iArno

Q: Push settings to users on a mac doesn't seem to work.

I've setup various profiles for devices and users. Settings for ios devices works fine but settings for users on a mac seem to hang indefinetely. IT keeps sending in my profile manager and never seems to be able to push the settings.

 

I keep getting messages like the following, anyone an idea ?

 

Aug 17 21:08:21 iserve.ath.cx ruby[458] <Info>: Pruning certificate chain to 18446744073709551615

Aug 17 21:08:21 iserve.ath.cx ruby[458] <Debug>: Trying to add a bogus certificate

Aug 17 21:08:21 iserve.ath.cx ruby[458] <Debug>: An error occured while inserting an untrusted certificate into the chain

 

All mac's have the trusted certificate installed and are enrolled.

 

I have no clue how to solve this.

 

Arno

MacMini Server, iMac, Macbook Pro, Mac OS X (10.6.2), Former PC User switching to something much better.

Posted on Aug 17, 2011 12:16 PM

Close

Q: Push settings to users on a mac doesn't seem to work.

  • All replies
  • Helpful answers

Page 1 Next
  • by steven.rogers,

    steven.rogers steven.rogers Sep 21, 2011 8:46 PM in response to iArno
    Level 1 (0 points)
    Sep 21, 2011 8:46 PM in response to iArno

    i have the same error messages and my policy push fails.

     

    I have however figured out by trial and elimination that it was the "Mobility" profile that was causing it, i made no changes from the default and it makes it fail everytime i add this section to the policy.

     

    Are you able to confirm if its the same section that does this for you?

  • by iArno,

    iArno iArno Sep 22, 2011 1:02 PM in response to steven.rogers
    Level 1 (0 points)
    Sep 22, 2011 1:02 PM in response to steven.rogers

    Hi Steven,

     

    I've checked my configuration to be sure but i don't use Mobility Profiles for any of my users. The only stuff in my profiles so far are some webclips, generals settings for users and for devices settings have been added for email, caldav, ichat and carddav. So pretty basic actually. I reinstalled 2 macs to make sure there wasn't somekind of issue with that. After searching / googling a while i gave up on this issue. So far i get the same errors and the user profiles won't push. Even a profile with only an added description in the general settings doesn't get push due to somekind of certificate error. However the device profiles do get pushed. Very strange.

     

    But glad to hear at least somebody got the problem solved.

     

    Arno

  • by Buthidae,

    Buthidae Buthidae Nov 20, 2011 5:27 PM in response to iArno
    Level 1 (0 points)
    Servers Enterprise
    Nov 20, 2011 5:27 PM in response to iArno

    I was having this issue too. It turned out to be the Network settings in the profile.

     

    When installing the profile manually it was throwing 802.1X errors and not installing our signed certificate. Once the wired and wireless network config was removed everything installed cleanly, and push settings started working without issue.

  • by Andrew Baldwin1,

    Andrew Baldwin1 Andrew Baldwin1 Feb 1, 2012 2:15 PM in response to Buthidae
    Level 3 (595 points)
    Feb 1, 2012 2:15 PM in response to Buthidae

    This fixed it for me after forty minutes of banging my head against a wall.  The log is almost useless.

    THANK YOU!

  • by NachoooooooLibre,

    NachoooooooLibre NachoooooooLibre Sep 5, 2012 11:32 AM in response to Andrew Baldwin1
    Level 1 (0 points)
    Sep 5, 2012 11:32 AM in response to Andrew Baldwin1

    Here's what I have found so far, and it doesn't make any sense to me. Both the Directory and the Webclips paylods cause this problem for me. OS X devices are stuck on Sending in the Active tasks. When I cancel those tasks and remove the offending payloads and try to make any changes to the profile, the computers continue to be stuck on Sending in the Active Tasks. Only removing the device from the system and re-enrolling it seems to get past this point, as long as Directory and Webclips payloads are not configured for OS X devices.

