Workspace ONE UEM | 26 March 2019
Check for additions and updates to these release notes.
What's in the Release Notes
The release notes cover the following topics:
- New Features in this Release
- Known Issues
- Resolved Issues
- Switch between all the Workspace ONE services you have configured.
You can now switch between all your Workspace ONE services using the new bento icon in the header menu. Give it a try by selecting the new icon, located to the right of the account name. This feature is enabled by default.
- Smart Group filter criteria is getting smarter.
You now have two new and useful categories available when you create a Smart Group: Management Type and Enrollment Category.
Management Type lets you target devices on a cross-platform basis that are managed by MDM or an application like Boxer or Content.
Enrollment Category lets you drill down further into only the Apple or Android device pool, isolating devices by their specific enrollment path. For example, you can target only Apple devices that were DEP enrolled or only Android Enterprise devices. See the full complement of Management Types and Enrollment Categories by navigating to Groups & Settings > Groups > Assignment Groups and select the Add Smart Group button.
- Get access to the message templates that are specific to your enrollment flow.
When you add missing active directory users to your user groups, you now have access to message templates that are specific to your enrollment. This means your users can receive an enrollment message that takes your configuration into account. For instance, if enrollment is restricted to only registered devices with a token, you can send those users an enrollment email that reflects this configuration and includes the token. Take advantage of this feature by navigating to Accounts > User Groups > List View, select Add then Add User Group, then enable the option Send Email to User when Adding Missing Users and select the Message Template that best suits your needs.
- Now you can have one group of admins creating the tags for your devices and leave assigning the tags for a different group.
Device tag assignment is enhanced. You can have one group of admins tasked with creating all the tags for your devices and leave the bulk-assignment of those tags to another admin group.
Take advantage of this feature by navigating to Accounts > Administrators > Roles and add the new 'Device Bulk Management assign Tags' resource to your admin roles accordingly.
- We are giving you more flexibility while managing your devices as the AirWatch Express now supports three new Device Actions.
AirWatch Express now supports Clear Passcode, Device Wipe, and OS Update (for iOS and macOS).
Navigate to Devices > List View, open the device Details View by selecting the friendly name from the list view, then select the More Actions button.
- Configure service account based mobile flows connectors from the Workspace ONE UEM console.
Administrators can now enter the service account credentials on the console while configuring out-of-the-box (OOTB) connectors.
- Extended the utility of Identity Manager as the authentication source for Workspace ONE Intelligent Hub.
Previously Identity Manager and its Multi-Factor Authentication capability only enabled UEM Active Directory users to authenticate, now UEM basic/local users can be authenticated by Identity Manager in Intelligent Hub.
Additionally, Identity Manager can now be used for Android staging and shared device enrollment in Intelligent Hub. Currently this functionality is available on Android only and will be available on iOS in a future release.
- We offer single sign-on access to the Intelligent Hub app and the resources without asking you to reauthenticate.
You can now enable basic User Sync to add local users to VMware Identity Manager Local UEM directory. When basic accounts are synced, you can use the Workspace ONE Intelligent Hub for single sign-on access to the resources.
- We have introduced Quick filter search for your payloads.
We now have a search bar that easily helps you narrow down the desired payload on the profiles modal. Search for the payloads by typing a text search string in the Search Payload search filter.
- We have enhanced our security that restricts the enrollment flow from creating a new enrollment user in the Single User Advanced Staging flow.
We no longer allow our users to create other enrollment users in the Single User Advanced Staging flow. Users are only allowed to enroll a device on behalf of another existing user.
- Customize firmware updates performed on your mobile enterprise devices.
Android updates page in the Workspace ONE UEM console has additional options to customize updates for Samsung Enterprise Firmware Over the Air (EFOTA).
To configure the following Android Samsung EFOTA Android Updates, navigate to Devices > Lifecycle > Updates and select the Android tab:
- Install method
- Deployment start and end time
- Server Time Zone
- We have reached End of Support for the Play Store Integration Service.
VMware reached End of General Support for the Play Store Integration Service on December 15th, 2018 as announced in December 2017 for the customers using the Android (Legacy) deployment method. Existing Android (Legacy) customers who use the Play Store Integration Service to search and add public Android apps to the Workspace ONE UEM console are encouraged to set up Android Enterprise to use the official Play Store search experience.
