Viewing push enrollment status

Push Enroll Status
page shows the status of push enrollment in your environment.
If you remove devices from
Unmanaged Devices
, you can no longer view the push enrollment status for these devices.
To view push enrollment status
  1. In the cloud console, go to
    Devices > Unmanaged Devices > Push Enroll Status
  2. Select
    at any time to refresh the status display.
    Note that the installation of different features is not tracked and reported separately. After the core protection features are installed, the enrollment status changes to
    and the device appears under
    Managed Devices
    If push enrollment fails, the reason for the failure appears for that device. After you address the reason for the failure, you can select the device and then retry the push enrollment. See:
  3. (Optional) To retry push enrollment, do the following:
    • Find the devices for which you want to retry push enrollment. You can filter the devices based on their enrollment status.
    • Select each device for which you want to retry push enrollment, and then select
      Retry Push Enroll
    • In the window that appears, provide the required administrator credentials to enroll the devices.
    • If you need to add additional credentials to enroll multiple devices, select
      Add another set of credentials
      . Press
      to provide the credentials.
    • Press
      Start Enrollment
      The enrollment happens silently in the background.
Troubleshooting push enrollment failures
If the cloud console is not able to enroll a device, the failure reason tells you what went wrong. After you fix the error, you can retry enrollment.
For possible reasons for push enrollment failures, see:
Credential errors
No credentials
Credentials are required to access the device.
No credentials
Push enrollment skipped because the credentials required to access the device are not available.
The set of credentials that you provided for installation has expired. You must restart push enrollment.
Download errors
Download failed
Unable to download the installation package: the server is unreachable.
Download failed
Unable to download the installation package: wrong server response.
Download failed
Unable to download the installation package to the discovery agent device because an unknown error occurred.
Signature unverified
Failed to verify the installation package signature.
Download unexpected error
Fatal error occurred during the download of the installation package.
Retrying download
An error occurred when downloading package; retrying download.
Push enrollment cannot access or save the requested installation file.
To resolve file access issues
  1. The discovery agent requires access to the following URL:
    (for Europe customers, the URL is as follows:
    Add this URL to the proxy or the firewall exclusion list to enable necessary communications.
  2. Restart push enrollment.
To resolve file save issues
  1. Check your hard disk for errors, and ensure that the disk has enough free space.
  2. Restart push enrollment.
  3. On the
    tab, go to
    Devices > Managed Devices
    , and then find the discovery agent device.
  4. Open the device summary and look at the list of events.
Problems with installation timeout
Installation timed out.
The installation did not successfully complete within 72 hours.
The following table describes possible causes and their solutions.
Causes for installation timeout
You deployed a Symantec Agent installation package without Secure Connection features through VMware Workspace ONE. No user is logged on to the device or the logged-on user doesn’t have local administrator rights.
Log on to the device as a user with local administrator rights.
You deployed the installation package with Secure Connection features.
Integrated Cyber Defense Manager
can't distinguish between Windows 10 and Windows 10 in S Mode based on the information that Workspace ONE provides. Therefore, when
Integrated Cyber Defense Manager
pushes the installation for Symantec Agent with Secure Connection features to Windows 10 in S Mode, the installation fails.
Manually enroll the device using
Symantec Endpoint Security
You deployed the installation package with Secure Connection features, but even after the package installation completes, enrollment requires user interaction. Modern apps do not automatically start the first time after installation.
To complete enrollment, open the Symantec Agent UI and select
Get Started
Problems with access to cloud resources
Unable to access cloud resources.
A device is unable to access Symantec's notification service or the Symantec Cloud API gateway which is required for client installation and functionality.
Add URLs to the Allow List for Symantec Endpoint Security.
For more information, see: