Within VMware UEM you are able to filter out settings based on conditions. These condition can be set directly on the config or by creating a condition set and attach the condition set on the config. Some examples of conditions are Endpoint IP Address, Environment Variables, Group Membership, IP Address and a lot more.
At a customer we experienced a very strange problem. Once starting the VMware UEM Management console and changing or creating a condition or condition set. We were not able to browse the AD when selecting the condition Group Membership. The browse button was grayed out and we got the following message: Browsing for groups is only available on domain-joined computers. So the strange part is: The machine is domain joined.
The cause and fix
Even with the machine domain joined and able to browse the domain with the Active Directory User and Computers console the issue lays in the connection towards the Domain Controller(s). Within our environment we have multiple domain controllers over multiple sites/datacenters. After investigation the firewall logs showed that port 389 UDP was blocked. After opening the UDP port 389 in the firewall the problem was solved.
The problem was also posted on the VMware Technology Network and with help of the community and one of the VMware UEM developers we were able to narrow down the problem. So, if facing a strange problem don’t hesitate to post a question/problem on one of the forums.