Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: joehoho
joehoho Author
User level: Level 1
4 points

EXCEPTION: Error <-[DMHelper getIdentityDataForPersistentRef:encryptedWithPassword:] (/Library/Caches/com.apple.xbs/Sources/RemoteDeviceManagement/RemoteDeviceManagement-912.2/Compiled/Framework-Base/Support/DMHelper.m:167): "'((DMHELPER_GetIdentity

Hello,


Just got a problem after OS 10.12.4 -> 10.12.5 & macOS Server 5.3.1 upgrade.

The Profile Manager no longer work, status keep Off and unable to turn On again.


Restored the full OS with TimeMachine, works fine, but fails after the upgrade again 😟


There is an error found in the log file /var/log/devicemgr/devicemgrd.log while bring up the service.


1:: [51301] [2017/06/02 14:28:06.925] Incoming request: readAppDistributionSettings

1:: [51301] [2017/06/02 14:28:06.931] Incoming request: readSimplifiedDeviceEnrollmentSettings

1:: [51301] [2017/06/02 14:28:06.936] Incoming request: writeSettings

1:: [51301] [2017/06/02 14:28:06.944] EXCEPTION: Error <-[DMHelper getIdentityDataForPersistentRef:encryptedWithPassword:] (/Library/Caches/com.apple.xbs/Sources/RemoteDeviceManagement/RemoteDeviceManag ement-912.2/Compiled/Framework-Base/Support/DMHelper.m:167): "'((DMHELPER_GetIdentityFromRef(self.connection, mCertRef, mCertRefCnt, mPassword, mPasswordCnt, &mPKCS12Data, &mPKCS12DataCnt)))' error -25304">

USERINFO: {

NSLocalizedDescription = "Carbon error -25304";

}

1:: [51301] [2017/06/02 14:28:41.737] Incoming request: readSettings

1:: [51301] [2017/06/02 14:28:49.440] Incoming request: readSettings


Anyone has idea or got the same problem?


Regrads,


Joe

macOS Sierra (10.12.5), macOS Server 5.3.1

Posted on Jun 1, 2017 11:37 PM

Reply
1 reply
User profile for user: mscott_mdm
mscott_mdm
User level: Level 2
459 points

Jun 3, 2017 2:54 PM in response to joehoho

This error means that Profile Manager is unable to fetch either the SSL identity or OD CA identities from the system keychain. You should use Keychain Access to find these identities There will be "identity preference" entries with names like MACHINE_IDENTITY, OPENDIRECTORY_ROOT_CA_IDENTITY, and OPENDIRECTORY_INT_CA_IDENTITY that will help you find these identities. On each one, you will need to find the identities' private keys, double-click on those, click the "Access Control" tab, and make sure the "Allow all applications to access this item" is selected.


There have been issues with some Time Machine backups that can cause those OD identities to be missing. If that's the case, the damage is irreversible and you will have to setup Profile Manager from scratch.

Reply

EXCEPTION: Error <-[DMHelper getIdentityDataForPersistentRef:encryptedWithPassword:] (/Library/Caches/com.apple.xbs/Sources/RemoteDeviceManagement/RemoteDeviceManagement-912.2/Compiled/Framework-Base/Support/DMHelper.m:167): "'((DMHELPER_GetIdentity

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up