Want to know more? Look for the End of General Support for the Play Store Integration Service knowledge base article on My Workspace ONE portal.
- We now assist users to easily install the MDM profile during the enrollment of BYO iOS 12.2+ devices
Users will now see instructional screens in Safari during the enrollment of devices running the latest iOS version and above. This version now requires users to manually navigate to the iOS Settings app to install the MDM profile instead of automatically taking the user there.
- Get accurate feedback on the current status of an enterprise wipe or device wipe of activation lock enabled iOS devices.
Administrators now have better clarity while wiping activation lock enabled iOS devices and more efficiency while deleting them.
- Get an accurate count of licenses and their redeemed status for Apple Business Manager applications.
Administrators can now see a consolidated, more accurate count of licenses, and their redeemed status for Apple Business Manager and Apple School Manager applications.
- Manage your Horizon, Citrix or Thin App resources from within Workspace ONE UEM with the all new Virtual Apps Collections.
In addition to Web applications, you can integrate Horizon desktops and applications, Horizon Cloud desktops and applications, Citrix published resources, and ThinApp applications within Workspace ONE UEM with the integration of Virtual Apps Collections.
- We now offer a native peer distribution system to deploy your Win32 applications to enterprise networks.
You can now configure Workspace ONE UEM native peer distribution that uses the Windows BranchCache feature. However, the native peer distribution system will be behind the feature flag during the first few releases. If you like to try out our technical preview feature, contact Workspace ONE UEM representative and ask them to have the “WorkspaceOneP2PBranchCacheFeatureFlag” enabled.
- We have made the Content Delivery Service transfer faster.
An enhancement has been made to the CDS transfer speed. By implementing a new file transfer methodology, our designers have enabled transfers to relay servers be made in parallel, simultaneously, rather than in series as before. There is no system setting for this feature, this setting is enabled by default.
- Determine whether or not a particular file exists on an Android device before you apply an action.
You can set the file condition as an extra criteria to download and/or install a product based on the existence or nonexistence of a file. Make a condition using this criterion by navigating to Devices > Provisioning > Components > Conditions, select Add Condition, select Android as the platform, and select File in the Condition drop-down menu. The new file condition works only on Android devices that have 19.03 version of Intelligent Hub.
- We keep improving the Product Provisioning Performance.
A significant performance improvement has been made to product provisioning. Currently, if a device fails to process a provisioned product, it requires a manual intervention in the form of a force reprocess. The improvement triggers the automatic retry of a product push when it detects a push failure rate of up to 5%. It makes a maximum of three retries per device, which should minimize the number of manual forces reprocesses you make. Enable this feature when you make a Product by navigating to Devices > Provisioning > Product List View and select Add Product followed by the platform. The Auto Retry check box appears in the Deployment tab.
- Quickly configure per-app Tunnel for the enterprise access.
We have built a new admin experience to simplify deploying and managing Tunnel settings. To get started, navigate to Groups & Settings > Configurations > Tunnel.
- Enroll devices running any version and build of Linux into your Workspace ONE UEM deployment.
You can now enroll your Linux devices with Workspace ONE UEM. Enroll devices running any version and build of Linux on x86_64 or ARM7 into your Workspace ONE UEM deployment by installing the Workspace ONE Intelligent Hub on the device, and then you can view the device from the Workspace ONE UEM Console.
To download the Workspace ONE Intelligent Hub for Linux, your organization must be whitelisted with Workspace ONE UEM. Please contact your account representative to receive access to the download file.
The resolved issues are grouped as follows.
- 18.104.22.168 Patch Resolved Issues
- 22.214.171.124 Patch Resolved Issues
- 126.96.36.199 Patch Resolved Issues
- 188.8.131.52 Patch Resolved Issues
1903 Resolved Issues
AAPP-2436: Unenrolling a supervised DEP device using the agent pushes the device to Lost Mode.
AAPP-4596: Self-Service Portal fails to display the Personal Recovery for macOS devices.
AAPP-5208: Device Wipe command fails to log the device wipe information if the iOS supervised device is powered-off.
AAPP-5759: Workspace ONE UEM console administrators do not have permission to access the Profiles settings page under All settings>Device& Users>Apple>Profiles.
AAPP-6259: Devices get stuck on "Delete in progress" status when you perform bulk device delete.
