Skip navigation

Profile Manager Enrollment - iOS - Server Certificate Invalid

60419 Views 125 Replies Latest reply: Nov 4, 2013 4:12 PM by Phil_O RSS
  • burton11234 Calculating status...

    Your welcome!

     

    In a nutshel yes thats how it would work, but then in the end its all about DNS. If you have myname.com dns zone in your production dnz server and the dns record myname.com points to your internal IP of the osx server then it will only go inside. If you change that DNS record to the public IP and the nat rule your using is not using the same public IP (only in cases that port forwarding are used and you have 1 public IP) then it will work as well.

     

    Otherwise if you want to test the public connection you could go on 3g and test that way. If ports 443 is open and your on 3g you will be able to hit the URL. If the port 443 is closed and your on 3g it wont work. Port 1640 is used for SCEP which is basically the process of the certificates getting pushed down so your device is a trusted device.

     

    As everything with profile manager and mobile devices is all related to FQDN's and Certificates.

  • selvakumar_k Calculating status...

    Hi burton11234,

     

    I followed the steps you have given in page3 (https://discussions.apple.com/thread/3253751?start=30&tstart=0). Except step3.

     

    I ran in intranet and i used self signed certficate. I mentioned DNS as "server.local". Not having any firewall.

     

    When i tried to enroll my Mac i got the below error.

     

    Profile installation failed.

    The profile "Remote Management (come.apple.config.server.local.mdm)" could not be installed due to an unexpected error.

     

    Error log:

     

    System Preferences: *** ERROR *** [CPInstallerUI:501] Profile installation (Entfernte Verwaltung (com.apple.config.server.local.mdm)) (Checkin 'Authenticate' failed: 0 <InternalError:1>)

     

    I regenerated the push certificate it is pointed to "server.local".  Please help.

  • Sarswimmer0718 Level 1 Level 1 (5 points)

    To fix this, I went to

     

    1. HTTPS://my.server.com/mydevices

     

    2. Clicked on profiles tab

     

    3. downloaded and installed trust profile from my iOS

     

    after that go back to the devices tab

     

    4. Enroll device.

     

    This took two tries but it worked.

  • maikerugarushia Calculating status...

    Hi Mr burton11234

     

    Im following this thread and I think you can help me with my problem.

     

    As youve said from your earlier post. Once the trust profile is accepted by the iOS device, the device enrollment will follow. I've been figuring a cure for this in dayas but to no avail. As I've said in the link below, all of the profile configuration are running smoothly and also the trust profile push through without any problem. Just the device enrollment.

     

     

     

    Heres the link ----> https://discussions.apple.com/thread/4919305

     

    Thanks in advance.

  • ebrind Calculating status...

    I am having the same issue on multiple servers. My problem started after I renewed the code signing cert.

     

    https://discussions.apple.com/message/21406833#21406833

     

    I am working with an enterprise advisor however I still do not have a resolution.

     

    Thanks,

     

    ebrind

  • Phil_O Calculating status...

    I, too, have been experiencing this issue and have never got the profile manager working properly until yesterday.  I'm on a home network with mavericks server running on a mac mini, although I had the same issue with Lion and I passed on Mountain Lion.

     

    After several clean installs, and failed enrollments on iphones, ipod touches and macbook airs I noticed an error message saying something about the hostnames for the certs not matching.

     

    I then remembered that the first thing I did after a clean install was create the OD and later changed the hostname to server.local.

     

    When the os is installed, both the computer name and host name are "server" only, so I did ANOTHER clean install and the first thing I did was make the hostname server.local and THEN create the OD, which in turn creates the self-signed cers, but this time with the matching hostname.

     

    It worked like a champ and every device in the house enrolled in profile manager first try 

     

    I hope you get the same mileage, good luck  !!

     

    p.s. I found out you can do a clean install from a time machine backup in about 10 minutes, rather than 50 minutes or so if you have the mavericks installer on a thumb drive.  That took a lot of the pain away too 

1 ... 5 6 7 8 9 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (13)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.