A new section in my blog series… Lately I didn’t find much useful to blog about. For me a (technical) blog consists of a problem description, things you tried and a solution to make it work. In the end you hope other people facing this issue as well and use your solution in their own environment.
These kinds of situations don’t exist every day, so I saw another VMware vExpert releasing the blog after another blog about things he is facing during projects and just write about it and use these blogs under the name “notes from the field”.
This time I found a bug in VMware Workspace ONE – Hub Services, but there is no fix for it yet.
Workspace ONE UEM – OG Structure
A couple of years I ago I followed the official AirWatch bootcamp course (4 days). One of the things in the course was designing your OG (Organization Groups) structure. Especially in the SaaS version of Workspace ONE UEM it was a NO-GO to configure settings on the “Global” level unless you need to. A common practice is that you create an OG under “Global” and name it as your “Organization” and below that level you make an “Production”, “Acceptance” and “Test” OG and so on and so on.
In this design you have freedom to associate your production Microsoft Active Directory domain at the Production OG within Workspace ONE UEM and your test Microsoft Active Directory domain at the Test OG.
Introduction of Hub Services
In the September 2019 release of Workspace ONE UEM (20.09), VMware introduces the “End user self-service” in the Hub Services section. In this section of the Hub Services, you can configure “Helpful Links” and “Device Self-service”.
Where in Helpful Links you can add several internet/intranet links to for example a FAQ, Self-service IT ticketing system, Manuals etc. etc.
I think the most interesting part of this section will be Device Self-service. Here you can decide if a user is allowed to register a device in Workspace ONE UEM by themselves (useful when your company enrollment policy is set closed) and decide if a user is allowed to install device profiles or not. Some device profiles are set to optional (on-demand) by your organization.
At the user’s perspective you can add (register) devices via the Support tab (if not being renamed, in my case it is Self-service) in Workspace ONE Intelligent Hub (Web or App). Besides adding a new device, it also lists all your devices which are registered in Workspace ONE UEM. By selecting one of your devices, you have the option to sync to Workspace ONE UEM and install device profiles which are associated to them.
There is only one exception in this scenario. When using the web (browser) version of the Intelligent Hub (Workspace ONE Access Portal), you may not see your devices at all! You are facing the same bug as me and VMware said it will be fixed in one of the next releases, but still waiting for it after a couple of months. Be aware that the Intelligent Hub app on iOS, Android, macOS and Windows doesn’t have this issue, so it is only in the web browser version.
Trust me in my environment I have 5 registered devices in Workspace ONE UEM. None of them are being shown here.
Together with VMware Global Support Services I was trying to find the root cause of the issue I am facing. After a couple of explanations, videos, and browser developer logs, they found the misconfiguration in my environment. With all my best intentions to implement the common practice about earlier mentioned OG structure, it is now a kicking in my back and facing a limitation.
In the Hub Services documentation, there is no hard requirement noted, that you must configure it like this:
- Hub Services must be enabled on the “Global” level in your Workspace ONE UEM tenant.
- Workspace ONE UEM and Workspace ONE Access must be integrated at the “Global” level in your Workspace ONE UEM tenant.
- And here is my issue, your Directory Services integration (Microsoft Active Directory domain) must also be set at “Global” level in your Workspace ONE UEM tenant.
If all above three rules does not apply in your environment a big chance that your devices are also not being listed in the web (browser) version of the Workspace ONE Intelligent Hub.
In my environment I configured the Directory Service integration one level below “Global”, because I don’t have a separate production, acceptance, and test environment, and as the common practice says don’t set all your configurations at “Global” level. Yes I know.. there is OTA OG, but this one is empty and just for demo the OG structure.
VMware Global Support Services has created an internal ticket number for the Hub Services product management team. The ticket number is HW-144065. So, if you are facing this issue as well and want to create a service request at VMware Global Support Services, please reference this ticket number! Bye all means, I will start chasing this ticket again.