I made some "progress" on this issue. I put it in quotes, because it's not really a solution, but a work-around:
Basically, for these to work you need to do a clean install of Lion on your machine. If you migrate data and user settings, it appears to break the functionality.
I had originally migrated right off the bat, and couldn't get it to connect properly. However, after doing a clean reinstall (erase harddrive partition and reinstall from recovery partition), it worked on the first try.
Between this and the many, many other issues and speedbumps that come with Lion Server, it doesn't surprise me that it only costs $50. I would like to see all the issues addressed, and a truly plug-and-play server emerge (maybe around 10.7.5 or so, who knows) where everything works as advertised and without complicated setup processes. I do believe that Lion Server could be something great, but it's just too riddled with issues at the moment.
I have a similar problem. I have a 2011 Mac Mini Server and a 2010 MBP 15". I was just trying to set up both with profile manager and was able to successfully enroll the MBP without too much difficulty. I am using a self-signed certificate, so I downloaded the Trust Profile and then enrolled the MBP. But when I went back over to the server, installed the Trust Profile, and then tried to try to enroll it, I got the following error:
"Profile Installation Failed. The certificate for this server is invalid. You might be connecting to a server that is pretending to be “server.flyer05.private” which could put your confidential information at risk."
Based on my understanding of certificates, since I am only going to be using this server for my own home use and as a VPN to connect to my home network when traveling, it seems unnecessary to pay for a CA-signed certificate, and I'd like to avoid the added unnecessary expense if I can. Does anyone have any suggestions for how to deal with this issue?
Profile installation failed.
The profile "Remote Management (come.apple.config.rocking-mm.private.mdm)" could not be installed due to an unexpected error.
Server was a clean install, and no upgrade from Snow Leopard.
Error Logs from Console.app:
12.09.11 15:48:04,361 com.apple.UserEventAgent-System: Sep 12 15:48:04 <servername> ProfileManager <Info>: CertUpdateHandler.run: replace/etc/certificates/MDM SCEP SIGNER.2AC3B0163956D237FCB1CF208CA5B9EBE28528BF.cert.pem0x00/etc/certificates/M DM SCEP SIGNER.0E1A80185764011A7C5CDE7E4880C26ADFF02C30.cert.pem0x00
12.09.11 15:48:04,492 com.apple.UserEventAgent-System: /usr/libexec/certupdate/certupdate_devicemgr.sh: line 30: exit: result: numeric argument required
12.09.11 15:48:20,455 com.apple.UserEventAgent-System: *** Error: certificate path does not exist: /etc/certificates/MDM SCEP SIGNER.0E1A80185764011A7C5CDE7E4880C26ADFF02C30.cert.pem
and a second error message:
12.09.11 15:55:28,217 System Preferences: *** ERROR *** [CPInstallerUI:501] Profile installation (Entfernte Verwaltung (com.apple.config.serverbook.test.intern.mdm)) (Checkin 'Authenticate' failed: 0 <InternalError:1>)
From what I am understanding you are saying, is that you have a server and a client machine. You were able to set up the MBP (client) in Profilemanager without issue, but you also want to register the server in Profilemanager.
As far as I am aware, this is not a supported configuration, as you would be registering the server with itself.
No, i'm pretty sure you can register the server with itself so you can manage things remotely if need be. This guy was able to: http://www.wegotserved.com/2011/09/07/os-lion-server-home-server-part-8-profile- manager-macs/2/
No need for a clean install, the issues you described are cert issues bassed upon your OD setup and certs from apple for the push services.
If you need to destroy profile manager you can run this command and it will blow away everything in profile manager so its like starting over.
Once that command is run, you can demote your OD server.
Change the hostname to the proper hostname you have and make sure you can do forward / reverse lookups.
Once you can, renew your push certs so they have the new hostname, and go into profile manager and chose configure, once you configure it, it will setup OD for you under the proper hostnames.
Once your OD hostname / Intermediate_CA Cert matches the hostnames on the push services, you should be able to download the trust profile and enroll.
I hope this helps!
I thought the same, but didn't get it working. Now i've made a new testing partition, installed new without changeing the hostname afterwards and: It's working fine now.
With the first installation I changed the name quite ofter for testing the renaming / DNS / hostname. Next time i'll have a look on your posibillity "burton"
Unfortunally when you use the push certs from apple, they generate a cert from the FQDN and if that FQDN doesn't match the cert for Open Directory then profile manager will cause issues.
Best thing would be to export open directory so you can save everything first, blow it away by telling it its a standalone server, change the hostname and fqdn, make sure both forward and reverse lookups are working and then setup open directory, and regenerate the certs for the push, and setup profile manager.
You then can import your records from open directory.
Profile manager is really picky on the certs, and it gets upset if certs are not consistent between the push and OD.
Hope this helps for future references!!!