Skip navigation

Profile installation failed.

17422 Views 19 Replies Latest reply: Feb 19, 2013 8:49 AM by SteffNL RSS
1 2 Previous Next
Miggl Level 1 Level 1 (75 points)
Currently Being Moderated
Aug 27, 2011 5:33 PM

I am getting this error on Lion when trying to register my device on the Lion server using the MyDevices page. I have already installed the trust certificate as well as the Everyone profile. I then proceed to the Devices tab and click on the Register button, but get this error in the process:

 

Profile installation failed.

The profile "Remote Management (come.apple.config.rocking-mm.private.mdm)" could not be installed due to an unexpected error.

 

Any ideas how to resolve this?

 

Thanks!

~Mike

Mac mini, Mac OS X (10.7.1), 8GB RAM
  • Jager2247 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 12, 2011 1:27 AM (in response to Miggl)

    I have a similar problem. I have a 2011 Mac Mini Server and a 2010 MBP 15". I was just trying to set up both with profile manager and was able to successfully enroll the MBP without too much difficulty. I am using a self-signed certificate, so I downloaded the Trust Profile and then enrolled the MBP. But when I went back over to the server, installed the Trust Profile, and then tried to try to enroll it, I got the following error:

     

    "Profile Installation Failed.  The certificate for this server is invalid. You might be connecting to a server that is pretending to be “server.flyer05.private” which could put your confidential information at risk."

     

    Based on my understanding of certificates, since I am only going to be using this server for my own home use and as a VPN to connect to my home network when traveling, it seems unnecessary to pay for a CA-signed certificate, and I'd like to avoid the added unnecessary expense if I can. Does anyone have any suggestions for how to deal with this issue?

  • Stress Test Level 4 Level 4 (1,265 points)
    Currently Being Moderated
    Sep 12, 2011 6:56 AM (in response to Miggl)

    Miggl wrote:

    Profile installation failed.

    The profile "Remote Management (come.apple.config.rocking-mm.private.mdm)" could not be installed due to an unexpected error.

     

    Same here

     

    Server was a clean install, and no upgrade from Snow Leopard.

     

    Error Logs from Console.app:

     

    12.09.11 15:48:04,361 com.apple.UserEventAgent-System: Sep 12 15:48:04 <servername> ProfileManager[5346] <Info>: CertUpdateHandler.run: replace/etc/certificates/MDM SCEP SIGNER.2AC3B0163956D237FCB1CF208CA5B9EBE28528BF.cert.pem0x00/etc/certificates/M DM SCEP SIGNER.0E1A80185764011A7C5CDE7E4880C26ADFF02C30.cert.pem0x00

    12.09.11 15:48:04,492 com.apple.UserEventAgent-System: /usr/libexec/certupdate/certupdate_devicemgr.sh: line 30: exit: result: numeric argument required

    12.09.11 15:48:20,455 com.apple.UserEventAgent-System: *** Error: certificate path does not exist: /etc/certificates/MDM SCEP SIGNER.0E1A80185764011A7C5CDE7E4880C26ADFF02C30.cert.pem

     

     

    and a second error message:

     

    12.09.11 15:55:28,217 System Preferences: *** ERROR *** [CPInstallerUI:501] Profile installation (Entfernte Verwaltung (com.apple.config.serverbook.test.intern.mdm)) (Checkin 'Authenticate' failed: 0 <InternalError:1>)
  • Jager2247 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 12, 2011 1:41 PM (in response to Miggl)

    No, i'm pretty sure you can register the server with itself so you can manage things remotely if need be. This guy was able to: http://www.wegotserved.com/2011/09/07/os-lion-server-home-server-part-8-profile- manager-macs/2/

  • burton11234 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Dec 2, 2011 11:00 AM (in response to Miggl)

    Miggi

     

    No need for a clean install, the issues you described are cert issues bassed upon your OD setup and certs from apple for the push services.

     

    If you need to destroy profile manager you can run this command and it will blow away everything in profile manager so its like starting over.

     

    sudo /usr/share/devicemgr/backend/wipeDB.sh

     

    Once that command is run, you can demote your OD server.

     

    Change the hostname to the proper hostname you have and make sure you can do forward / reverse lookups.

     

    Once you can, renew your push certs so they have the new hostname, and go into profile manager and chose configure, once you configure it, it will setup OD for you under the proper hostnames.

     

    Once your OD hostname / Intermediate_CA Cert matches the hostnames on the push services, you should be able to download the trust profile and enroll.

     

    I hope this helps!

  • Stress Test Level 4 Level 4 (1,265 points)
    Currently Being Moderated
    Dec 5, 2011 8:44 AM (in response to burton11234)

    I thought the same, but didn't get it working. Now i've made a new testing partition, installed new without changeing the hostname afterwards and: It's working fine now.

     

    With the first installation I changed the name quite ofter for testing the renaming / DNS / hostname. Next time i'll have a look on your posibillity "burton"

  • burton11234 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Dec 5, 2011 1:38 PM (in response to Stress Test)

    Unfortunally when you use the push certs from apple, they generate a cert from the FQDN and if that FQDN doesn't match the cert for Open Directory then profile manager will cause issues.

     

    Best thing would be to export open directory so you can save everything first, blow it away by telling it its a standalone server, change the hostname and fqdn, make sure both forward and reverse lookups are working and then setup open directory, and regenerate the certs for the push, and setup profile manager.

     

    You then can import your records from open directory.

     

    Profile manager is really picky on the certs, and it gets upset if certs are not consistent between the push and OD.

     

    Hope this helps for future references!!!

  • rishigangoly Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jan 28, 2012 12:49 AM (in response to Miggl)

    I got the same error. When I updated to 10.7.2, the problem disappeared.

  • pjraby81 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 7, 2012 1:17 PM (in response to burton11234)

    To burton11234:

    I did this and it worked finally. If I screw up somewhere I just demote my OD, run the wipeDB script, then start over with everything. Thanks!

  • burton11234 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 7, 2012 1:48 PM (in response to pjraby81)

    Your welcome!

     

    Im glad I could help!

  • OMEGA2ReD Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jun 28, 2012 4:43 AM (in response to Miggl)

    I have a solution... I've created a new CA and requested a new certificate.

     

    I used this manual:

    https://discussions.apple.com/message/17858686

     

    Hope it helps!

  • SteffNL Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 13, 2013 12:49 AM (in response to Miggl)

    I know this thread is very old and I should perhaps create a new one. However, I've got the same error but my certificates are 'verified' .

  • burton11234 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 18, 2013 7:41 AM (in response to SteffNL)

    Profile Manager is 100% dependent on DNS / Certs. If one of these arn't a factor in the game it could be why your having issues. Is this with a computer or iOS device?

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (4)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.