Error when turning Android MDM on in Fleet Instance #34776
Description
Fleet version: 4.76+
Web browser and operating system: Any
💥 Actual behavior
Occasionally seeing errors when trying to turn Android MDM on in a Fleet instance. The behavior is inconsistent, sometimes it works.
After authenticating with credentials we see this modal
Server logs show
level=error ts=2025-10-24T15:45:47.91064Z component=http user=unauthenticated method=GET uri="/api/v1/fleet/android_enterprise/connect/Q4TwZlqXP75uyojL0FAmhpjbz8O-QLJY8Q55U9J8GTA=?enterpriseToken=EAHDcJONBeUpot5aMhZVAWmkjSt2pJVq6nDlxAA8fDCEV86fe_R4cVThg6IGwy6iQDlGaiTQr9FKpmMUGK7q6GMSyRuezbiqZ7_J5TcZ_rpLGBtCeTYnDySU" took=2.797074s err="creating enterprise: unexpected status code: 400"
From @JordanMontgomery :
After adding some additional logging to fleet I was able to see that the error being returned by the server was "Access forbidden to Android Management API." which corresponds with 403 being returned from the enterprises.create() call
🛠️ To fix
TODO
🧑💻 Steps to reproduce
- Add at least one other Fleet instance to your Google Enterprise
- On another Fleet instance Turn of Android MDM -
- click the Connect button
- Google Enterprise login window pops-up
- Login with Google Creds
- Observe the error displayed in the same login modal
🕯️ More info (optional)
prerequisite: FleetDM acting as the proxy