installed on RHEL 10.0.
  - Setting the Home Page for MicroSoft Edge on Windows
    You can set the home page for Microsoft Edge on Windows 10 and Windows 11 devices by using the restriction policy through the WebUI.
- Frequently Asked Questions
  Read this section for commonly asked questions and their answers to manage the MCM deployments better.

Apple profile displayed as unverified

Read this section to troubleshoot if the Apple mobile displays the deployed Apple profile as “Unverified.”

Problem

When an Apple MDM enrollment or MDM policy profile is installed or deployed, the device shows the profile status as "Unverified".
An Apple profile (Enrollment or Policy Profile) that was verified previously suddenly show as "Unverified" on the device.

Cause

If you use Digicert certificates, you might encounter this issue when you renew TLS certificate.
If a TLS certificate is renewed and the Trusted CA has actually replaced/renewed the intermediate certificates (which is not a usual scenario), then it could cause new enrollment and policy profiles to appear as “Unverified” as the signing certificate is signed by an intermediate certificate that is currently unknown to the endpoint.

Solution

If you have Apple Devices in your MCM deployment, ensure that you run the Update Apple Enrollment Certificate before expiration Fixlet as a policy action. The devices due for their device identity certificate renewal within 45 days are displayed on the main MCM Dashboard in a tile showing Expiring Certificates. With this you can proactively avoid the certificate expiry.
Re-deploy the Policy in question to a device through WebUI, if you need to correct an Unverified profile".
If any devices still have “Unverified” enrollment or MDM profiles after these steps complete, contact HCL support for further assistance.