  • by NachoooooooLibre,

    NachoooooooLibre NachoooooooLibre Sep 5, 2012 3:21 PM in response to NachoooooooLibre
    Level 1 (0 points)
    Sep 5, 2012 3:21 PM in response to NachoooooooLibre

    A workaround for the Webclips policy was to create separate profiles for iOS and OS X devices. Just make sure you don't add OS X devices to the group that manages iOS devices...

     

    I have not found a workaround for the Directory payload. It may just be in my environment (Active Directory), so if anyone knows of a fix, I would love to hear about it.

  • by ionepoch,

    ionepoch ionepoch Sep 7, 2012 10:56 PM in response to NachoooooooLibre
    Level 1 (4 points)
    Sep 7, 2012 10:56 PM in response to NachoooooooLibre

    my two cents and experience with Profile Manager documented here:

    -- https://discussions.apple.com/message/19478091

     

    maybe the above will save you some time if some of your profiles fail to deploy. 

     

    we did not experiment with the Directory payload to much other than to say we could never get it to work... and therefore skipped it.

     

    would love to hear more about any specifics (perhaps I can tell you our workaround for specific payloads ... or at least confirm we shared a similar unresolved problem)

  • by Peter-Erik,

    Peter-Erik Peter-Erik Nov 14, 2012 4:41 AM in response to iArno
    Level 1 (10 points)
    Nov 14, 2012 4:41 AM in response to iArno

    @iArno did you find the solution?

     

    I have the same problem. I setup a test server 10.8.2 push is working to client but lock isnt working (failed)

    when i look in the log file is see almost the same as iArno. Try all thinks decriped above but still no solution

     

    Nov 14 11:31:08 srv-mac2.cbs-niob.local ruby[12402] <Info>: Pruning certificate chain to 18446744073709551615

    Nov 14 11:31:08 srv-mac2.cbs-niob.local ruby[12402] <Debug>: Trying to add a bogus certificate

    Nov 14 11:31:08 srv-mac2.cbs-niob.local ruby[12402] <Debug>: An error occured while inserting an untrusted certificate into the chain

    Nov 14 11:31:08 srv-mac2.cbs-niob.local ProfileManager[12402] <Info>: Pushed to <Device:"mlp-auto-001"> with token Nl6Ed4FOOR4fmFKJXiEMfGgvDQnyeCBHK09ctY5qQMI=, {"time":"1352889068.171044","mdm":""}

     

    someone any idea?

  • by EiffelITDept,

    EiffelITDept EiffelITDept Jan 18, 2013 6:46 AM in response to Peter-Erik
    Level 1 (0 points)
    Jan 18, 2013 6:46 AM in response to Peter-Erik

    Just out of interest, did you get anywhere with this? I'm also now banging my head against the wall with a similar problem. Inches away from a reinstall.

  • by Peter-Erik,

    Peter-Erik Peter-Erik Jan 18, 2013 6:53 AM in response to EiffelITDept
    Level 1 (10 points)
    Jan 18, 2013 6:53 AM in response to EiffelITDept

    @EifelITDept

     

    Yes it works now but i test it with .local adress and that wass no good idea  so i setup a new server with an  mac.domain.com name  and no more errors what is your problem?

  • by EiffelITDept,

    EiffelITDept EiffelITDept Jan 18, 2013 7:06 AM in response to Peter-Erik
    Level 1 (0 points)
    Jan 18, 2013 7:06 AM in response to Peter-Erik

    Was working yesterday, now it's not.

     

    Dock settings and everything would push, it was awesome, now today it's stopped. The webapp reports failed, and the log reports 'bogus certificate' and 'untrusted' error that is named in original post.

     

    Very frustrating, I don't want to have to do a clean install and start again

     

    The host changed but it's been working since that change. Very strange.