AAPP-6370: The EAS profile and the Certificate payload gets pushed to the devices even if the iOS devices are non-compliant.
AAPP-6377: Unable to remove page 1 for iOS "Home Screen Layout" profile while editing the profile
AAPP-6490: Device certificates are revoked if the user certificate list is received from the macOS devices.
AAPP-6545: Copying iOS VMware Tunnel VPN Profile does not work as expected and results in "Save Failed. An error has occurred. This error has automatically been saved for further analysis. Please contact technical support".
AAPP-6550: The scheduled startup in the Energy Saving Profile does not work as expected and the Profile installs with eventtype "unknown".
AAPP-6557: DEP enrolled devices incorrectly updates the device ownership as Corporate Shared even if the default enrollment is set to Corporate-dedicated.
AAPP-6567: Activation Lock Bypass Code command does not work as expected while performing a device wipe on iOS supervised devices.
AAPP-6576: Device Inventory reports show incorrect physical memory for macOS devices even if the Device Details page display correct memory.
AAPP-6581: Automated Enrollment mobileconfig file fails to export if the OG's name contains a comma.
AAPP-6610: DEP synchronization does not work as expected if the device model in the sync API is returned as "Service Other".
AAPP-6614: iOS VPN Tunnel profile publish does not work as expected. The profile commands fails to queue and does not reflect in the "uninstalled" counts for the profile.
AAPP-6623: macOS Dock Profile fails to handle lookup fields.
AAPP-6624: Purchased app details view results in errors if there's a redemption code.
AAPP-6681: The Install Fonts setting under All Settings > Devices & Users > Apple is not visible after Workspace ONE UEM 1902 upgrade.
AGGL-4939: Android Enterprise Passcode profile incorrectly displays the Minimum Number of Symbols as 1 even if after setting it as "--".
AGGL-5009: Editing internal application versions for the Android devices does not work as expected if the application version has an alphanumeric string.
AGGL-5017: The SecureBrowser-production-release apk displays the old icon file when uploaded to the console as an internal application.
AGGL-5023: Handlers/VIdmConfigDetailsEndpoint request fails and returns Internal server error 500 for both iOS and macOS device.
AGGL-5019: Administrator using an Android device is unable to exit the Single App Mode while using the launcher.
AGGL-5052: Add Application page for the Android Enterprise OG appears blank if you are using a chrome browser.
AGGL-5102: Applications delivered through Workspace ONE UEM console Apps & Books > Internal flow do not show up in the VPN Managed Apps if the profile is pushed to the enrollment user but the apps are pushed to the staging user.
AGGL-5089: Workspace ONE UEM console fails to prompt the admin passcode creation while creating a copy of the Android Enterprise Launcher profile.
AGGL-5093: Application Configuration screen does not display nested configuration correctly after selecting the configure link.
AMST-9939: The Workspace ONE UEM console displays incorrect internal application status during the application un-installation process.
AMST-12580: Install context incorrectly changes on Save.
AMST-13253: Windows updates in the Workspace ONE UEM console show as GUIDs instead of metadata.
AMST-13732: SCEP certificate is not pushed down to the device during Out of the Box Experience enrollment.
AMST-13756: Devices>Lifecycle>Updates page loads an error message that reads "An error has occurred-Something unexpected happened. If the issue persists, please contact your IT administrator."
AMST-13946: Adding version to an internal application results in sproc time out error.
AMST-13998: Health attestation sample for Windows devices does not work as expected.
ARES-6867: Navigation font color settings that are displayed on the App catalog does not honor the UI design.
ARES-7382: iOS Boxer fails to provide an option to supply a password value through the application configuration.
ARES-7426: Standalone catalog enrollment fails for Android devices.
ARES-7545: Modifying an existing iOS per-app VPN profile to add new safari domains incorrectly omits Per-App VPN rules that were previously enabled connection type either CiscoAnyConnect or Custom.
ARES-7578: Syslog eventdata incorrectly returns profileID instead of profilename.
ARES-7764: Installing a new version of the iOS application from the Device Details page results in "Access Denied" error.
ARES-7904: Devices that do not have the Latest Application Version is not displayed under Hub>Devices.
CMCM-188079: Adding repository in SSP fails with "Invalid HTML content" error if any of the fields contain "<" + string.
CMEM-185072: MEM settings in the UEM console does not work as expected.
