Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: lelio98
lelio98 Author
User level: Level 1
10 points

Device Enrollment profile may have expired

I have been having a number of issues with profiles. First, the certificates expired (which has been resolved), then I upgraded to Mavericks and ran into a migration problem (which I also resolved). After all of this, I can no longer re-enroll existing Macs. New Macs work fine so I am fairly confident that everything is working properly. When I attempt to re-enroll an existing Mac I get the following error:


Could not download the identity profile from the Encrypted Profile Service. The credentials within the Device Enrollment profile may have expired.


But, all the certificates are fine. On a new Mac everything works perfectly.

Posted on Dec 4, 2013 11:05 AM

Reply
3 replies
User profile for user: tim_r_66
tim_r_66
User level: Level 1
51 points

Dec 15, 2013 9:44 AM in response to lelio98

Are you still having this issue or did you figure it out? I am getting the error you got with a Lion (10.7.5) client against a fresh install Mavericks/Server 3 set up.


I am able to download/install the trust profile and it shows verified, but when I try to install the enrollment profile, the errors start with:


mdmclient: *** ERROR *** [Agent:502] Unknown device attribute 'DeviceID' requested for Phase1 OTA authentication


Curious if we're seeing the same behavior, or if I need to start a new thread?


Tim

Reply
User profile for user: tim_r_66
tim_r_66
User level: Level 1
51 points

Dec 15, 2013 11:49 AM in response to tim_r_66

By cleaning up the system keychain on the client and deleting all references in Profile Manager to the client I want to enroll, I seemed to have gotten rid of the error.


However, now when I try to enroll, I get this error in the logs:



System Preferences: *** ERROR *** [CPInstallerUI:502] Profile installation (Remote Management (com.apple.config.<server fqdn>.mdm)) (Checkin 'Authenticate' failed: 0 <InternalError:1>)



Still baffled....


Tim

Reply
User profile for user: Sonofiron
Sonofiron
User level: Level 1
5 points

Nov 7, 2014 10:10 AM in response to tim_r_66

I'm running into similar issues. I created an image with an enrol profile on the desktop and the trust profile pre-installed. I used NetRestore to restore the image onto 50 Macs. When I went to enrol, my Profile Manager database had somehow become corrupt, forcing me to rebuild. Thinking I would simply delete the old Trust Profile and Enrol profile, and replace them with the new versions, each client is getting this message when attempting to enrol.


2014-11-06 12:52:50.008 PM mdmclient[7483]: *** ERROR *** [Agent:1889583515] Unknown device attribute 'DeviceID' requested for Phase1 OTA authentication

2014-11-06 12:53:13.805 PM mdmclient[7483]: *** ERROR *** [Agent:1889583515] Unable to proceed with connection to: https://myserver.local//devicemanagement/api/device/mdm_connect (com.apple.mdmconfig.mdm) because don't have valid MDM AuthToken

2014-11-06 12:53:13.819 PM mdmclient[7483]: *** ERROR *** [Agent:1889583515] Unable to proceed with connection to: https://myserver.local//devicemanagement/api/device/mdm_connect (com.apple.mdmconfig.mdm) because don't have valid MDM AuthToken


I've gone so far as to clean out the keychain but the issue persists. What's really weird is the device does enrol, and downloads all the applicable profiles - BUT it doesn't receive any push settings afterwards. e.g.. If I choose to change a setting in Profile Manager - the activity hangs with the status "Pending"

Reply

Device Enrollment profile may have expired

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up