Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: mindcrime
mindcrime Author
User level: Level 1
50 points

Device enrollment

I'm having all kinds of issues with device enrollment. I first tried it with a local signed certificate and would get invalid certificate message when trying to enroll my iOS devices. So I spent the money to get a real cert for the server and was able to get farther in the enrollment process but it still fails with both my iOS devices and by OS 10.7 laptops.


On my iOS devices, I have the profile for the certificate shown and it shows trusted. When I click on enroll it goes through installing profile, generating key, enrolling certificate but then comes back with an error stating, "The SCEP server returned an invalid response."


For my Mac laptops, when I go to mydevices webpage on the laptop and click on enroll it will download the profle, show that its installing but then return an error say, "profile device enrollment could not be installed due to unexpected error."


I'm at a loss on this one.

Mac mini, Mac OS X (10.7)

Posted on Aug 7, 2011 8:47 PM

Reply
Question marked as Best reply
User profile for user: mindcrime
mindcrime Author
User level: Level 1
50 points

Posted on Aug 7, 2011 9:04 PM

Wow, 20 mins later I figure it out and it now works. Needed to remove and add back in my open directory as it still had information from a prior server host name.

View in context
6 replies
User profile for user: Adam2104
Adam2104
User level: Level 1
20 points

Aug 8, 2011 10:52 AM in response to mindcrime

You don't need a real, CA signed, certificate for it to work. You can use the local certificate. However, you need to first install the Trust Profile before you can Enroll the device. When you go to the /mydevices web page, there's two tabs at the top. One for Devices and one for Profiles. You need to go to Profiles first, install the Trust profile, then come back to the /mydevices web page and then you can Enroll the device.


I did this yesterday evening using self-signed certificates and it worked fine on 4 devices, 2 laptops, an ipad, and an iphone 4.

Reply
User profile for user: mindcrime
mindcrime Author
User level: Level 1
50 points

Sep 7, 2011 8:49 PM in response to Grant Ireland

If you haven't down loaded the advanced server application from Apple site then you will need to do so. Once installed there is an application called Server Admin. If your server is listed in server app then you can click on it and see if you have open directory listed. If not, then you will need to add the service open directory by going to server on the menu bar and choosing add service. All mine was there but the open directory was pointing to some old information so I had to remove open directory service, add it back in and then point it to the correct cert.

Reply
User profile for user: Grant Ireland
Grant Ireland
User level: Level 1
34 points

Sep 7, 2011 8:57 PM in response to mindcrime

Thank you for the quick response MindCrime!


Yes, have been working with OD for a number of years now. My question is simply about how you removed/demoted the ODMaster as simply removing the service from the server doesn't appear to be permitted on my Lion server. If you remove it and save the OD check mark will reappear. Also, wouldn't this be quite a drastic thing to do, did you not experience any issues demoting and premoting like this?


Anyhow, how did you do it exactly? Thanks!

Reply

Device enrollment

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up