Device Enrollment could not be installed due to an unexpected error

I have the same issue... appalled as I bought a mini server especially.

I initially could at least enroll the mini but then after trying some googling & solutions, I lost my open directory. Managed to fix that, back to square one but now I can't even enroll the mini. Have spent days & days trying to work it out.

I'll post if I find anything to help.

Have had the same experience since DP4.

I came to the conclusion that unless I really needed to management of my ios devices, I have little or none use of the profile manager. Most of the features are found in the old workgroup manager.

Anyway. did any of you guys look deeper into this issue and progressed ?

-mic

Have tried & gave it a rest for a while. I found it was an issue with the server remembering previous certificates & causing conflict with the new certificates, even though the new certificates are in use...

so I deleted my certificates & must have deleted something I shouldn't have & caused more issues so I thought I'd re-install Lion & start again. Took an hour & half to down load & install... & all my photos, music & setting were still there. The server did not ask me to start from scratch but enough to initially get everything working for about 20 mins.

Pushes stopped working & I tried to fix that & had same enrollment issue issue... attempted to re-install a second tme but this time Lion has kept all the same settings & still not working.

Tried a command - r install & it's not a clean install, seems to merge data, settings etc...

Frustrated, I have given it a rest for a few days...

I had this exact same issue and solved my problem by opening up ports on my Airport Extreme.

See: https://discussions.apple.com/thread/3213018?start=0&tstart=0

Basically, open Port 1640 TCP for the SCEP enrollment process and all worked for me. I then also opened port 2195 to manage (but I am not sure 2195 needs to be opened).

Once I did this the ota bootstrap errors did not appear and I was able to enroll my macs. Note that I was getting the boostrap ota error within the local network and I still needed to open these ports. Once I did, all good.

So I just wasted half of a day on this, and at least for my own system I figured it out *without* doing a clean install.

1. First, check that you have opened the ports as suggested by others here.

2. If you've done that, then the problem may be a rogue entry in your DNS server setting. What that means is if you initially set up your server app with one name, then later switched it to a new one, the old name is still "hanging around" causing havoc. This was the problem. To fix, you can try the steps below. WARNING: this will wipe your open directory. Make a full backup! I'm not 100% sure that wiping your OD is necessary, but it worked for me. Turn off any services you're running.

3. Download the 10.7 server admin tools here: http://support.apple.com/kb/DL1419

4. Open up the WorkGroup manager, and select any network users you've created, then export them. You're backing them up because you're going to wipe your open directory.

5. Open Server Admin.app. Click on the reveal triangle for your server, and it will show an entry for "Open Directory". Click on that.

6. Click on the Settings gear in the top of the right panel.

7. Where it says Role: Open Directory Master, hit Change....

8. In the panel that pops up, hit "set up a standalone directory". It will warn you that it's going to wipe your server open directory data.

9. Now, on the left side of the same screen, select DNS, then hit the "zones" button on top.

10. Look for your old host name(s) there. Select any extra entries that have your old host names, and remove. DO NOT REMOVE your current name entry (the Primary Zone) or the reverse entry (Reverse Zone). If you remove those, you'll be totally hosed. Only remove redundant entries.

11. Back in the Server.app, go to the menu and select Manage -> Manage Network Accounts. It will ask you for some information as it sets up open directory again for you. Give it what it needs.

12. To re-import your saved account info, go to Manage -> Import Accounts From File. (I have not tried this step, but it *should* work. YMMV).

13. Now, go reactivate your profile manager, turn on device management. It should "think" for a bit while it churns through the new open directory data.

14. Now, it should work!!! (at least it does for me). I speculate that the name lookup was getting conflicting results from DNS, causing problems and confusion. This seems to have fixed it.

15. If that doesn't work, one other step I took (but it didn't seem to help by itself) was to wipe the device manager database. To do that, open a terminal and use

sudo /usr/share/devicemgr/backend/wipeDB.sh

WARNING: this will wipe any device info that you've set up. I don't think this is necessary, but might be used as a last ditch effort.

Hope that helps!

Could you tell me how to open ports on OS X Lion?

On OS X Lion ports are always opened unless you enable the firewall (System Preferences --> Security & Privacy). You can specify exeptions by clicking the button named "Firewall Options".

Lion doesn't use firewalls out-of-the-box because there are no services running out-of-the box and home users are always behind a firewall, unless you've tweaked things so you're not 🙂

On OS X Lion server (the topic starter should have posted this in the Lion Server forum) you can use Server Admin as well. There you would have to add the Firewall service, set it the way you like and enable the service.

Note that Server Admin doesn't accompany Lion Server out-of-the-box, so you'd need to download Server Admin Tools for the version of Lion you are operating.

Info about the version for Lion Server 10.7.4 can be found here.