Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL

Category filter

UEM Command Latency: Why Live Actions Stay Pending and How to Fix Them

Jump To

In high-density mobile deployments, maintaining real-time fleet compliance and executing immediate over-the-air commands are critical for security and operational continuity. However, IT administrators managing a Unified Endpoint Management (UEM) environment often encounter command queues where live actions (e.g., Remote Wipe, Location Scan, App Installation) stall in a “Pending” state.

This strategic document outlines how to diagnose command latency, unblock queued commands, and implement continuous connectivity best practices using Hexnode UEM. All configurations have been validated against Hexnode’s official architecture and management capabilities.

1. Diagnosing Latency and Pending Live Actions

Hexnode utilizes a real-time signaling architecture. When a command is dispatched, it successfully queues on the Hexnode server. A “Pending” status simply means the endpoint has not yet acknowledged the receipt or reported the execution status. The break in the server-to-endpoint handshake typically stems from three root causes:

  • Offline or Powered-Off Devices: The most frequent culprit. The UEM cannot deliver the payload if the device has an empty battery, is manually powered off, or lacks an active Wi-Fi/cellular connection. The command remains safely queued until the device reconnects.
  • Aggressive OS Task Scheduling & App Throttling: Modern operating systems optimize battery life aggressively. iOS, for instance, frequently suspends or kills background applications (including the Hexnode UEM agent) if they haven’t been actively opened. If the background process is terminated, the agent cannot receive push notifications for live actions. Android similarly restricts background network access via its Battery Optimization protocols.
  • Disabled Location Services & Permissions: For location-specific live actions like Scan Device Location, failures occur if the user disables GPS, or if the Hexnode UEM app is denied the “Allow all the time” location permission. Without high-accuracy location access, the action cannot complete.

2. Workflow to Unblock the Command Queue

When managing a large fleet, waiting for an OS to organically lift background throttling isn’t always an option. Utilize this escalation workflow to bypass bottlenecks and force immediate command execution:

Step A: Wake up the Communication Channel (Server-Side)

If the device appears online (based on the Last Check-in Time), but actions remain pending, you must manually trigger a server scan to ping the endpoint and force a UEM handshake.

  1. Log in to the Hexnode UEM portal and navigate to the Manage tab.
  2. Click on Devices and select the affected endpoint to open its Device Summary.
  3. Click on Actions > Scan Device (found under the Scanning & Monitoring umbrella). Mechanism: This foundational ping tells the Hexnode server to reach out to the device. If the device acknowledges, it automatically pulls down any other pending commands in the queue.

Step B: Force a Client-Side Sync (Endpoint-Side)

If the Scan Device ping also remains pending, the OS has likely put the device’s network connection to sleep or terminated the background agent. A manual sync instantly bypasses these OS restrictions.

  1. Open the Hexnode UEM (iOS/Mac) or Hexnode For Work (Android) app directly on the device.
  2. Tap the Sync icon. Mechanism: Launching the app forces it into the foreground, immediately overriding iOS/Android background execution limits and restoring the connection to the Hexnode UEM server.

3. Strategic Best Practices to Prevent Queue Bottlenecks

Reactive troubleshooting should be a last resort. To proactively optimize connectivity and ensure your fleet reports in real time, configure the following preventative policies within the Hexnode UEM console.

A. Exclude Hexnode from Battery Optimization (Android)

To prevent Android from killing the Hexnode app’s network connectivity to save power, you must force the OS to exclude it from battery optimization routines.

Configuration: Navigate to Admin > General Settings. Scroll to Battery Optimization (Android) and check the box.

Impact: This prompts the user to disable battery optimization for the Hexnode app, ensuring the UEM agent stays awake in the background to continuously listen for Firebase Cloud Messaging (FCM) push commands.

B. Optimize Periodic Sync Settings (Android)

Ensure devices maintain a reliable communication channel with the server independent of ad-hoc UEM actions.

Configuration: Navigate to Admin > General Settings and locate Periodic Sync (Android).

Impact: You can define the sync behavior as either a Background service or a Foreground service. Configuring this ensures the device checks in on a predictable schedule, avoiding the “dormant agent” problem.

C. Enforce Location Services for Real-Time “Locate” Actions

A “Scan Device Location” command will fail if the device-level GPS is off. Hexnode offers granular controls to force compliance.

  • Periodic Tracking Setup: Navigate to Policies > General Settings > Location Tracking. Enable it and define a Location Update Interval (ranging between 15 minutes and 24 hours).
  • Android Prompting: Go to Admin > General Settings > Location Tracking and enable Prompt to enable location services. If a user disables GPS, they will be continuously prompted to turn it back on.
  • Hardware-Level Enforcement (Knox/LG GATE/Kyocera): You can completely lock the GPS status to “ON” without allowing the user to change it. Navigate to Policies > Android > Restrictions > Allow Developer Options and enable GPS / Force GPS to fetch location.

D. Implement Token and Certificate Audits (Apple Fleets)

In the Apple ecosystem, UEM communication relies heavily on Apple Push Notification service (APNs) certificates and Volume Purchase Program (VPP) tokens.

The Risk: Expired APNs certificates severe the UEM connection entirely, causing massive delays and permanent “Pending” states across all iOS, iPadOS, and macOS devices. Exhausted VPP tokens will permanently stall App Installation commands.

Best Practice: Hexnode UEM provides dashboard alerts. Set up internal IT workflows to audit and renew APNs and Apple Business Manager (ABM) server tokens at least 30 days prior to expiration to prevent UEM blackouts.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Solution Framework