CMEM-185091: POST request for the Windows 10 mail client is modified by V2 SEG, and NetScalar treats it as invalid request.
CMSVC-8279: iOS application list compliance policy does not work as expected
CMSVC-8432: Adding tags to a device from the Workspace ONE UEM console does not work as expected and results in a API error.
CMSVC-9073: Default settings for the custom user role fail to honor inheritance. The inheritance work as expected only on overriding the settings.
CMSVC-9195: The smart group device map does not get updated after device un-enrollment and the smart group grid shows the un-enrolled device count in the smart group.
CMSVC-9325: Device smart group assignment fails to update the OG name change
CMSVC-9358: Report subscription fails intermittently with processing error.
CMSVC-9335: Compliance Violation User Notification returns 0 for DeviceName or ID.
CMSVC-9464: Smart Group User Group Assignment shows inconsistency in updating the User Group Assignment.
CMSVC-9469: Smart Groups fails to auto assign upon enrollment.
CRSVC-4334: Cisco API fails with Directory Auth and does not work as expected and results in "Cannot insert the value NULL into column 'SourceIP', table 'AirWatch_DB135.dbo.LoginAudit" error.
CRSVC-4681: Certificates that are uploaded with an invalid character set in the password have the password logged as a plain text.
CRSVC-4725: AirWatch Agent Builder Service crashed due to unhandled exception.
CRSVC-4745: The Log view for Internal Applications fails to load.
CRSVC-4816: Custom SDK Profile edit does not work as expected on upgrading the UEM console to 1902.
CRSVC-5099: Configuring settings for SCEP certificate enrollment on iOS devices does not work as expected and the SCEP configuration fails to save.
ENRL-411: Enrollment tokens for AD users does not work as expected if the message template contains the Date Tag.
ENRL-805: "Send Email to User when Adding Missing Users" feature fails to send a email notification to the user.
ENRL-812: Device registration source time does not honor the administrators time zone.
ENRL-815: API-based devices delete fail to honor the device wipe limit that is set on the Workspace ONE UEM console.
ENRL-913: iOS enrollment via the Hub & Auto Discovery fails if the source of authentication is set to Identity Manager.
FCA-188615: Restrict Action Message displays the Pin information even if the Pin Prompt is disabled.
FCA-188721: Device Details Page has globalization error.
FCA-188735: GroupID is set to NULL when an administrator who does not have permission to edit the groupID saves the OG details.
FCA-188865: OG details page fails to load on upgrading Workspace ONE UEM console to 1811.
FCA-188926: Self-Service Portal picks the email value address from the custom attribute while adding a device.
FCA-188969: Devices trigger roaming compliance policy issues even if the roaming partners of the plan are set as "All carriers".
FCA-188987: Telecom REST API do not work as expected and leads to "204 No Content" error.
FCA-189009: Certain action in the Syslog events incorrectly returns ID or Number instead of entityName.
FDB-2445: Clearing the Device Events filter results in a error.
INTEL-10601: Application reports takes more than forty minutes long time to run.
LOC-10486: Shutdown and Reboot in Bulk Management is incorrectly translated.
RUGG-3483: Generate Barcode API has a few validation issues.
RUGG-6040: Force Reprocessing the child device as a child admin for the parent product from the Device Details > Products page does not work as expected.
RUGG-6078: The LIKE operator in the product assignment rule generates inconsistent results.
RUGG-6193: Queue commands for elective products from the App Catalog fails on macOS devices.
RUGG-6267: ContentServiceItem_GetNextRelayServerItems causes high CPU on the database as there are too many CSI items in the relayServer.ContentServiceItem table.
RUGG-6268: Custom Attribute information is not displayed in the Workspace ONE UEM console.
RUGG-6282: Device reprocess does not work as expected and results in "Device Id cannot be null or empty when force flag is set to true" error.
SINST-174983: Weak Access Control Lists on the Windows Content Gateway application files, allow any authenticated user to access all the application files.
SINST-175127: Airwatch Cloud Connector installation fails if the OG name contains a special character.
AAPP-6795: iOS Hub is incorrectly wiped after the SDK setup.
AAPP-6824: After authenticating a staging user, DEP device fails to allow pre-registered end-users to check out the device.
AAPP-6877: iOS Hub does not work as expected after the SDK setup.
AMST-15134: Unable to override Windows sensors.
