MICROSOFT ENDPOINT MANAGER | CONFIGMGR | INTUNE | AZURE | POWERSHELL | WINDOWS 10 | END USER COMPUTING

Workspace One UEM (AirWatch) – Troubleshooting Error Code: 12025 The app “AppBundleID” is already installed

When deploying a newer version of an Internal/line-of-business app via Workspace ONE UEM (formerly known as AirWatch) on non-supervised iOS devices, you might face this issue where it failed on some devices with “Error Code: 12025 The app “AppBundleID” is already installed”.

This error can be seen on the AirWatch console from Devices > List View > Select the device > in the device details page, click More -> Select Troubleshooting

Device Details View - Troubleshooting

Filter the Event logs with severity Error and above

Device Details View - Severity Error and above

The error suggests it failed on this device because it was already installed. However, all other devices that also had this app already installed, received the newer version without any issues.

When checking the details from Device details view -> apps tab, it was found that on devices where newer version installed without any issue had the app installation status as “managed”

Device Details View - Installed Apps (Managed)

whereas devices where it failed installation status, was “Installed by user”

Device Details View - Installed Apps (Installed by User)

At this stage, it’s evident that app installation is failing because the Workspace One UEM doesn’t have management permission for this app on this.

This generally happens when the app is installed before the device enrolls with AirWatch. Possible reasons: it was installed by the user or distributed by the MDM device was enrolled earlier.

It is more common with popular public applications. Users can easily install them from public app stores. In some cases, public apps are pre-installed by the vendor. However, organizations would want these public apps to be managed as well so that MDM can apply app configuration profiles and policies to these apps.

Resolution

In case of both Public and Internal apps, the solution in such a situation is to uninstall the application and then reinstall it from the Intelligent Hub app catalog. Since the app is now installed via MDM device is currently enrolled, it becomes “managed“ automatically.

Manually reinstalling the app is not feasible when this needs to be done on multiple devices. The better solution is to ensure “Make App MDM Managed if User Installed” is enabled when assigning an app from Add Assignment -> Restriction page. 

For this option to be available, “EMM Managed Access” requires to be enabled first.

Enable - Make App MDM Managed If User Installed

Workspace One UEM takes over the management capabilities of user-installed applications when this option is enabled, depending on the enrollment status.

Management Depends on Enrollment Status

Device
Enrollment Status

Initiate
MDM Managed

Result

Not
enrolled

Select Make
App MDM Managed if User Installed, save, and publish the application.

System
manages the application when the device enrolls.

Enrolled

Select Make
App MDM Managed if User Installed, save, and publish the application.

System
manages the application when you save and publish it.

Following are the links for further reading on this,

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2102/Application_Management/GUID-AWT-APPMDMMNGD.html

https://kb.vmware.com/s/article/50113458  

For supervised devices, there will be no prompt; Workspace One UEM silently takes over the management. 

In the case of non-supervised devices, there will be a prompt for App Management change like below. Users need to allow permission before MDM can assume management of this application. 

App Management Change Prompt

 

I hope this post has been helpful for you. Please feel free to reach out if you have any further questions/comments/feedback.

Thanks for Sharing :)
Tags:

Leave a Reply