...
When organizations install WiFi Profiles with Security Type WPA/WPA2 Enterprise, the Profile may fail to install on Android 11+ devices if a Domain value is not specified in the Profile. This issue occurs even if a Root Certificate is specified in the WiFi Profile. The Domain field was introduced in Workspace ONE UEM 2210. When the issue occurs, the Profile install status is "Failed". The issue occurs on Android 11+ devices that have received the latest security updates. Android device logs show the following: E WifiConfigManager: Enterprise network configuration is missing either a Root CA or a domain name
As part of Android mainline updates rolled out starting in 2023, Android 11 and higher will now require a Domain value in any Enterprise WiFi configurations. Administrators should specify a Domain value in any Android WiFi Profiles with Security Type set to WPA/WPA2 Enterprise. If they do not, devices with the latest mainline update will fail to connect to the network. This impacts: Devices on Android 11 through 13 that receive Android mainline updates from April 2023 and laterAll devices on Android 14 and higher The Domain field was introduced in Workspace ONE UEM 2210. For more information on the Domain field, please see the WiFi section in How to Configure Android Profiles. Domain is currently only a supported field in Profiles created under [Resources > Profiles & Baselines > Profiles]. It is not a supported field for Profiles for Products created under [Devices > Products > Components > Profiles]. For Profiles used for Product Provisioning, Custom Settings profiles will have to be used instead. See Workaround section below.For Workspace ONE UEM versions lower than 2210, please see the Workaround section for steps to configure a WiFi Profile using a Custom Settings Profile Payload.
If you are using a version of Workspace ONE UEM lower than 2210, you may use Custom Settings payloads to add the Domain parameter to the WiFi configuration. Before you begin: Identity and Password: When administrators view or edit Profiles, the Workspace ONE UEM Console obfuscates sensitive fields like Identity and Password. When using Custom Settings Profiles, these values will be displayed in plain text in the Workspace ONE UEM Console. If access to these values is restricted to specific administrators in your organization, consider using Administrator Roles to restrict access to viewing Profiles in the Workspace ONE UEM Console.Certificates: If your Profile uses certificates, it is important to create a copy (Step 1) and replacing the WiFi payload with a Custom Settings payload in the *copy* Profile. This is to preserve the Credentials payload and its mapping to the Identity and Root Certificates in the WiFi payload. Configure Custom Settings Profile with Domain field: Create copy of the existing Wi-Fi profile In the Console, navigate to Resources > Profiles & Baselines > ProfilesClick the radio button next to the affected Android WiFi profile Select More Actions > Copy Rename the profile and continue through the prompts until profile is completed. Export an XML version of the Profile copy (generated in Step #1) Click the radio button next to the profile and select XMLCopy the Profile XML data and paste it into a text editor. Separate Wi-Fi payload from profile XML and add Domain field. Search for the beginning of the “com.airwatch.android.androidwork.wifi” characteristic and separate it from the rest of the data. It should look like this.Delete the data that above this as this is the only data that is needed.Remove the “</wap-provisioningdoc>” from the end of the dataAdd the Domain parameter as a new line in the profile XML - <parm name="Domain" value="ENTER YOUR DOMAIN HERE" />. For example: Create Custom Settings Payload Edit the COPIED Wi-Fi ProfileDelete the Wi-Fi Payload by clicking the Trash icon to the right of the Wi-Fi payload.Add a “Custom Settings” payload. Paste the XML created in Step 3.Save and publish profile. Verify New Profile Install the new profile to Android 11+ devices with the latest security updatesVerify proper install and domain configuration.If you are seeing errors: Verify all opening tags are closed properly in your custom settings XML. Verify “PayloadCertificateUUID” and “CAPayloadCertificateUUID” match with the corresponding Characteristic UUID removed during step 3b.