We have come across a scenario with delayed application install prompts on iOS devices.
2 XenMobile nodes 10.4 (or above) in active/active configuration
Using SSL offload on the netscaler (terminating MDM ssl traffic) and re-encrypting the traffic to XenMobile on the backend.
Session Persistence is set to SSLSESSION for 443 & 8443 MDM loadbalancers
The application installation prompts take a long time to appear after enrolling a device
When a user accesses store via SecureHub and installs an application the installation prompts takes a long time to appear (At times up to 30 minutes).
We’ve discovered that the issue was caused by the loadbalancer configuration on the netscaler
User accesses SecureHub Store and selects and application and hits install
APNS message is created on node 1 and is submitted to apple APNS
[UID=1,usr=user@domain,dev=111] | DEBUG | http-nio-10443-exec-10 | com.sparus.nps.apple.push.ApplePush | Sending command to target ApplePushTarget[os=iOS, device=111, user=user@domain, type=DEVICE] at xxx.xxx.xxx.xxx; type=DeviceInformation, identifier=com.zenprise.zdm.push.apple.DeviceNetworkInfos, description=Loads network information from the device. Assigned UUID: 5e1bce55-c3e1-4295-8bdb-f2d285c864e4
APNS pings the device to check in to the MDM server
Device connects to node 2
Node 2 is not aware of the APNS message and is unable to service the device
[UID=11,usr=user@domain,dev=111] | WARN | http-nio-10443-exec-7 | com.sparus.nps.apple.push.ApplePush | Received Acknowledgement for command 5e1bce55-c3e1-4295-8bdb-f2d285c864e4 from target ApplePushTarget[os=iOS, device=111, user=user@domain, type=DEVICE] at xxx.xxx.xxx.xxx, but don’t know about that command…
This keeps on happening until device is load balanced to node 1, which is aware of the APNS request and is able to service the device
Resolution was to change the persistence of both MDM load balancers (443 & 8443) to use SourceIP as the persistence method from SSLSESSION