  • by Peter-Erik,

    Peter-Erik Peter-Erik Jan 18, 2013 7:08 AM in response to EiffelITDept
    Level 1 (10 points)
    Jan 18, 2013 7:08 AM in response to EiffelITDept

    Can you post some log files?

  • by ionepoch,

    ionepoch ionepoch Jan 18, 2013 7:13 AM in response to EiffelITDept
    Level 1 (4 points)
    Jan 18, 2013 7:13 AM in response to EiffelITDept

    EiffelITDept ...

     

    sorrry to repost and sound like a broken record... but we spent a ton of time on profile manager ... some things worked ... some things didn't ... some of the time ... all of the time.  basically, it was unreliable.

    https://discussions.apple.com/message/19478091

     

    we have been using Workgroup Manager and MCX settings on 10.8.2 as we have for years... it is so much more reliable.  consider this before reinstalling and spending countless hours to get no results with profile manager.

  • by EiffelITDept,

    EiffelITDept EiffelITDept Jan 18, 2013 7:15 AM in response to Peter-Erik
    Level 1 (0 points)
    Jan 18, 2013 7:15 AM in response to Peter-Erik

    Sure - thanks for your help.

     

    Jan 18 14:44:20 server.mydomain.com ProfileManager[9359] <Info>: ServermgrDevicemgr starting...

    Jan 18 14:44:20 server.mydomain.com ProfileManager[9359] <Info>: default_profile_created_at_least_once was already true

    Jan 18 14:44:20 server.mydomain.com ProfileManager[9359] <Warning>: ** has_many_polymorphs: Warning; not all usage scenarios for polymorphic scopes are supported yet.

    Jan 18 14:44:20 server.mydomain.com ProfileManager[9359] <Info>: ServermgrDevicemgr done!

    Jan 18 15:04:43 server.mydomain.com ProfileManager[532] <Info>: DemandProcess: running with arguments '-e production'

    Jan 18 15:04:45 server.mydomain.com ruby[532] <Info>: Pruning certificate chain to 18446744073709551615

    Jan 18 15:04:45 server.mydomain.com ruby[532] <Debug>: Trying to add a bogus certificate

    Jan 18 15:04:45 server.mydomain.com ruby[532] <Debug>: An error occured while inserting an untrusted certificate into the chain

    Jan 18 15:04:45 server.mydomain.com ProfileManager[532] <Info>: Pushed to <LabSession:'MyUsername@ComputerImUsing'> with token sxXIeO/L4l/Pwa/1McJu83m048GBa+xH2SR+KRF1Xds=, {"time":"1358521484.604173","mdm":""}

    Jan 18 15:04:50 server.mydomain.com ProfileManager[532] <Warning>: ** has_many_polymorphs: Warning; not all usage scenarios for polymorphic scopes are supported yet.

    Jan 18 15:04:51 server.mydomain.com ProfileManager[532] <Warning>: ** has_many_polymorphs: Warning; not all usage scenarios for polymorphic scopes are supported yet.

    Jan 18 15:04:51 server.mydomain.com ruby[532] <Info>: Pruning certificate chain to 18446744073709551615

    Jan 18 15:04:51 server.mydomain.com ruby[532] <Debug>: Trying to add a bogus certificate

    Jan 18 15:04:51 server.mydomain.com ruby[532] <Debug>: An error occured while inserting an untrusted certificate into the chain

    Jan 18 15:04:51 server.mydomain.com ProfileManager[532] <Info>: Pushed to <LabSession:'MyUsername@ComputerImUsing'> with token sxXIeO/L4l/Pwa/1McJu83m048GBa+xH2SR+KRF1Xds=, {"time":"1358521491.205980","mdm":""}

    Jan 18 15:09:51 server.mydomain.com ProfileManager[532] <Info>: DemandProcess: quitting after 300 seconds of inactivity

     

    This is the computer that I'm playing with, just assigning it to myself in the profile manager, which causes the profile to be 'pushed' supposedly, and obviously.

     

    Thanks again.

Page 1 Next