Previous 1 2 Next 19 Replies Latest reply: Feb 19, 2013 8:49 AM by SteffNL
Miggl Level 1 (75 points)

I am getting this error on Lion when trying to register my device on the Lion server using the MyDevices page. I have already installed the trust certificate as well as the Everyone profile. I then proceed to the Devices tab and click on the Register button, but get this error in the process:


Profile installation failed.

The profile "Remote Management (" could not be installed due to an unexpected error.


Any ideas how to resolve this?




Mac mini, Mac OS X (10.7.1), 8GB RAM
  • Miggl Level 1 (75 points)

    I made some "progress" on this issue. I put it in quotes, because it's not really a solution, but a work-around:


    Basically, for these to work you need to do a clean install of Lion on your machine. If you migrate data and user settings, it appears to break the functionality.


    I had originally migrated right off the bat, and couldn't get it to connect properly. However, after doing a clean reinstall (erase harddrive partition and reinstall from recovery partition), it worked on the first try.


    Between this and the many, many other issues and speedbumps that come with Lion Server, it doesn't surprise me that it only costs $50. I would like to see all the issues addressed, and a truly plug-and-play server emerge (maybe around 10.7.5 or so, who knows) where everything works as advertised and without complicated setup processes. I do believe that Lion Server could be something great, but it's just too riddled with issues at the moment.

  • Jager2247 Level 1 (0 points)

    I have a similar problem. I have a 2011 Mac Mini Server and a 2010 MBP 15". I was just trying to set up both with profile manager and was able to successfully enroll the MBP without too much difficulty. I am using a self-signed certificate, so I downloaded the Trust Profile and then enrolled the MBP. But when I went back over to the server, installed the Trust Profile, and then tried to try to enroll it, I got the following error:


    "Profile Installation Failed.  The certificate for this server is invalid. You might be connecting to a server that is pretending to be “server.flyer05.private” which could put your confidential information at risk."


    Based on my understanding of certificates, since I am only going to be using this server for my own home use and as a VPN to connect to my home network when traveling, it seems unnecessary to pay for a CA-signed certificate, and I'd like to avoid the added unnecessary expense if I can. Does anyone have any suggestions for how to deal with this issue?

  • Stress Test Level 4 (1,265 points)

    Miggl wrote:

    Profile installation failed.

    The profile "Remote Management (" could not be installed due to an unexpected error.


    Same here


    Server was a clean install, and no upgrade from Snow Leopard.


    Error Logs from


    12.09.11 15:48:04,361 Sep 12 15:48:04 <servername> ProfileManager[5346] <Info>: replace/etc/certificates/MDM SCEP SIGNER.2AC3B0163956D237FCB1CF208CA5B9EBE28528BF.cert.pem0x00/etc/certificates/M DM SCEP SIGNER.0E1A80185764011A7C5CDE7E4880C26ADFF02C30.cert.pem0x00

    12.09.11 15:48:04,492 /usr/libexec/certupdate/ line 30: exit: result: numeric argument required

    12.09.11 15:48:20,455 *** Error: certificate path does not exist: /etc/certificates/MDM SCEP SIGNER.0E1A80185764011A7C5CDE7E4880C26ADFF02C30.cert.pem



    and a second error message:


    12.09.11 15:55:28,217 System Preferences: *** ERROR *** [CPInstallerUI:501] Profile installation (Entfernte Verwaltung ( (Checkin 'Authenticate' failed: 0 <InternalError:1>)
  • Miggl Level 1 (75 points)



    From what I am understanding you are saying, is that you have a server and a client machine. You were able to set up the MBP (client) in Profilemanager without issue, but you also want to register the server in Profilemanager.

    As far as I am aware, this is not a supported configuration, as you would be registering the server with itself.

  • Jager2247 Level 1 (0 points)

    No, i'm pretty sure you can register the server with itself so you can manage things remotely if need be. This guy was able to: manager-macs/2/

  • burton11234 Level 1 (0 points)



    No need for a clean install, the issues you described are cert issues bassed upon your OD setup and certs from apple for the push services.


    If you need to destroy profile manager you can run this command and it will blow away everything in profile manager so its like starting over.


    sudo /usr/share/devicemgr/backend/


    Once that command is run, you can demote your OD server.


    Change the hostname to the proper hostname you have and make sure you can do forward / reverse lookups.


    Once you can, renew your push certs so they have the new hostname, and go into profile manager and chose configure, once you configure it, it will setup OD for you under the proper hostnames.


    Once your OD hostname / Intermediate_CA Cert matches the hostnames on the push services, you should be able to download the trust profile and enroll.


    I hope this helps!

  • Stress Test Level 4 (1,265 points)

    I thought the same, but didn't get it working. Now i've made a new testing partition, installed new without changeing the hostname afterwards and: It's working fine now.


    With the first installation I changed the name quite ofter for testing the renaming / DNS / hostname. Next time i'll have a look on your posibillity "burton"

  • burton11234 Level 1 (0 points)

    Unfortunally when you use the push certs from apple, they generate a cert from the FQDN and if that FQDN doesn't match the cert for Open Directory then profile manager will cause issues.


    Best thing would be to export open directory so you can save everything first, blow it away by telling it its a standalone server, change the hostname and fqdn, make sure both forward and reverse lookups are working and then setup open directory, and regenerate the certs for the push, and setup profile manager.


    You then can import your records from open directory.


    Profile manager is really picky on the certs, and it gets upset if certs are not consistent between the push and OD.


    Hope this helps for future references!!!

  • rishigangoly Level 1 (0 points)

    I got the same error. When I updated to 10.7.2, the problem disappeared.

  • pjraby81 Level 1 (0 points)

    To burton11234:

    I did this and it worked finally. If I screw up somewhere I just demote my OD, run the wipeDB script, then start over with everything. Thanks!

  • burton11234 Level 1 (0 points)

    Your welcome!


    Im glad I could help!

  • OMEGA2ReD Level 1 (0 points)

    I have a solution... I've created a new CA and requested a new certificate.


    I used this manual:


    Hope it helps!

  • SteffNL Level 1 (0 points)

    I know this thread is very old and I should perhaps create a new one. However, I've got the same error but my certificates are 'verified' .

  • burton11234 Level 1 (0 points)

    Profile Manager is 100% dependent on DNS / Certs. If one of these arn't a factor in the game it could be why your having issues. Is this with a computer or iOS device?

Previous 1 2 Next