If your apps fail to install or take too long to install, first check the registry. Navigate to    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseDesktopAppManagement and expand the MSI folder. The MSI folder contains keys (GUIDs) for every application sent down from Workspace ONE UEM. In the this example, Workspace ONE UEM installed Google Chrome on the device successfully.

Make sure that there are no entries in the MSI folder before enrolling. If the GUIDs (Product Version key) matches a folder that already exists, then it will fail to install, thinking the application is already installed. This occurs only during a broken un-enrollment. The ProductVersion or the GUID folder name matches the Build Version GUID in the Workspace ONE UEM console. To find this build version, click Edit on the application and see the build version.

Note the following information:

• CommandLine: The command line arguments being sent down by Workspace ONE UEM. By default, /quiet is always sent, to perform a silent install.
• CurrentDownloadURL: The device services/content delivery network (CDN) URL that the device is using to download the application. To verify that the application successfully uploaded to the console, manually copy and paste the URL into the browser and the application should download.
• DownloadLocation: The file path where applications are downloaded.
• LastError: Error code for failures. If you see a code, you will also see a new entry called ErrorDescription with details.
• Status: Code of the current status.

The following table describes status codes for errors 10 to 120.

Note: The most common error deals with error code 30—download failed. If you get a status of 30, then ensure that:

• If using a CDN, the user is not blocking access to (users with restricted networks should not use CDN)
• Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) URLs are accessible because by default, devices must verify the validity of the SSL certificate.

Finally, check the BITS log in Event Viewer for details as these applications are downloaded using BITS.  

You can find detailed, application-specific logs in C:\Windows\Temp. Another troubleshooting step is to manually install the MSI to verify if it is successful. If successful, attempt to install using the command prompt with the /quiet argument. For example, chrome.msi /quiet.

The following list describes items to check if your application fails during software distribution.

1. Check the Troubleshooting logs for the device within the Workspace ONE UEM Console under Devices > List View > [Select target Device] > More > Troubleshooting.
   • Deployment attempts and results are logged here, so check the logs and locate any events related to deploying/installing the application.
2. On the target device, run regedit (Click Windows button > search regedit) and review the registries under HKEY_LOCAL_MACHINE > SOFTWARE > AirWatchMDM > AppDeploymentAgent.
   • Check the Queue path and the S-1-5-18/S-1-X-X path for any processes. If so, check the LastDeploymentLog and LastStatusCode for more details.
3. In Explorer, navigate to %programdata%/AirWatchMDM/AppDeploymentCache/. Find the folder with the App Manifest ID and open it.
   • Ensure that the app folder (should be named the same as the app uploaded to the Workspace ONE UEM Console) is present and that the contents are extracted.
   • If the app did not download, you can attempt to re-push the application from Console or restart the Task Schedulers.
     1. Open WindowsTask Scheduler and navigate to Task Scheduler Library > VMware > AirWatch.
     2. Select both tasks (Install Validation Task and Software Distribution Queue Task), right-click and select End. Then select both tasks, right-click and select Start.
     3. Back in Regedit, delete all the paths under the AppDeploymentAgent path in HKEY_LOCAL_MACHINE > SOFTWARE > AirWatchMDM.
     4. Send the Install command to the device again from the Workspace ONE UEM Console by navigating to Devices > List View > [Select Target Device] > Apps > Select App > Install.

Note: For more details, see Software Distribution Troubleshooting Tips.

The following list contains important information about MSI, ZIP, and EXE apps.

• MSI applications update the install status immediately after completion; ZIPs and EXEs require an application list sample to process
• MSI apps do not require any additional configurations from the admin; ZIPs and EXEs require uninstall command, install command, and detection criteria to be added
• ZIPs and EXEs uploads use autogenerated information
• ZIPs must contain either an EXE or MSI file
• Folder name(s) for ZIPs must be included in the installation path, if applicable

Important: When using registry criteria, registry hive must be in shortened format, for example, HKLM rather than HKEY_LOCAL_MACHINE.

Scripts are supported for Install, Uninstall, and Detection. The following lists examples for each type:

• Powershell: powershell -executionpolicy bypass -file file.ps1
• VBScript: cmd /C file.vbs
• JScript: cmd /C file.js

The following list describes status messages in the console Troubleshooting logs.

