profile manager config profiles to AD accounts\Groups
Hey everyone,
I'm new to the apple system administration world and running into an issue.
I've been troubleshooting using the profile manager to push settings to Active Directory users.
The Mac Mini is running OS X 10.10 and joined to our AD.
I installed the server app (5.0.15) and enabled the Profile manager. I set it up to use a self signed cert and enrolled an mac. I can push config profiles to the devices with no issues.
When pushing settings to an Active Directory User or Active Directoy group it seems to fail.
When logging on with an AD account to the enrolled mac the following error is logged:
MDM Client: *** ERROR *** [Agent:1484649110] Unable to proceed with connection to: https://server.domain.local/devicemanagemt/api/device/mdm_connect (com.apple.mdmconfig.mdm) because don't have a valid MDM AuthToken
The php.log on the Mac Mini running the profile manager returns the following error:
:: [6840] [2015/11/25 17:35:05.436] <10.190.42.20> Time since script start: 67001us [https://server.domain.local/devicemanagement/api/device/mdm_checkin] 1:: [6840] [2015/11/25 17:35:05.436] <10.190.42.20> >>> Processing PUT mdm_checkin 0:: [6840] [2015/11/25 17:35:05.439] <10.190.42.20> checkin: "UserAuthenticate" 1:: [6840] [2015/11/25 17:35:05.446] <10.190.42.20> User with GUID D87DF296-A435-4CC2-B3BD-153428DD867B is unknown or a local user. No lab session will be created. 0:: [6840] [2015/11/25 17:35:05.447] <10.190.42.20> EXCEPTION: 403 Forbidden - Target not found for UserAuthenticate at #0 /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/php/md m_checkin.php(94): DieForbidden('Target not foun...') #1 /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/php/db .php(396): _checkin_transaction(Array) #2 /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/php/md m_checkin.php(173): PerformInTransaction('_checkin_transa...', Array) #3 {main} 1:: [6840] [2015/11/25 17:35:05.448] <10.190.42.20> <<< Sent Final Output (14 bytes) - PUT mdm_checkin 0:: [6840] [2015/11/25 17:35:05.448] <10.190.42.20> Completed in 78ms | 403 Forbidden [https://server.domain.local/devicemanagement/api/device/mdm_checkin] 1:: [6644] [2015/11/25 17:48:39.193] <10.190.42.20> Time since script start: 60476us [https://server.domain.local/devicemanagement/api/device/mdm_connect] 1:: [6644] [2015/11/25 17:48:39.193] <10.190.42.20> >>> Processing PUT mdm_connect 1:: [6644] [2015/11/25 17:48:39.200] <10.190.42.20> Found target Mac: <'testosx'[419]> 0:: [6644] [2015/11/25 17:48:39.200] <10.190.42.20> Status="Idle" 1:: [6644] [2015/11/25 17:48:39.307] <10.190.42.20> <<< Sent Final Output (0 bytes) - PUT mdm_connect 0:: [6644] [2015/11/25 17:48:39.307] <10.190.42.20> Completed in 174ms | 200 OK [https://server.domain.local/devicemanagement/api/device/mdm_connect]
So it seems that the Profile Manager can't identify the Active Directory user. I'm not sure in which direction to look to troubleshoot this further and google hasn't helped much in this case. Has anyone run into this before?
OS X Yosemite (10.10.5)