<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43462
During review, Hide whitespace.
Fixed Android agent to retry DNS resolution failures when waking from
Doze mode, and to defer remaining certificates in a batch to the next
enrollment cycle when a DNS failure persists.
The fix does not eliminates DNS errors from the logs, it just handles
them better.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved DNS resilience: automatic retries with backoff for DNS
resolution failures (e.g., after device sleep), upfront validation of
the configured server URL, and clearer failure reporting when retries
are exhausted.
* Certificate enrollment aborts a batch on terminal DNS failures and
defers remaining certificates until connectivity is restored.
* **Tests**
* Added a unit test validating batch abort behavior on DNS resolution
failure.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
fleetd-android-v1.4.0 release
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* App version updated to 1.4.0.
* **Documentation**
* Cleaned up internal change notes related to certificate handling and
UI details; no user-facing behavior changes included in this update.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43064
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Certificate enrollment now verifies system delegation availability
before attempting installation, preventing unnecessary failures.
* **Bug Fixes**
* Enhanced error messages to include specific certificate alias and
delegation status information for better troubleshooting.
* Improved handling of system state exceptions during the enrollment
process.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42624
**Related issue:** Resolves#37546
- Fixed certificate template fetch failing with DNS errors (known
Android issue)
- stop polling certs that failed permanently
- CertificateOrchestrator: When server returns template status "failed",
mark the certificate as locally failed (markCertificateForceFailed) and
stop polling
- CertificateOrchestrator: Non-retryable SCEP failures (e.g.
ScepEnrollmentException) now immediately mark as failed and report to
server, skipping the 3-attempt retry logic
- CertificateOrchestrator: recordEnrollmentAttemptFailure now stores the
uuid, fixing a bug where the FAILED guard was bypassed because stored
uuid was empty
- CertificateOrchestrator: Renamed markCertificateFailure to
recordEnrollmentAttemptFailure and added markCertificateForceFailed for
clarity
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Fixed certificate template retrieval failures that displayed
misleading DNS errors. Optimized HTTP request header handling for GET
requests to prevent these errors during certificate enrollment
operations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
