Currently Being ModeratedMar 22, 2012 8:47 AM (in response to burton11234)
Well i decided to wipe out everything and start over! I wiped the hard drive and reinstalled server software.
I am at the beginning where it ask me to enter my Server name and have decided to use godaddy instead what we where using long story!
I have purchased a domain at godaddy and ready to start fresh. Since its just a domain name parked there i should be able to use there url forward to it to my mac mini server if i give it an ip to forward to? How would i use godaddy to setup the forward and reverse lookup? I want to get this working first before i start the setup on the mac mini that way i would be sure to get the certs correct. Sorry to ask all this but i am worn out trying to get it all working.
Thanks for any info you can give me!
Currently Being ModeratedMar 26, 2012 8:52 PM (in response to macuseroftheuk)
How did you recriate the OD?
Currently Being ModeratedMar 27, 2012 5:36 AM (in response to Lukaz32)
Download Server Admin Tools and go to OD and tell it to become a standalone server or by running a command to destroy OD (sudo slapconfig -destroyldapserver).
Currently Being ModeratedMar 27, 2012 5:42 AM (in response to TXED)
Using godaddy isn't going to do you any good except having a public DNS record. If you bought a DNS name that doesn't have anything to do with your organization you will have to create a DNS zone so your ogranization will be able to resolve the DNS name of your server.
Its easier to start off using a local DNS server that your in control off. The easiest way to do everything since everything revolves around your FQDN that you give the server. Is setup the server with a relivant FQDN that is from your ogganization and create a Host (A) record for forward and (PTR) record for reverse. Once clients can resolve them by IP / Hostname then go through the motions and create OD / Profile Manager, and get your apple certs. This all works off your FQDN on the server.
Currently Being ModeratedMar 28, 2012 11:19 AM (in response to burton11234)
You are correct it was a problem with my dns! PTR record for reverse was not correct!
I have it working just fine now. I am now going to start working on profiles.
Thank You Thank You Thank you! so much for all your help!
Currently Being ModeratedMar 28, 2012 11:37 AM (in response to TXED)
Glad you were able to figure it out and your very welcome :-)
Currently Being ModeratedMar 28, 2012 2:39 PM (in response to burton11234)
Quick question. In the past i have created VPN profiles with iphone config utility. Is there a way to import that profile into profile manager?
Thanks so much.
Currently Being ModeratedMar 29, 2012 5:46 AM (in response to TXED)
No, there is no way I am aware of. Profile Manager (devicemgr) uses a postgres database to save the settings to. There is no easy way to back it up other then use time machine and / or, export the database, or use some other 3rd party tool that uses some sort of rsync or scp to pull off backups.
I recreated all my policies over again from workgroup manager. If the users use a global policy and all of the VPN configs are the same, just create a group and apply those settings to a group and every time you add the device to the group it will get those policys.
Currently Being ModeratedJun 15, 2012 1:01 PM (in response to burton11234)
What happend in my case is that I had changed the OD IntermediateCA_* certificate to "Always Trust" and I was not able to enrol a device any more (but it got rid of the xscertd: Returning response with code 200 log enrty every 30sec). Changing back to "use System Default" fixed it (of course everything else like an intact OD is required as well) Hope that helps.
Currently Being ModeratedJul 23, 2012 3:01 PM (in response to John B Portland)
I've spent hours on this now and simply cannot get it working. The cert stuff is all sorted and enrolling OSX devices works fine but I just cannot get IOS devices to enroll. I keep getting 'invalid profile'.
I reiterate - all the certificates are working and it shows verified for everything but just will not enroll.
Any ideas? This is doing my head in slightly now!
I'm currently running https://servername.local/mydevices
I have tried .private and fully accessibly internet addresses and all with the same result
Currently Being ModeratedJul 24, 2012 1:54 PM (in response to jgcumming)
Certs are all done by FQDN. With that being said OSX devices work fine with using short names, but mobile devices need the full domain name in order to enroll and the cert to be valid.
Are you enrolling locally on your network or the public internet?
If you are enrolling locally, im assuming that servername.local means the hostname of the OSX server. What is the domain / DNS that your iPad is in, and what is the Search Path given from dhcp?
DNS zone is work.lab.local, and your server is servername.local. OSX machiens will be able to register to as they dont require the proper FQDN like iOS devices.
In order to test a iOS devices you may want to see if you can append only the serach string of the domain the server is bound to. (ex. servername.local)
If you go a few pages back it has a tutorial I posted on how to re-do everything without reinstalling. I would then recomend putting the OSX machine in the same DNZ zone as everything else so that way users can resolve it properly when it comes time to the cert.
Currently Being ModeratedJul 24, 2012 3:34 PM (in response to burton11234)
Thanks for the reply but the issue is not FQDN related. All in .local and resolving fine and using .local in all paths.
Any more ideas - the issue seems to be surrounding the actual enrollment profiles
Currently Being ModeratedJul 24, 2012 3:49 PM (in response to jgcumming)
Your welcome! Can you verify the cert fqdn matches the URL you are trying to enroll at. DNs can resolve but things can still be messed up. Can u provide the DNA zone your using as well. Are you using the Mac as a DNA server that clients are using or are you using windows AD /DNS
Currently Being ModeratedJul 24, 2012 3:51 PM (in response to burton11234)
DNS* stupid auto correct on cell
Currently Being ModeratedJul 24, 2012 3:55 PM (in response to burton11234)
At the moment mDNS apple and apple on local LAN (wired/wireless)
Have tried with mac DNS server too fwd and rev lookups all working
As I say - I don't believe this to be name resolution but I may be wrong