Basics
The Knox Ecosystem
White Paper
- Introduction
  - The Samsung Knox Platform
  - Feature Summary
- Core Platform Security
- Network Security
  - Virtual Private Networks
  - Network Platform Analytics
- Certificate Management
- Device Management
- User Authentication
  - Biometric Authentication
- App and Data Protection
- Appendix
Samsung Knox Portal
Knox Cloud Services
- Sign in with SSO
General Knox Support
Knox Licenses
For IT admins
Knox Admin Portal
- About
- Introduction
  - Select Knox services
- Features
- Knox Remote Support
- Release notes
Knox Suite
- Introduction
- How-to videos
- Get started
- Learn more about Knox Suite
- Enterprise Edition devices
- FAQ
- KBAs
Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
  - Before you begin
  - User agreements for Android device management
- Get started with UEMs
- Knox Service Plugin
- Release notes
- Migrate to Android 11
  - Device management modes
  - Prepare Knox for Android 11
- FAQs
- Troubleshoot
  - Get device logs
- KBAs
Knox Mobile Enrollment
- Introduction
- Get started
- Features
- Release notes
- FAQ
- Troubleshoot
  - Get support
- KBAs
- On-Premise
Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- End users: Get started
  - Getting started with Knox Capture
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
Knox Asset Intelligence
- Introduction
- Get started
- Set up reported device data
- Features
- Troubleshoot
  - Device-side errors
  - Portal-side errors
- Real-time location service
- Release notes
- FAQ
- KBAs
Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
  - Install an app to devices through an EMM
  - EMM compatibility matrix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
  - Knox E-FOTA Advanced
  - Knox E-FOTA on MDM
Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Release notes
- FAQ
- KBAs
- Support
Samsung Care+ for Business
- Introduction
- Get started
- Submit claim
- Features
- Release notes
- FAQ
- KBAs
For Knox Partners
Knox Deployment Program
Knox MSP Program

Knox Mobile Enrollment does not start on SM-G950W devices running Android N

Environment

Knox Mobile Enrollment (KME)
Android N
Affected devices: SM-G950W

Overview

When a new out-of-box device or device that has been factory reset is booted up, KME does not launch and the device proceeds to the Android setup wizard. The following dumpstate log shows the error that is returned:

09-27 16:36:59.119 I/SBrowserFlags( 4928): isSdpSupportedForWebPayments(): isWarrantyBlown == false
…
09-27 16:37:17.575  6558  7053 E UMC:AsyncResponseCallback: GET_PROFILE:onFailure - statusCode:401 message:{"nonce":"..."
…
09-27 16:37:21.064  6558  7053 E UMC:AsyncResponseCallback: GET_PROFILE:onFailure - statusCode:400 message:{"error":"com.samsung.knox.mdm.commons.rest.exception.ServerNestedRuntimeException: { \\"error\\" : \\"invalid nonce/blob\\"}"}

Cause

In SM-G950W devices running Android N, the attestation framework references the wrong memory address for the Real-time Kernel Protection (RKP) environment. The incorrect reference causes invalid values to be included in the affected blob, returning the above error and preventing KME from starting.

Resolution

This issue has been resolved in Android O and later. Please upgrade your device to the latest available version of Android.

Additional Information

To learn more about RKP, see the Samsung Knox blog post on Real-time Kernel Protection.

Back to KBAs