Sure. Thanks for the reply and apologies on the slow response. Again, from what I can tell,
The environment is an XSAN deployment, so servers are on Yosemite 10.10.3, running Server 4.1. DNS, OD and XSAN are running well on both. Other services on this machine include Calendar, Messages and File Sharing, but all other services were set up after the failure of Profile Manager.
Basically I cannot enable device management for Profile Manager. Didn't work initially, so I tried the steps here: OS X Server: How to reset Profile Manager to its original state - Apple Support. Didn't work again. The log output makes me think it has a problem with the server's certificates, but server2 only has a SSL cert signed by server1.
I must be missing something, so any thoughts greatly appreciated.
devicemgrd.log output:
[67233] [2015/04/30 14:49:55.925] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES
0:: [67233] [2015/04/30 14:49:55.928]
###############################################################################
devicemgrd-886.204 (PID:67233, OS:14D136, SERVER:14S1092, ARCH:x86_64) starting
LA: devicemgrd
Log verbosity level = 1
UID = 220, EUID = 220
###############################################################################
1:: [67233] [2015/04/30 14:49:55.936] Incoming request: readSettings
0:: [67233] [2015/04/30 14:49:56.059] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
0:: [67233] [2015/04/30 14:49:59.048] Profile Manager service STOPPED
1:: [67233] [2015/04/30 14:49:59.068] Wrote MDM URL bag to /Library/Server/ProfileManager/Config/ServiceData/Data/FileStore/MDMServiceConf ig.json
1:: [67233] [2015/04/30 14:49:59.068] Wrote DEP Anchor Certs to /Library/Server/ProfileManager/Config/ServiceData/Data/FileStore/DEPAnchorCerts .json
1:: [67233] [2015/04/30 14:49:59.078] Ready to receive external socket requests.
1:: [67233] [2015/04/30 14:49:59.170] Incoming request: readAppDistributionSettings
1:: [67233] [2015/04/30 14:49:59.173] Incoming request: readSimplifiedDeviceEnrollmentSettings
[67337] [2015/04/30 14:50:35.699] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES
0:: [67337] [2015/04/30 14:50:35.712]
###############################################################################
devicemgrd-886.204 (PID:67337, OS:14D136, SERVER:14S1092, ARCH:x86_64) starting
LA: devicemgrd
Log verbosity level = 1
UID = 220, EUID = 220
###############################################################################
0:: [67337] [2015/04/30 14:50:35.735] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
0:: [67337] [2015/04/30 14:50:37.930] Profile Manager service STOPPED
1:: [67337] [2015/04/30 14:50:37.938] User 'nobody' not found, creating...
0:: [67337] [2015/04/30 14:50:38.431] Loaded strings from '/Applications/Server.app/Contents/ServerRoot/usr/share/servermgrd/bundles/serv ermgr_devicemgr.bundle/Contents/Resources/en.lproj/default.strings'.
1:: [67337] [2015/04/30 14:50:38.440] Incoming request: readSettings
0:: [67337] [2015/04/30 14:50:38.655] -[NSString(devicemgr_Additions) dateFromOpenSSLString]: 'Apr 26 20:57:28 2017 GMT'
1:: [67337] [2015/04/30 14:50:38.675] Wrote trust profile to /Library/Server/ProfileManager/Config/ServiceData/Data/FileStore/Trust_Profile_ for_mdc02.mobileconfig
1:: [67337] [2015/04/30 14:50:38.686] Wrote MDM URL bag to /Library/Server/ProfileManager/Config/ServiceData/Data/FileStore/MDMServiceConf ig.json
1:: [67337] [2015/04/30 14:50:38.688] Wrote DEP Anchor Certs to /Library/Server/ProfileManager/Config/ServiceData/Data/FileStore/DEPAnchorCerts .json
0:: [67337] [2015/04/30 14:50:38.718] Parsing enterprise app icons
1:: [67337] [2015/04/30 14:50:38.718] Parsing enterprise apps with missing icons...
1:: [67337] [2015/04/30 14:50:38.720] Ready to receive external socket requests.
0:: [67337] [2015/04/30 14:50:39.519] Created default profile 'Settings for Everyone'
1:: [67337] [2015/04/30 14:50:39.523] Incoming request: readAppDistributionSettings
1:: [67337] [2015/04/30 14:50:39.526] Incoming request: readSimplifiedDeviceEnrollmentSettings
1:: [67337] [2015/04/30 14:50:45.889] Incoming request: writeSettings
1:: [67337] [2015/04/30 14:50:45.911] EXCEPTION: Error <-[SCEPHelper getIdentityDataForPersistentRef:encryptedWithPassword:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Base/Support/SCEPHelper.m:217): "'((SCEPHELPER_GetIdentityFromRef(self.connection, mCertRef, mCertRefCnt, mPassword, mPasswordCnt, &mPKCS12Data, &mPKCS12DataCnt)))' error 1">
USERINFO: {
NSLocalizedDescription = "Operation not permitted";
}
1:: [67337] [2015/04/30 14:50:54.400] Completed parsing enterprise apps with missing icons!
1:: [67337] [2015/04/30 14:51:21.438] Incoming request: activateOD
1:: [67337] [2015/04/30 14:51:21.438] EXCEPTION: Error <-[SCEPHelper odRootCertificate] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Base/Support/SCEPHelper.m:61): "'((SCEPHELPER_GetODRootCertificate(self.connection, &root, &rootCnt)))' error 1">
USERINFO: {
NSLocalizedDescription = "Operation not permitted";
}