Troubleshoot Configuration Issues in the Skyhigh Mobile Client Android App

1. Free up device storage.
2. Ensure the device is running Android 14 and 15.
3. Reinstall the application.

1. Verify the internet connection (Wi-Fi or mobile data).
2. Switch networks (for example, from Wi-Fi to mobile data).
3. Make sure to disable battery optimization for the Skyhigh Mobile Client app.
4. Reconnect to the VPN.

1. Obtain the package name of the application to bypass (To obtain, see How to Get the Package Name to Bypass an Application).
2. In your tenant portal, go to Policy > Web Policy > Global Bypass  > Process Bypass, and add the package names.

1. Clear the VPN app data from Settings > Apps > Skyhigh Client > Storage > Clear Data.
2. Relaunch the app, upload the OPG file, and log in again.

1. Open Settings > Apps.
2. Select the application to bypass.
3. View the package name displayed under the app name.

1. Verify the String value (opgEncodedString) is correctly assigned to the policy configuration for the Android app in the MDM console.

2. Confirm that the group containing the policy is assigned to the application under Apps > Groups list. Ensure the app is included in the assigned group.

1. Ensure the app has storage permissions to save files to your device.
2. Verify that the Debug Log switch is enabled in the Settings screen of the app.
3. To export the logs (ZIP format) outside the device, use any app that supports file uploads, such as Gmail, Google Drive, or WhatsApp. Ensure at least one of these apps is installed.
4. The exported log file will be in .zip format. Unzip the file to view the log contents.

1. Verify if the VPN is connected. Look for the key icon in the status bar at the top right. If it is missing, reconnect the VPN.
2. Confirm there is an active internet connection.
3. If the issue persists, capture a screenshot of the browser and collect relevant logs and information, and share with Skyhigh Support.

1. Verify that both the Root CA certificate and the Sectigo certificate are installed on the device.

• Download the Root CA certificate: Go to Policy > Web Policy > Feature Configuration > HTTPS Connection > Customer CA, to export and download the certificate.

• Download the Sectigo certificate.

2. Share the Certificate Viewer details from the browser. Click the icon on the left side of the browser’s URL bar, open the Certificate Viewer, and share all the details as a screenshot.

1. If you encounter the specific error message Verifying server authentication failed, it is recommended to reinstall the intermediate certificate
2. Download the Sectigo intermediate certificate.
3. Install the certificate on the affected device and check if the connection issue is resolved.

1. Ensure the MDM always on vpn configuration is added in Intune, and check the device is added to the group having the configuration
2. Check the success status of the configuration in Intune If error, then reconfigure in MDM with the new configuration. 

Re-download the minimal OPG string from the tenant SSE portal
(Infrastructure > Web Gateway Setup > Configure > Android Configuration > Generate and Copy)

For Manual Upload:

1. Save the string in a text file.

2. Change the file extension from .txt to .opg.

3. Re-upload the OPG file.

For MDM:

Re-upload the string in the Encoded Opg ConfigurationString field in the MDM console.

1. Go to Configuration under Apps in MDM and check the properties.
2. Remove the existing value and add it again with the true boolean.
3. Sync the device and verify.
4. If the issue still persists, share the log file.

• If the app connects and loads the home page, open Settings and select Change Profile.

• If the app does not connect or load the home page, clear the app data from the phone’s settings.

• For MDM, update the EncodedOpgString sent to the device.

• For manual setup, clear the app data from the phone’s settings.