EUC Newsletter - Week 14

Weekly highlight:

Workspace ONE UEM - Configure Idle Session Timeout for Directory and Basic administrators (97395)

  • Workspace ONE UEM 2302 introduced security measures affecting Basic and Directory Administrator settings as noted on KB 90067, among which was a lowering of the timeout for Idle Sessions to 15 mins across all environments. The lowered timeout value impacted usability of the Console negatively and contributed to poor user experience. To address the feedback received on this subject, we are introducing an enhancement to allow more granular control over the Idle Session Timeout value applied to Directory and Basic administrators of your organization. Details of the enhancement and availability across environments, are noted below.

Release Updates Week 14-24:

VMware Workspace ONE Intelligent Hub for macOS 24.01.1

  • Crashes fixes and performance improvements.
  • Resolved Issues
    • HUBM-8080 - Applications installed by macOS Hub are getting removed from the device.

New Apple Builds Are Now Available

New builds of the following software are now available:

  • iOS and iPadOS 17.5 Beta 1 (21F5048f)
  • macOS 14.5 Sonoma Beta 1 (23F5049f)
  • tvOS 17.5 Beta 1 (21L5543d)
  • watchOS 10.5 Beta 1 (21T5545f)
  • visionOS 1.2 Beta 1 (21O5555e)

Workspace ONE Tunnel for Windows 24.01

  • Performance optimizations for client-server communication, improved network throughput, and reduced memory footprint.

Workspace ONE Tunnel for Android 24.01.1

  • In this release, we’ve made a few updates containing general quality and performance improvements with no new features.
  • Resolved Issues
    • PPAT-16597: Race condition during device check-in may cause Tunnel to block network connectivity and cause issues with device check-out.

Workspace ONE Content for iOS 24.02.1

  • Bug fixes and general improvements

Workspace ONE Content for Android 24.02.1

  • Bug fixes and general improvements

VMware EUC Security Advisories: 

---no new VMSA this week---

EUC UX Research Opportunities: 

  • Our goal is to gather insight into user behaviorsmotivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
  • Interested in giving your opinion and making your voice heard? Check out what’s available!

Opportunity #1

  • Build Custom Alerts in Workspace One!

    • What: Play with a clickable prototype and tell us what you think.

    • How: On your own time in Maze, a user testing tool. It will record your audio and computer screen.
    • Time: It can take up to 10 minutes.

KB Highlights & Announcements Week 14-24:

Horizon admin console is not loading after upgrading to 2312 (97455)

  • In Horizon Connection Server, you see these errors similar to :

    2024-03-12T19:53:17.208-07:00 WARN  (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Certificate CertificateId:[,serial=59648306213191121459708101582141891896]: wrong subject: ''
    2024-03-12T19:53:17.271-07:00 INFO  (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Removed unusable certificate CertificateId:[,serial=59648306213191121459708101582141891896]
    2024-03-12T19:53:17.271-07:00 DEBUG (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Imported 1 signing certificates and 0 encryption certificates from LDAP, total=2
    2024-03-12T19:53:17.271-07:00 DEBUG (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Choosing preferred credential
    2024-03-12T19:53:17.271-07:00 ERROR (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Cannot initialise shared credentials manager: No valid certificates exist
    2024-03-12T19:53:17.287-07:00 DEBUG (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Cannot initialise shared credentials manager com.vmware.vdi.logger.Logger.debug(
    com.vmware.vdi.sharedcredman.SharedCredException: No valid certificates exist
    com.vmware.vdi.sharedcredman.SharedCredException: No valid certificates exist
    at com.vmware.vdi.sharedcredman.SharedCredManager.a(SourceFile:732)
    at com.vmware.vdi.sharedcredman.SharedCredManager.a(SourceFile:732)
    at com.vmware.vdi.sharedcredman.SharedCredManager.e(SourceFile:377)
    at com.vmware.vdi.sharedcredman.SharedCredManager.e(SourceFile:377)
    at com.vmware.vdi.sharedcredman.SharedCredManager.initAndRegister(SourceFile:145)
    at com.vmware.vdi.sharedcredman.SharedCredManager.initAndRegister(SourceFile:145)
    2024-03-12T19:53:17.287-07:00 DEBUG (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Deregistering shared credentials manager

In-product feedback(IPF) feature discontinued in Horizon Releases (97293)

  • As part of the VMware by Broadcom - EUC separation, we have decided to remove the  IPF from Horizon Admin Console as it is an in-house tool made by VMware by Broadcom.
    • Any new releases from 2312.1 onwards will not have the support for the IPF feature in the Horizon.
    • For older releases before 2312, the Feedback option will be present, but the functionality will not work as the Lumos Feedback Service will be turned off.

