From 26d320e71fe6dc24946ce8a6f480e8d8e82901c7 Mon Sep 17 00:00:00 2001 From: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com> Date: Tue, 26 Mar 2024 16:33:52 -0400 Subject: [PATCH] Allow EnrollmentState to be in status '3' for MDM clients (#17868) #17692 Recently there was a change that filtered out hosts in `EnrollmentState` 3. This change may cause some hosts that are in otherwise good health to appear unresponsive to MDM in the management UI. This change will allow hosts with `EnrollmentStatus` 3 show as enrolled. The root cause of some hosts being in state 3 is still not entirely clear, but may have to do with either trying to re-enroll once already enrolled, or windows updates causing some sort of issue with fleet. Despite the "failed" `EnrollmentState` 3, the host will still display that the system is managed by Fleet, and will actively sync. --- changes/17692-enrollment-state-3.md | 1 + server/service/osquery_utils/queries.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changes/17692-enrollment-state-3.md diff --git a/changes/17692-enrollment-state-3.md b/changes/17692-enrollment-state-3.md new file mode 100644 index 000000000000..5703a31fd20e --- /dev/null +++ b/changes/17692-enrollment-state-3.md @@ -0,0 +1 @@ +- Fix a bug where valid MDM enrollments would show up as unmanaged (EnrollmentState 3) diff --git a/server/service/osquery_utils/queries.go b/server/service/osquery_utils/queries.go index 3baf7bb09c9a..70559724bd9b 100644 --- a/server/service/osquery_utils/queries.go +++ b/server/service/osquery_utils/queries.go @@ -496,7 +496,7 @@ var extraDetailQueries = map[string]DetailQuery{ -- coalesce to 'unknown' and keep that state in the list -- in order to account for hosts that might not have this -- key, and servers - WHERE COALESCE(e.state, '0') IN ('0', '1', '2') + WHERE COALESCE(e.state, '0') IN ('0', '1', '2', '3') LIMIT 1; `, DirectIngestFunc: directIngestMDMWindows,