AMST-15185: Sensor samples sent on schedule period are being sent to intelligence but not reaching intelligence.
CRSVC-5296: SOCKs Proxy settings do not work as expected.
FDB-2551: Smart Group updates fail to process after upgrading to Workspace ONE UEM 1903.
CMSVC-9974: Smart group fail to update.
AAPP-6804: Unable to add/ delete smartgroup for VPP devices.
AAPP-6889: Add a version agnostic script to clean up commands in production.
AMST-15527: Seed Dell Command | Monitor as a system app to sequence the installation of the BIOS profile after the Dell Command | Monitor completes installation.
CMSVC-9974: Smart group updates are failing.
CMSVC-9979: Smart Group updates not processing after upgrading to Workspace ONE UEM 1903.
CRSVC-5115: Interrogator Queue service stops automatically during performance test runs.
CRSVC-5219: App wrapping profile with "Proxy" payload configured fails to push to devices and app fails to launch.
CRSVC-5330: Canonicalize URL casing in Secure Channel CheckInEndpoint Response
INTEL-11207: Some application fields display as blank intermittently during app upgrades.
INTEL-11350: Console Database | On demand apps fail to be removed after unassignment.
INTEL-11428: Console Database | Handle delete event during purge to only send records that belong to deleted devices.
CRSVC-5460: Message queues gets backed up on some of the boxes.
- AAPP-6795: iOS Hub gets wiped after the SDK setup.
iOS 12.2 devices which are container registered, unenrolled, and then enrolled into MDM results in iOS Hub wipe.
- AGGL-4141: The device asset number that is specified on the android device during direct enrollment does not the information specified on the device details page.
Asset number on the device details page does not match the asset number that is entered during the device enrollment.
- AGGL-4433: During enrollment, the username and the domain from the previous enrollment is retained and the domain selection is bypassed.
Username and domain is retained while authenticating via VIDM.
- AGGL-4484: ChromeOS Device Network profiles with certs fails to install.
ChromeOS Device Network profiles with certs fails to install. However, the User profiles with the same configuration installs successfully.
- AGGL-4694: Knox container disappears on restarting with the Dual Mode.
Devices that are enrolled with the Knox Play for Work with Dual Mode removes the Knox Container from the enrolled device after a device restart is performed.
- AGGL-5159: GET api/mdm/devices?searchby=serialnumber&id= API call after the device re-enrollment returns 404 error instead of the device details.
Re-enrolling a device with the GET api/mdm/devices?searchby=serialnumber&id= API call does not work as expected.
- AGGL-5291: SAML enrollment with vIDM setup does not work when the SAML is setup at the child OG.
If you set set up SAML at a child OG underneath the parent customer OG, then the SAML enrollment with vIDM setup does not work when the SAML is setup at the child OG.
As a workaround, move the SAML set up to the parent OG.
- AGGL-5310: Unable to search for the public app in the app group if the Google account is not configured.
Searching an app from the App group, for an OG that does not have a Google account configured via Google Play Integration page, results in the following error message "Google account must be defined under Settings > Devices & Users > Android > Google Play Integration in order to use this feature".
As a workaround, you can add public apps through the URL.
- AGGL-5266: Application disappears from the catalog on deleting the newer version of a managed internal app.
When the catalog is refreshed the application does not appear in the catalog if you delete the newer version of a managed internal app.
As a workaround, you can choose to re-publish the application.
- AGGL: 5295: CICO Flow does not work with Android SSO.
CICO flow does not work with Android SSO when the VPN profile is assigned to both staging and end user and the user certificate is not re-issued.
- AGGL-5311: AL table fails to update for the public apps when the privacy setting is set to "do not collect".
Only the internal app entries gets updated and none of the entries reflect public apps.
- AMST-14947: Windows Defender Exploit Guard Profile does not work as expected.
Block Execution of untrusted or unsigned executables inside removable USB media does not work as expected.
- AMST-15013: Application installation status shows incorrect status message.
When the uninstallation of an SFD application fails, status might show Not Installed / Failed or Installed / User Installed rather than Installed / Remove Application Failed.
- ARES-6552: While uploading multiple application versions, "Other Versions" menu under the "More" option does not work as expected.
Application version sort does not work as expected if an application has multiple versions.
- ARES-6830: Application Count for the Workspace ONE Application on the UEM console does not match with the database.