USB device is unexpectedly treated as though redirected under Storage Device Redirection (SDR) (97012)

  • Customers would like to use USB device on Horizon agent via USB redirection.
    But USB redirection will not work as message comes up on Horizon Client stating that "Already Redirected by Exclusive Sharing".
  • This indicates that the relevant USB device is redirected under Storage Device Redirection ("SDR"), which is available after Horizon 8 2206.
    But in actual, SDR is not configured in Horizon client and the relevant USB is not redirected under SDR.
  • Current implementation of SDR makes use of Drive Letter to judge status of USB device.
    In case that USB media is mounted on "D" Drive at client PC and if Horizon client fails in reading physical volume information, then current implementation considers that this as redirected under SDR.
  • Therefore customers is not able to share the relevant USB media via USB redirection with agent.

Upcoming Changes to Firebase Cloud Messaging for Android (2024) (97418)

  • On June 20th, 2023, Google announced the deprecation of several APIs used by applications to integrate with Firebase Cloud Messaging (FCM), the default push notification service used by Workspace ONE UEM to communicate with Intelligent Hub on Android. Google will begin taking the deprecated APIs offline in June 20th, 2024. Organizations may need to update Workspace ONE UEM are required to continue using FCM for real-time device management.

Some of the security policies are not removed from the endpoint device after unassigning Workspace ONE UEM Windows 10/11 baselines. (97203)

  • In a scenario where an endpoint device has a security policy with a “Not Defined” value, if this policy is configured from a baseline, after un-assigning the baseline, it does not revert to its original “Not Defined” value.
  • This article describes how security policy with a “Not Defined” value is not reverted to its original value after the baseline is unassigned.
  • Before applying the Windows baseline Microsoft tool, SecEdit.exe takes the backup of the security policies. When a baseline is unassigned, SecEdit.exe restores the original backup. SecEdit.exe does not take a backup of the security policies with “Not Defined” values. Hence, on restore, it does not restore policies with “Not Defined" values.

Workspace ONE Content - Documents with RTL tables are not supported (93688)

  • Workspace ONE Content does not allow users to edit the office documents which are having tables with RTL written text in them. This is a specific case when the documents contains tables having text in RTL format.
    These documents can be Word document, Powerpoint document, or any MS Office document. The editing is not supported because RTL rendering in table is not supported and hence these documents may tend to loose information if edited.

High Priority KBs: 

Recently updated or added KBs (Links) 

Digital Workspace Techzone, Blog and YouTube Updates 

3rd Party Blog Updates & Industry News 


Beta, Lab and Tech Preview Updates 

---no new Beta releases this week---

Sign up or LogIn [HERE] to get access to the latest Beta versions.

April Software Releases  





Release Date

WindowsTunnel Win1024.01Release Notes01.04.24
iOSContent24.02.1Release Notes03.04.24
AndroidContent24.02.1Release Notes03.04.24
macOSHub24.01.1Release Notes03.04.24
AndroidTunnel24.01.1Release Notes04.04.24


Patch & Seed Script Updates Week 14-24





  • Workspace ONE UEM 23.10
    • Patch Level:
    • AMST-38952: Windows BIOS profile missing custom BIOS Attributes after saving.

    • LUEM-835 Latest Hub version from server should contain build version.

    • AMST-38933: Reduce unnecessary calls between UEM and OEM Provisioning Service.

    • ARES-28244: When we add two or more Geofencing locations to the profile, only one Geo location displays in UI.

    • AMST-40955: Unable to save iOS SDK profiles.

    • AMST-40972: Profile with multiple Credential payloads is failing while adding new version.

    • MACOS-4368: Environment unable to automatically install Intelligent Hub macOS application.

    • RUGG-12568: Create additional logging for Smart Group removal flows.

    • FS-5031: Cannot use negative integers in WorkFlow condition checks.

    • CMCM-190922 Localization blocks upload of managed content.

    • Last Update: CW14

  • Workspace ONE UEM 24.02
    • Patch Level:
    • ARES-28448: On the App DT page, the alignment of the first device record is not proper, and some of the device details are getting overlapped.

    • CRSVC-47469: Reset offline checkin job hydration status to support retrigger.

    • RUGG-12963: Incorrect installation status for apps under Device details > Application page.

    • AMST-40776: Incorrect target set for profiles when DSM overrides are created.

    • CRSVC-47441: Change modern-stack orchestrator job to one min.

    • CRSVC-47729: Compliance overrides to DSM migration not working.

    • AMST-39074: WNS Details are not showing on the Network or Summary page.

    • CRSVC-47761: Workflow migration to ES does not migrate the workflow choice set boolean correctly.

    • Last Update: CW14



Broadcom Inc. 3401 Hillview Ave. Palo Alto CA 94304 USA

Copyright © 
2024  Broadcom, Inc. All rights reserved. VMware is a registered trademark of VMware, Inc. The content and links in this email contain information intended solely for its named recipients and are not to be shared with third parties unless otherwise specified. Any information that you provide to VMware will be treated in accordance with our Privacy Policy.

To unsubscribe please reply to this email.