Tunnel Proxy compatibility patch for upcoming Apple devices in VMware AirWatch / Workspace ONE

While waiting for the patch to address potential change in the length of UDID which is hard-coded on Apple devices, I was somewhat surprised that a separate patch is also required for the Tunnel Proxy component. Given that sooner or later we will be enrolling the newly announced Apple devices, I would apply the patch now to avoid any agony from my service desk team.

tunnelpatch2.jpg

tunnelpatch1.jpg

While the article is pretty self-explanatory, I put this post together with screenshots to help clarify any confusion anyone may have.

Before continuing, we need to first identify the installed version of Tunnel Proxy. In my case, it’s installed on a Windows server. There are two ways to do so:

  • Remote into your Tunnel Proxy server (Relay and/or Endpoint)
  • Browse to C:\AirWatch\TunnelProxy\lib
  • Look for file proxy-1.xx.jar. This is the version you need to update.

tunnelpatch3.jpg

  • You may also log onto your AirWatch / Workspace ONE UEM console.
  • Navigate to GROUPS & SETTINGS -> All Settings -> System -> Enterprise Integration -> VMware Tunnel -> Configuration.
  • Click TEST CONNECTION.
  • Look for the version at the upper left-hand corner.

tunnelpatch4.jpg

tunnelpatch5.jpg

After identifying the version you need to patch, go ahead and download the latest version of the installer and the patch. You can see the links at the very top of the same patch article.

tunnelpatch6.jpg

To apply the patch, we also have two different options. The recommended and easiest way is to upgrade the existing install with the new installer which has file version 9.7.0.0. tunnelpatch7.jpg

The steps to install are the same that I’ve outlined in one of my upgrade posts which you can access here. Don’t forget to give it a quick reboot after the install completes.

tunnelpatch11.jpg

tunnelpatch12.jpg

If upgrading with the installer is not possible, simply extract the patch from the zip file and look for the version that matches your existing install. Then, copy the file proxy-1.xx.jar file to your Tunnel Proxy server.

tunnelpatch9.jpgtunnelpatch10.jpg

The remaining steps are:

  • Stop the proxy service
  • Backup the existing .jar file from C:\AirWatch\TunnelProxy\lib
  • Replace the existing .jar file with the one extracted from the patch folder
  • Start the proxy service

Regardless of which methods you use to apply the patch, be sure to perform the validation checks from both the Workspace ONE console and your mobile device to confirm all is well. The true test, of course, is to see if you experience any browser authentication issue once you enroll any of the new Apple devices.

As always, stay mobile!

4 comments

  1. Hey Thomas,

    Hi this is Noel we’ve spoken on different outlets LinkedIn …

    We were chatting the other evening of an issue I am experiencing with my end users.

    Mostly seems to be on iOS devices that the Blackberry Work app would crash. I have several cases open with BB but no definitive solutions other than reinstalling the Work App.

    We are running BB UEM 12.8 and we have 220 users mixed company owned devices using UEM Client/DEP. BYOD users are mixed IOS and Android using the Dynamic apps.

    Out of the 220 we have about a good 10 to 15 users that BB Work would crash, you click on it and it looks like it tries to open but then closes. We have to remove and reinstall the Work App and it works again.

    I have been told by BB Support that it’s a known issue since version 2.11 and up of BB Work. They said it may be a memory leak on the devices and that it could possibly happen again to a user.

    I know I probably wrote too much sorry. Do you know of any cases like this? Any information or advice you can provide?

    Thanks so much

    Noel

    Sent from my iPhoneX

    >

    Like

  2. Hi Noel. Among the users affected, are they also a mixed of UEM/DEP and BYOD?

    While it’s not a whole lot compared to 220 users, it’s one too many. In my case, I had a similar experience with UEM cloud because of Exchange data being routed through our internal proxy which it shouldn’t.

    I suggest to preserve one of the affected devices, and issue user with another device except Blackberry Work would be configured without KCD. This will help further isolate where the breakdown is. Do you use other Dynamics apps such as Access or Tasks?

    Like

Leave a Reply to Noel Vega Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.