Free Edition
What is MDM?
Enterprise Mobility Management
Mobile Device Management
Mobile Application Management
Mobile Security Management
Mobile Email Management
Mobile Content Management
BYOD
Compliance
- CJIS
- HIPAA
- ISO
- PCI
- GDPR
Awards & Reviews
Supported Platforms
- iOS
- Android
- Windows
- macOS
- Chrome OS
- Android Enterprise
- Samsung Knox
Related Products

Android app sync failed

This document provides solutions for the issue encountered when attempting to sync apps in the MDM console with Managed Google Play.

Google Connectivity Issues

Connectivity & Certificate Issues
Domain Accessibility Issues
Time synchronization Errors
Enterprise Deleted Case
Disabled or Deleted Service Account
Unstable or Interrupted Network connections

Problems Encountered while adding apps to the MDM Console

Blank Google Play Window
404 error while accessing the app

Google Connectivity Issues

Connectivity & Certificate Issues

Error Messages:

MDM could not recognize the self-signed certificate, or the issue may be due to the recent changes in proxy settings.
Unable to reach Google Services due to Certificate for doesn't match any of the subject alternative names: [domain name].
Unable to reach Google Services due to Connection Reset.
Unable to reach Google Services due to Remote Host terminated the handshake.

Cause: Misconfigured proxy or network settings, preventing MDM to reach to Google services.

Resolutions:

Disable Firewall/Antivirus: Temporarily disable your firewall or antivirus software and check if connectivity is restored. Remember to re-enable them after testing.
Review Proxy and Network Settings: Check for any recent changes to your proxy or network settings. Revert these changes if necessary and try syncing again. Ensure that your network is configured to allow communication with the required Google services.
Certificate Validation: Confirm that certificate validation is enabled on your firewall or proxy. A common issue arises when a self-signed proxy certificate is not recognized by the MDM system. This can disrupt the connection. For further guidance, visit our Proxy guide.

Test Connectivity to Google APIs: Follow these steps to verify if the network or server-installed machine can reach Google's external APIs:
Use the curl command in the command prompt of the machine where the server is installed.

Open the Command Prompt on the server-installed machine.
Run the following commands one by one:
1. curl -v https://oauth2.googleapis.com
2. curl -v https://androidenterprise.googleapis.com

If the connection is successful: You will see a response indicating a successful connection (e.g., HTTP 200 OK). This confirms that the URLs are accessible and not blocked.

If the connection fails: You will see an error message or timeout, indicating that the URLs are not reachable. This suggests that the network configuration is blocking access to Google's services.

Note: If none of the troubleshooting steps resolve the issue, Contact MDM Support and provide the server logs for further investigation.

Domain Accessibility Issues

Error:Unable to reach oauth2.googleapis.com. Verify network and ensure the domain is allowlisted.

Cause: The domain *.googleapis.com (or specific subdomains like oauth2.googleapis.com) is not allowlisted. Port 443 (HTTPS) is blocked by firewall/proxy.

Resolutions:

Allowlist Google APIs Domains:Ensure the following domains are allowlisted in your firewall/proxy:
- *.googleapis.com
- androidenterprise.googleapis.com
- oauth2.googleapis.com
Open Port 443: Confirm that port 443 (HTTPS) is open for outbound connections.
Test Connectivity to Google api's using the Curl Test Commands.

Time synchronization Errors

Errors: Mismatch in server time. Modify server time and try again.

Cause: The system time on the machine hosting the MDM server is incorrect or not synchronized with a valid time source. This can lead to authentication/token validation failures when communicating with Google services.

Resolutions: Log in to the physical/virtual machine where MDM server is installed. Modify the server time and sync it. Restart the MDM server after time correction.

Errors: "An error occurred due to a mismatch in Time while trying to reach Google."

Resolutions: To resolve the issue, Contact MDM Support

Enterprise Deleted Case

Error: The organization associated with the Managed Google Play account is deleted. Remove the existing Managed Google Play account from MDM and configure it again.

Cause: The Google organization/enterprise linked to your Managed Google Play account was deleted.

