UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce the problem:
1. Install ChromiumOS
2. Enrol via Enterprise Enrollment
3. Update Policy and use chrome://policy to review the updates

What is the expected behavior?
Policies update correctly

What went wrong?
This works perfectly until the device is rebooted then policies fail to update

Did this work before? N/A 

Chrome version: R69 - R73  Channel: beta
OS Version: R69 - R73
Flash Version: N/A

Initial enrolment works perfectly and I can subsequently log in as a user and open chrome://policy and see the policies updating as I make changes in the admin console.

Reviewing the logs:

INFO session_manager[647]: [INFO:policy_store.cc(89)] Persisted policy to disk, path: /var/lib/whitelist/policy.1
ERR chrome[684]: [684:684:1204/110542.723555:INFO:remote_commands_invalidator.cc(123)] RemoteCommandsInvalidator ReloadPolicyData. # even thos is logged as an ERR, it looks really to be an INFO?
INFO session_manager[647]: [INFO:policy_store.cc(89)] Persisted policy to disk, path: /home/root/b223092ca9b12d3e22b27712a486a0a2d9da172d/session_manager/policy/policy

Updating the policy works fine and has a resultant log update
INFO session_manager[647]: [INFO:policy_store.cc(89)] Persisted policy to disk, path: /var/lib/whitelist/policy.1

Typically, this is the only update with /home/root/b223092ca9b12d3e22b27712a486a0a2d9da172d/session_manager/policy/policy updating far less regularly.

chrome://policy output:

Pre reboot, all is well

Client ID:
26971f6d-3427-4e0d-b389-xxxxxxxxxxxx
Asset ID:
bert
Assigned Location:
SIGH
Directory API ID:
48aa6fdf-c944-4a29-bc6e-xxxxxxxxxxxx
Last fetched:
0 secs ago
Fetch interval:
1 day
Status:
Policy cache OK

On reboot, all goes wrong however and the policy refuses to update...

Client ID:
26971f6d-3427-4e0d-b389-xxxxxxxxxxxx
Asset ID:
bert
Assigned Location:
SIGH
Directory API ID:
48aa6fdf-c944-4a29-bc6e-xxxxxxxxxxxx
Last fetched:
Never
Fetch interval:
3 hours
Status:
Policy cache OK

After that the only log entry I get is INFO session_manager[647]: [INFO:policy_store.cc(89)] Persisted policy to disk, path: /home/root/b223092ca9b12d3e22b27712a486a0a2d9da172d/session_manager/policy/policy

No more entries are written to /var/lib/whitelist/policy.1

Im currently working on R66 and R69 and getting the same behaviour.

Any thoughts on what I'm doing wrong here? The fact it works on 1st enrolment is slightly maddening since the code must work but 'something' is getting unset on reboot.

Ive not changed any source on these builds but am building a slightly bespoke kernel and only adding different drivers via Gentoo. Builds are based on amd64-generic

Using chrome://net-internals I can see the payload going out and getting a HTTP 200 response so assume all is well with that!

https://m.google.com/devicemanagement/data/api?request=policy&devicetype=2&apptype=Chrome&agent=Chromium+66.0.3359.181(164c37e3f235134c88e80fac2a182cfba3f07f00-)&platform=Linux%2CCrOS%2Cmyoverlay%7Cx86_64%2Cunknown%7C10452.97.2018&deviceid=999f1069-30cd-4ea7-8894-xxxxxxxxxxx&retry=false

Thanks for your help!
 

Deleted: log.tar.xz 86.7 KB

log.tar.xz 86.7 KB Download