Application count has a mismatch between the database and the user interface result.
- ARES-6832: Application status endpoint incorrectly handles application version updates.
If an administrator adds a version to an application, the application status endpoint incorrectly returns "unassigned" for the older application version.
- ARES-7946: Application catalog settings page fails to load.
Due to the duplicate category label key entry, validation fails and results in "Something Unexpected happened" error message.
- CMSVC-9729: Windows devices enrollment does not work as expected as the Dell provisioning fails staging authentication in the 1902 UEM console.
Users data gets corrupted on re-save if the privacy is enabled. Once the data is corrupted, the enrollment flows breaks for Windows devices as the enrollments tries to complete the check based on the email address which no longer exists.
- CRSVC-5031: Excessive API calls are made to the AirWatch API.
Excessive API calls made to the AirWatch API increases the page load time.
- CRSVC-5048: The UEM console fails to reset invalid login attempts.
After you unlock an account and log in to the UEM console successfully for the first time and then try to enter an invalid credentials for the second time, fails to show a locked out message. A locked out message is shown on using the password recovery flow to unlock the account.
- CRSVC-5111: Event log filters does not work as expected.
Event log filters does not return appropriate results at the Global OG level.
- HW-96721: Customers on Windows 10 version 1803 (17134) and a patch level (17134.590) may experience a crash while attempting to launch the Workspace ONE App Catalog.
The Workspace ONE App catalog relies on DCOM libraries of the Windows 10 OS. Customers may experience an application crash if the libraries are corrupted. To view the errors, under the source of Distributed COM, navigate to Windows event viewer > System. The error message displays "Unable to start a DCOM server: AirwatchLLC.WorkspaceONE.xxx" (where xxx is the version).
As a workaround, complete the following steps to run DCOMCNFG.EXE which registers the missing DCOM class:
- WIN+R keys to bring up "run" windows and then type dcomcnfg
- Expand Component Services > Computers > My Computer > DCOM Config.
- When you do this, you may get some messages about unregistered items. Select "Yes" to each of these.
- Once complete, the Workspace ONE app should launch successfully.
- ENRL-987: Device checkout for the AD users does not work as expected.
Device checkout fails for AD users if the user is not a part of UG during the UG-OG mapping.
- ENRL-989: Editing the UG/OG mapping fails to move the devices to the OG as per the new mapping.
Devices do not honor the UG-OG mapping.
As a workaround, administrators can manually move the devices to the desired OG.
- ENRL-990: Device restriction policy fails to block the device enrollment.
Enrollment restriction does not work as expected if an administrator creates a custom template for Device Blocked by Enrollment Restriction in the lifecycle notification model.
As a workaround, administrator can choose to use the default template for notification.
- FCA-189523: The PDF view for the Monitor fails to display the graphs correctly and has a few formatting issues.
Exporting Monitor overview to a PDF format displays a few formatting issues that creates difficulty in reading the information.
- FCA-189553: Customers from different OG levels are unable to choose different locale other than the locale that is defined at Global OG.
In the SSP Login page, selecting Language dropdown automatically picks the language that is selected under the Global OG .
As a workaround, on-premises customers can include the locale at the Global level and the SaaS customers can reach out to administrators for adding the locale at the Global level.
- FCA-189562: Unable to create OGs in multilingual languages if you are using Internet Explorer 11.
OG's with multi-byte characters in the OG name results in an error while using Internet Explorer 11. The behavior impacts languages such as Japanese, Korean, and Chinese.
As a workaround, you can use any other alternative browser.
- FCA-189572: Unable to export Monitor Overview in IE11.
Exporting Monitor Overview in Internet Explorer 11 does not work as expected.
- RUGG-6133:Activating or deactivating the relay server results in a Memory Spike of 3000 Mb in the IIS worker Process.
If the environment has large number of devices (~200k ) and if the relay server activation status is changed, memory Spike of 3000 mb could be seen in the IIS. This happens because all the 200k device are being pulled up from the database and Profile command is created for all the devices, thus causing the memory spike. Although, this gets resolved automatically when garbage collection happens.
- RUGG-6430: Policy Engine throws Primary Key Violation exception error.
While running a scale test Auto Retry Feature, the Policy Engine processing does not work as expected due to the violation of the PRIMARY KEY constraint.