9 Replies Latest reply: Apr 1, 2014 1:16 AM by JohnPembsC
DenisF Level 2 Level 2 (150 points)

I never manager to get profile manager working on Lion Server.

I was expecting to do a clean install on my mac mini server, I couldn't.

Before reformating the partition any simpler tip?

May be I messed up the certificate as well.

 

When I try to enroll a compter (e.g. the mac mini server itself) via the web interface, I get the error message:

profile installation failed

could not download the identity profile from the encrypted profile service. The credentials within the device enrollment profile may have expired.

 

For resetting, I tried in Terminal

cd "Server HD"

sudo sh /usr/share/devicemgr/backend/wipeDB.sh

 

and I get :

No such file or directory

 

Thanks in advance


Mac mini, OS X Server
  • 1. Re: how to reset profile manager on mountain lion?
    TNM1 Level 1 Level 1 (5 points)

    Try this:  http://support.apple.com/kb/HT5349
    although it did not work for me... but maybe it'll work for you.

  • 2. Re: how to reset profile manager on mountain lion?
    DenisF Level 2 Level 2 (150 points)

    Thanks it should help as the file has been moved from

    (Lion):

    /usr/share/devicemgr/backend/wipeDB.sh

     

    to (mountain lion /Os-X server)

     

    /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeDB. sh

     

    However I could not test it as I finally did a complete re-install for other reasons.

  • 3. Re: how to reset profile manager on mountain lion?
    KjellAndrew Level 1 Level 1 (0 points)

    I will confirm that this solution reset the profile manager back to it's configurable state. Interesting things it did.

     

    1.) It deleted my SSL certificates

    2.) It reset the profile manager, but turned the service ON when it was done.

  • 4. Re: how to reset profile manager on mountain lion?
    aaron.shegrud Level 1 Level 1 (5 points)

    I'm having this same issue.

    I can install the Trust Profile

    but when I go to Enroll Device, I get:

    profile installation failed

    could not download the identity profile from the encrypted profile service. The credentials within the device enrollment profile may have expired.

    what I've done:

    backed up my Device Manager database

    wiped the database

    re-setup Device Manager

    replaced the database

    tried to Enroll Device and failed (same error)

    wiped the database

    re-setup the Device Manager

    tried to Enroll Device and failed (same error)

     

    I've tried recreating my ssl certs

     

    Ive tried running it without code signing certs

     

    I refuse to wipe my entire Open Directory

     

    is there any to get this working or am I going to need to go third party to manage my Mac-only shop?

  • 5. Re: how to reset profile manager on mountain lion?
    MCLSP Level 1 Level 1 (0 points)

    Hi,

    Sorry may poor english!!!

     

    The workaround that helps me:

     

    1.- Stop all server services and close the app

    2.- /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeDB . sh

    1.- Delete /Library/Server folder

    3.- Delete the server app

    4.- DELETE /VAR/SERVERMGRD CONTENTS. If any setup fails, probably you have wrong... link files to devicemgr folder that use  the install app. ( I discovered it after see the errors in the profilemanager.log, after setup fails )

    5.- Reinstall M Lion (over the existing instance)

    6.- Reinstall server (from the appstore or original dmg file)

     

    Its works fine for me.

     

    Regards!!!

  • 6. Re: how to reset profile manager on mountain lion?
    MCLSP Level 1 Level 1 (0 points)

    Sorry for the wrong numbers!!! Actions order is correct ;-)

     

    *Notes:

     

    When starts the new configuration:

    Change the older server name. (i don´t know if there are old references to it)

    Configure network settings with the new server name, and create a new certificate.

    In open directory service, delete the previous server (if any)

    Configure the profile manager and create the new OD server from this service.

     

    Regards!

  • 7. Re: how to reset profile manager on mountain lion?
    aaron.shegrud Level 1 Level 1 (5 points)

    This is not a workaround. it is a complete wipe... this is an unaccptable fix and something needs to be done by apple to make their product enterprise worthy. where I can wipe a system without killing the hundereds of users I have created and managed through years of company growth.

     

    recently I backedup to timemachine backup

    put the backup on a laptop so I could wipe and reinstall mountain-lion from scratch on my Pro Server

    backed up just the LDAP and restored it on the Pro Server

     

    AND HAVE THE EXACT SAME PROBLEMS!

    (LDP won't share printers and Device manager won't work)

     

    Mountain lion server is probably the WORST server product I have ever used. I am now looking for viable sollutions outside of apple to move my company into a stable reliable environment.

  • 8. Re: how to reset profile manager on mountain lion?
    Sellers Level 1 Level 1 (10 points)

    Yes, it appears Profile Manager is as mature as Directory Server was a few revisions ago.   OpenDirectory seems to be okay now.

     

    I have the same problem - SSL certificates not working, profiles not downloading, and I can't import a new Code Signing certificate - it tells me it's not a code signing certificiate even though I just created it using their tool and said - code signing.   

     

    I tried a wipe and reconfigure - and at the end of the configure - it said Error -1

     

    Fail

  • 9. Re: how to reset profile manager on mountain lion?
    JohnPembsC Level 1 Level 1 (0 points)

    I had exactly the same error, but solved it in a less drastic way:


    In Server app, select Profile Manager. Under Settings, Sign configuration profiles was ticked. I clicked the Edit... box to the right of this, reselected the certificate, waited for the Profile Manager settings to update. Once this had updated, I tried to re-enroll the client, and it worked. Quite happy to accept this may have been a fluke!