Back to top
Home / Knox Platform for Enterprise / Knox Service Plugin / Knox Service Plugin knowledge base articles /

Knox E-FOTA Client fails to establish a connection to the Knox E-FOTA server

Last updated October 11th, 2024

Categories:

Network

Environment

  • Knox Service Plugin
  • Knox E-FOTA
  • EMMs

Overview

If the Knox Service Plugin policy Enable revocation check is set to Enable for all apps, you may encounter an issue where the Knox E-FOTA client can’t communicate with the server.

As a result, the client fails to enroll with the following error:

An error occurred.

Cause

Starting with Android 9, all cleartext http traffic is disabled by default. Since certificate revocation typically uses cleartext HTTP, it results in a failed Knox E-FOTA enrollment when revocation check is enforced.

Workaround

To enroll the Knox E-FOTA client, you must set the Enable revocation check policy in Knox Service Plugin to either Enable for specified apps or Not enabled.

  1. On your EMM console, go to the Knox Service Plugin configuration.

  2. Modify the following policies:

    Policy Value
    Work profile policies (Profile Owner) > Certificate management policies (Premium) > Certificate revocation > Enable revocation check Select Enable for specified apps only or Not enabled.
    Work profile policies (Profile Owner) > Certificate management policies (premium) > Certificate revocation > List of apps to enable for verification Add your select apps

    This policy setting is only applicable if you select Enable for specified apps only in the aforementioned policy

    .

  3. Save the profile and apply the changes to your enrolled devices.

On this page

Is this page helpful?