Resolution:

Remove the invalid account from MDM by Navigate to MDM console > Google Workspace/Play integration section. Locate the affected Managed Google Play account. Select the "Remove" account option.
Navigate to MDM console, add a new Managed Google Play account. Complete the full setup process with a valid Google organization.

Disabled or Deleted Service Account

Error: Ensure Service Account is enabled for the project in Google Developers Console and try again.

Cause: The Service Account (ESA) used for Managed Google Play integration is either disabled or deleted in the associated Google Cloud project.

Resolution:

Verify Service Account Status: Navigate to App Repo > Managed Google Play > Service Account to identify the service account in use.
Check if the Account is Disabled:
- Log in to Google Cloud Console using admin credentials.
- Select the project for which the ESA JSON file was previously obtained and click on Go to Project Settings.
- Navigate to IAM & Admin > Service Accounts.
- Click on Actions next to the identified service account from step A.
- Check the status of the account; if it is disabled, enable the account and try re-syncing the app.
If the Service Account is Deleted:
- First, remove the previously configured Managed Google Play settings.
- Create a new ESA JSON file by following the instructions in the MDM AFW Prerequisites guide.
- Reconfigure Managed Google Play with Google Workspace using the new ESA JSON file obtained in the previous step.
Note: Remember to re-create the token as it is necessary for the new setup.

Unstable or Interrupted Network connections

Error: Connection to Google Services has been interrupted. Ensure a stable network connection and try again.

Cause: The network connection is unstable, intermittent, or slow, leading to timeouts or failed attempts to connect with Google services.

Resolutions: Ensure you are connected to a stable network and attempt the process again. If the problem continues, please reach out to our support team and provide the server logs for further assistance.

App-Specific Sync Errors

The following error occurs when sync fails for specific apps, which is listed under the “Apps for which Sync failed”

Unpublished or Early Access App

Error: App might be marked as unpublished or early access app. Click here to distribute the app.

Cause:

Early Access App: Developer hasn't fully published the app to production (still in testing/pre-release)
Unpublished App: Developer removed the app from public availability on Google Play

Resolutions:

For Early Access Apps: Click [Click here] in the error message to force distribute through MDM OR Ensure app meets Google Play's publication requirements.
For Unpublished Apps: Click [Click here] to attempt distribution. If unsuccessful, then Find alternative app versions (e.g., enterprise-only builds)

Fully Unpublished App

Error: The app is no longer available for distribution as it has been marked as unpublished. If you are the app developer, please navigate to the Google Play Console and publish the app.

Cause: Developer fully unpublished the app (no MDM distribution allowed).

Resolutions: Remove the app from MDM app catalogs to avoid sync errors. Identify alternative apps for deployment.

Multiple Enterprise App Versions

Error: Multiple enterprise versions of this app are available in the App Repository. Do you want to convert this enterprise app to a Play Store app?

Cause: Multiple enterprise (in-house) versions of the same app exist in the MDM App Repository. When syncing with the Play Store, MDM will only retain the latest version from Google Play, leading to the loss of previous enterprise versions.

Resolution: Once the conversion is complete, only the latest Play Store version will be retained, and MDM will permanently delete older enterprise versions from the repository.

Note: The apps will not be uninstalled from devices.

Problems Encountered while adding apps to the MDM Console

The following error occurs when customers try to add app in Managed Google Play, by navigating to App Repository > Managed Google Play > Add Apps

Blank Google Play Window

Errors: Empty Google Play Window launched while adding an Android app

Cause: This error arises because the redirection from https://play.google.com/work/embedded/search to https://play.google.com/managed/browse is not occurring while loading the Play Store apps.

Resolution: Verify if the URLs mentioned above are blocked in your proxy or network settings. If this does not resolve the issue, Contact support with HAR logs and server logs.

404 Error while accessing apps

Error: Google Play Apps 404 Error

Cause: This error is due to a faulty redirection.

Resolution: Ensure to click on the "App Name" or on the icon instead of clicking on the "Publisher" name (highlighted in the image below) in the pop-up.

By following these steps, you can restore synchronization with Managed Google Play and continue managing your apps without interruptions.