Profile installation failed.

I have a similar problem. I have a 2011 Mac Mini Server and a 2010 MBP 15". I was just trying to set up both with profile manager and was able to successfully enroll the MBP without too much difficulty. I am using a self-signed certificate, so I downloaded the Trust Profile and then enrolled the MBP. But when I went back over to the server, installed the Trust Profile, and then tried to try to enroll it, I got the following error:

"Profile Installation Failed. The certificate for this server is invalid. You might be connecting to a server that is pretending to be “server.flyer05.private” which could put your confidential information at risk."

Based on my understanding of certificates, since I am only going to be using this server for my own home use and as a VPN to connect to my home network when traveling, it seems unnecessary to pay for a CA-signed certificate, and I'd like to avoid the added unnecessary expense if I can. Does anyone have any suggestions for how to deal with this issue?

Miggl wrote:

Profile installation failed.

The profile "Remote Management (come.apple.config.rocking-mm.private.mdm)" could not be installed due to an unexpected error.

Same here 😟

Server was a clean install, and no upgrade from Snow Leopard.

Error Logs from Console.app:

12.09.11 15:48:04,361 com.apple.UserEventAgent-System: Sep 12 15:48:04 <servername> ProfileManager[5346] <Info>: CertUpdateHandler.run: replace/etc/certificates/MDM SCEP SIGNER.2AC3B0163956D237FCB1CF208CA5B9EBE28528BF.cert.pem0x00/etc/certificates/M DM SCEP SIGNER.0E1A80185764011A7C5CDE7E4880C26ADFF02C30.cert.pem0x00

12.09.11 15:48:04,492 com.apple.UserEventAgent-System: /usr/libexec/certupdate/certupdate_devicemgr.sh: line 30: exit: result: numeric argument required

12.09.11 15:48:20,455 com.apple.UserEventAgent-System: *** Error: certificate path does not exist: /etc/certificates/MDM SCEP SIGNER.0E1A80185764011A7C5CDE7E4880C26ADFF02C30.cert.pem

and a second error message:

12.09.11 15:55:28,217 System Preferences: *** ERROR *** [CPInstallerUI:501] Profile installation (Entfernte Verwaltung (com.apple.config.serverbook.test.intern.mdm)) (Checkin 'Authenticate' failed: 0 <InternalError:1>)

No, i'm pretty sure you can register the server with itself so you can manage things remotely if need be. This guy was able to: http://www.wegotserved.com/2011/09/07/os-lion-server-home-server-part-8-profile- manager-macs/2/

Miggi

No need for a clean install, the issues you described are cert issues bassed upon your OD setup and certs from apple for the push services.

If you need to destroy profile manager you can run this command and it will blow away everything in profile manager so its like starting over.

sudo /usr/share/devicemgr/backend/wipeDB.sh

Once that command is run, you can demote your OD server.

Change the hostname to the proper hostname you have and make sure you can do forward / reverse lookups.

Once you can, renew your push certs so they have the new hostname, and go into profile manager and chose configure, once you configure it, it will setup OD for you under the proper hostnames.

Once your OD hostname / Intermediate_CA Cert matches the hostnames on the push services, you should be able to download the trust profile and enroll.

I hope this helps!

I thought the same, but didn't get it working. Now i've made a new testing partition, installed new without changeing the hostname afterwards and: It's working fine now.

With the first installation I changed the name quite ofter for testing the renaming / DNS / hostname. Next time i'll have a look on your posibillity "burton" 🙂

Unfortunally when you use the push certs from apple, they generate a cert from the FQDN and if that FQDN doesn't match the cert for Open Directory then profile manager will cause issues.

Best thing would be to export open directory so you can save everything first, blow it away by telling it its a standalone server, change the hostname and fqdn, make sure both forward and reverse lookups are working and then setup open directory, and regenerate the certs for the push, and setup profile manager.

You then can import your records from open directory.

Profile manager is really picky on the certs, and it gets upset if certs are not consistent between the push and OD.

Hope this helps for future references!!!

I got the same error. When I updated to 10.7.2, the problem disappeared.

To burton11234:

I did this and it worked finally. If I screw up somewhere I just demote my OD, run the wipeDB script, then start over with everything. Thanks!

Your welcome!

Im glad I could help!

I have a solution... I've created a new CA and requested a new certificate.

I used this manual:

https://discussions.apple.com/thread/3806276

Hope it helps!

I know this thread is very old and I should perhaps create a new one. However, I've got the same error but my certificates are 'verified' .

Profile Manager is 100% dependent on DNS / Certs. If one of these arn't a factor in the game it could be why your having issues. Is this with a computer or iOS device?

This is a computer. The reason I'm asking is that I can enroll iOS devices without any problem at all. Macintosh computers can't be enrolled, whatever model or OS version. The certificate Profile Manager uses is 'verified' .