Skip navigation

Has anyone had any luck with AD Certificate enrolment following HT5357?

883 Views 2 Replies Latest reply: Oct 11, 2012 1:03 AM by Matt_nz_Karamu RSS
meta-its Calculating status...
Currently Being Moderated
Aug 14, 2012 2:50 AM

Hi all,

 

We had the old Lion AD certificate enrolment working fine through a .mobileconfig file using the com.apple.ADCertificate.managed payload type. I'm now trying to update our profile to use the new Mountain Lion DCE-RPC mechanism described in HT5357 (since Apple have decided to remove the old mechanism from the OS, which is less than helpful!) and can't seem to get it to work. The mobileconfig is set up correctly as far as I can tell, and network captures show the Mac talking to the RPC endpoint mapper, getting a port then doing a TCP handshake to it, but it never actually gets as far as sending the certificate request before it throws the following:

 

Profile installation failed

The 'Active Directory Certificate' payload could not be installed. The certificate request failed.

 

I've checked the certificate server logs and, as expected based on the network capture, it doesn't even log an attempted enrolment, let alone a failure.

 

Is there any better logging on the Mac I could look at, or any debugging I could turn on to find out what's triggering this error?

 

Many thanks,

Sean

MacBook Pro (15-inch Late 2011), OS X Mountain Lion
  • Matt_nz_Karamu Calculating status...

    Hi,

     

    I have the same problem attempting to push a computer certificate onto a OSX 10.8 server.

     

    I tried as a test unjoining the OD connection but this had disastrous effect as it would not re-establish. (maybe because its the OD Master?) - but the certificates did install.

     

    Is their another way to force it to use AD?

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.