• Install command ready for device: The install command has queued for the device, but the device has not yet checked into Workspace ONE UEM and consumed the command.
• Install command dispatched: The device has checked into Workspace ONE UEM and consumed the command. At this point, the registry should have entries in the AppManifests, ContentManifests, and Queue folders for this application.
• Installed: The application has finished installing on the device and the detection criteria provided successfully confirms the installation status.
• User installed: Detection criterion was fulfilled before Workspace ONE UEM-driven deployment began, indicating that the application was externally installed. As a result, it is reported as installed but unmanaged.
• Failed: Some part of the process (download, requirement evaluation, dependencies, install, detection, and so on) was unsuccessful. Note that if installation was successful but detection failed, the client will rollback the installation of the application using the provided uninstall command.
• MDM removed: Application has successfully uninstalled following the initiation of the application removal through Workspace ONE UEM.

Check the following locations on the device for troubleshooting information. 

Note: For improved readability, you can copy and paste the registry data into a text editor for logs or XML editor for manifests.

• HKEY_LOCAL_MACHINE\SOFTWARE\AirWatchMDM\AppDeploymentAgent
  • AppManifests contains information regarding all of the settings selected in the console. For example, Deployment Options, Install and Uninstall Commands, Supported Architecture, Version, and so on.
  • ContentManifests contains details about where the device can download the software, such as Device Services URL, CDN URL, and P2P Content ID.
  • Queue/S-1-5-X  folders contain the install status and logs for each application, where S-1-5-18 contains apps being pushed to the device and S-1-5-21-X contains apps being pushed to the user context.
    • Includes InstallCount value:
      • 0: The application is not installed and is not actively being deployed.
      • 1: The application is installed, or installation is being attempted. If a dependency application, the dependency is installed and only one package depends on it.
      • 0x8000001: The application (or dependency application) is externally installed, and assume management is not applied.
      • 2+: The dependency is installed and has x applications dependent on it, for example, if InstallCount for a dependency is 3, it is installed and three individual application packages depend on it.

Note: If the application is pushed and only the ContentManifest is populated, it indicates the InstallApp command logged an error in the database.

Two of the most useful troubleshooting features are contained within the Queue folder:

• The DeploymentLog entry contains the log of the current deployment, including any error codes and a description of the last error, if applicable
• The StatusCode entry is a mapping to which part of the process the client is currently performing (for example, download, dependency evaluation, installation, and so on)

The following list details StatusCode entries.

• 0x000: Deployment operation queued
• 0x100: First detection in progress
• 0x101: First detection failed
• 0x102: First detection successful
  
  
• 0x200: Check reference count in progress
• 0x201: Check reference count failed
• 0x202: Check reference count successful
  
  
• 0x300: Requirements evaluation in progress
• 0x301: Requirements evaluation failed
• 0x302: Requirements evaluation successful
  
  
• 0x400: Dependency deployment in progress
• 0x401: Dependency failed
• 0x402: Dependency successful
  
  
• 0x500: Sanitize cache in progress
• 0x501: Sanitize cache failed
• 0x502: Sanitize cache successful
  
  
• 0x600: Pending network connectivity
• 0x601: Download in progress
• 0x602: Pending download retry
• 0x603: Download content failed
• 0x604: Download content successful
  
  
• 0x700: Transform cache in progress (decompressing zip packages)
• 0x701: Transform cache failed
• 0x702: Transform cache successful
  
  
• 0x800: Pending user session
• 0x801: Install in progress
• 0x802: Pending deployment retry 
• 0x803: Deployment failed
• 0x804: Deployment successful
• 0x805: Pending reboot
  
  
• 0x900: Final detection evaluation in progress
• 0x901: Final detection failed
• 0x902: Final detection successful
  
  
• 0xC0000000: Deployment operation suspended
  
• 0xC0000602: Deployment suspended — pending download retry
• 0xC0000802: Deployment suspended — pending install retry
• 0x40000000: Deployment operation failed
• 0x40000603: Deployment failed — download failed
• 0x40000803: Deployment failed — installation failed
• 0x80000000: Deployment operation succeeded
• 0x80000402: Application is externally installed
• 0x80000902: Deployment succeeded — final detection passed

In the Workspace ONE UEM console, you can use the restrictions profile to allow or disable sideloading applications on the device. Developer Unlock is required if you are using Powershell commands to sideload applications.

On the device you can enable Sideloading through Settings > Updates & Security. Set the level above Store Apps, either Sideload apps or Developer mode will work.  

The most efficient troubleshooting step for modern applications is to use the logging in Event Viewer. The registry reports an error only if the install failed. However, if the application never installed, you already know it failed. Therefore, check Event Viewer and if you do not understand the error, search for the error in Google and report this information back to the QE team (JIRA QE ESC) or the application developer.

Registry Location: HKEY_CURRENT_USER\SOFTWARE\Microsoft\EnterpriseModernAppManagement

Event Viewer Location: Microsoft-Windows-AppXDeployment-Server and Microsoft-Windows-AppxPackagingOM