3

OS X Server Profile Manager 3.1 (Mavericks) - Enrolling fails at "Installing certificate"

Fresh install, I use my personal server.example.com for my server in my local network dns. I don't have reverse setup yet but my DNS is configured so anyone on my local network looking at the address resolves to the correct address.

Installed the Trust Profile first, all is ok.

Then tried to Enroll my iPad and it say "Verified" on the first profile install screen, I click install, Generating Key, Certificate and the the third step at Installing Profile it fails.

The log on device management is this

1::Mar 24 08:06:08.654 [1162] <10.0.1.74> {LogElapsedTime (common.php:74)} Time since script start: 8605us [https://server.mydomain.com/devicemanagement/mdm/mdm_enroll]
1::Mar 24 08:06:08.659 [1162] <10.0.1.74> {require_once (mdm_enroll.php:11)} vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv - POST mdm_enroll
1::Mar 24 08:06:08.825 [1162] <10.0.1.74> {GetMDMACLFromUserAgentHeader (mdm_enroll.php:71)} iOS version 7.1
1::Mar 24 08:06:09.575 [1162] <10.0.1.74> {SendFinalOutput (mdm_enroll.php:85)} Sent Final Output (10460 bytes)
1::Mar 24 08:06:09.575 [1162] <10.0.1.74> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - /devicemanagement/mdm/mdm_enroll
0::Mar 24 08:06:09.576 [1162] <10.0.1.74> {SendFinalOutput (mdm_enroll.php:85)} Completed in 933ms | 200 OK [https://server.mydomain.com/devicemanagement/mdm/mdm_enroll]
Jenny D
  • 27,780
  • 21
  • 75
  • 114
unom
  • 281
  • 5
  • 13

1 Answers1

0

This sounds similar to a problem I saw on Server v2.x (OS X 10.8); in that case, rebooting the server (and then maybe generating a new enrollment profile) solved it, so I didn't troubleshoot further.

Gordon Davisson
  • 11,216
  • 4
  • 28
  • 33
  • How do I generate a new enrollment profile? You mean reset and (re)enable device management?(the part where you enter an appleid and it download the certificates? – unom Mar 25 '14 at 19:14
  • It depends on exactly how you're enrolling the client device. I think in general, the enrollment profiles are generated when the client downloads them, so as long as you don't try to re-use an enrollment profile you downloaded before rebooting the server you should be ok. – Gordon Davisson Mar 25 '14 at 19:20
  • Well... the server is in front of me... I just visit the profilemanager page, log on and download the trust profile which installs ok and then the enroll profile, which produces an error. The thing is my OS X laptop enrolls just fine using the same page and the same procedure. Do I need to disable iCloud - Find my iPhone? – unom Mar 25 '14 at 19:30
  • Disabled Find my iPhone, same issue. Tried enrolling my iPhone, iPad 3 and iPad mini. All fail to install. OS X Mavericks enrollement works correctly, essentially no iOS device enrolls... even tried a full restore of my iPad, no avail... there must be something wrong with the server install... but why does OS X enrollment work? – unom Mar 25 '14 at 19:51
  • Can you enroll via the user portal (https://server.mydomain.com/mydevices)? Also, try removing the trust profile first; Server v3 seems to embed that in its enrollment profiles, so a separate trust profile should no longer be needed (and might possibly be causing a conflict). – Gordon Davisson Mar 25 '14 at 20:10
  • Also, are the iOS devices using your internal wireless only, or also using IP via their cell connections? – Gordon Davisson Mar 25 '14 at 20:13
  • They are in the same network lan as the server and they have a functioning gateway (profile manager ports open, all the works) to the internet. PS. Tried removing and adding... same deal. – unom Mar 25 '14 at 20:31
  • Just did a clean install with 10.9.2 and OS X Server 3.1.1 and devices enroll just fine... It seems the problem is so obscure I have no idea what it is or how to fix it. I will have to figure out how to transfer everything and keep the new install. – unom Mar 26 '14 at 06:13