Back to top
Home / Knox Mobile Enrollment / Knox Mobile Enrollment knowledge base articles /

Knox Mobile Enrollment does not start on SM-G950W devices running Android N

Last updated July 26th, 2023

Categories:

Device

Environment

  • Knox Mobile Enrollment (KME)
  • Android N
  • Affected devices: SM-G950W

Overview

When a new out-of-box device or device that has been factory reset is booted up, KME does not launch and the device proceeds to the Android setup wizard. The following dumpstate log shows the error that is returned:

09-27 16:36:59.119 I/SBrowserFlags(4928): isSdpSupportedForWebPayments(): isWarrantyBlown == false

09-27 16:37:17.575  6558  7053 E UMC:AsyncResponseCallback: GET_PROFILE:onFailure - statusCode:401 message:{"nonce":"..."

09-27 16:37:21.064  6558  7053 E UMC:AsyncResponseCallback: GET_PROFILE:onFailure - statusCode:400 message:{"error":"com.samsung.knox.mdm.commons.rest.exception.ServerNestedRuntimeException: { "error" : "invalid nonce/blob"}"}

Cause

In SM-G950W devices running Android N, the attestation framework references the wrong memory address for the Real-time Kernel Protection (RKP) environment. The incorrect reference causes invalid values to be included in the affected blob, returning the above error and preventing KME from starting.

Resolution

This issue has been resolved in Android O and later. Please upgrade your device to the latest available version of Android.

Additional Information

To learn more about RKP, see the Samsung Knox blog post on Real-time Kernel Protection.

On this page

Is this page helpful?