Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: MarsMonster
MarsMonster Author
User level: Level 1
0 points

profile manager config profiles to AD accounts\Groups

Hey everyone,


I'm new to the apple system administration world and running into an issue.


I've been troubleshooting using the profile manager to push settings to Active Directory users.


The Mac Mini is running OS X 10.10 and joined to our AD.


I installed the server app (5.0.15) and enabled the Profile manager. I set it up to use a self signed cert and enrolled an mac. I can push config profiles to the devices with no issues.


When pushing settings to an Active Directory User or Active Directoy group it seems to fail.


When logging on with an AD account to the enrolled mac the following error is logged:


MDM Client: *** ERROR *** [Agent:1484649110] Unable to proceed with connection to: https://server.domain.local/devicemanagemt/api/device/mdm_connect (com.apple.mdmconfig.mdm) because don't have a valid MDM AuthToken


The php.log on the Mac Mini running the profile manager returns the following error:


:: [6840] [2015/11/25 17:35:05.436] <10.190.42.20> Time since script start: 67001us [https://server.domain.local/devicemanagement/api/device/mdm_checkin] 1:: [6840] [2015/11/25 17:35:05.436] <10.190.42.20> >>> Processing PUT mdm_checkin 0:: [6840] [2015/11/25 17:35:05.439] <10.190.42.20> checkin: "UserAuthenticate" 1:: [6840] [2015/11/25 17:35:05.446] <10.190.42.20> User with GUID D87DF296-A435-4CC2-B3BD-153428DD867B is unknown or a local user. No lab session will be created. 0:: [6840] [2015/11/25 17:35:05.447] <10.190.42.20> EXCEPTION: 403 Forbidden - Target not found for UserAuthenticate at #0 /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/php/md m_checkin.php(94): DieForbidden('Target not foun...') #1 /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/php/db .php(396): _checkin_transaction(Array) #2 /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/php/md m_checkin.php(173): PerformInTransaction('_checkin_transa...', Array) #3 {main} 1:: [6840] [2015/11/25 17:35:05.448] <10.190.42.20> <<< Sent Final Output (14 bytes) - PUT mdm_checkin 0:: [6840] [2015/11/25 17:35:05.448] <10.190.42.20> Completed in 78ms | 403 Forbidden [https://server.domain.local/devicemanagement/api/device/mdm_checkin] 1:: [6644] [2015/11/25 17:48:39.193] <10.190.42.20> Time since script start: 60476us [https://server.domain.local/devicemanagement/api/device/mdm_connect] 1:: [6644] [2015/11/25 17:48:39.193] <10.190.42.20> >>> Processing PUT mdm_connect 1:: [6644] [2015/11/25 17:48:39.200] <10.190.42.20> Found target Mac: <'testosx'[419]> 0:: [6644] [2015/11/25 17:48:39.200] <10.190.42.20> Status="Idle" 1:: [6644] [2015/11/25 17:48:39.307] <10.190.42.20> <<< Sent Final Output (0 bytes) - PUT mdm_connect 0:: [6644] [2015/11/25 17:48:39.307] <10.190.42.20> Completed in 174ms | 200 OK [https://server.domain.local/devicemanagement/api/device/mdm_connect]


So it seems that the Profile Manager can't identify the Active Directory user. I'm not sure in which direction to look to troubleshoot this further and google hasn't helped much in this case. Has anyone run into this before?

OS X Yosemite (10.10.5)

Posted on Nov 26, 2015 3:22 AM

Reply

There are no replies.

profile manager config profiles to AD accounts\Groups

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up