Skip to main content

APNS certificate was up for renewal and so I renewed, but I renewed the wrong certificate and then revoked the proper one (face palm). This means any iOS device I needs to re-enroll, simple solution, except...one of my restrictions is that the option to erase all content and settings is disabled (face palm again). so I can't use that option. I am running out of ideas and feel like I have a bunch of bricks that work as iPads but have no manageability to them. Any thoughts or suggestions?



On the flipside, I have the issue with OSx side figured out for the APNS.

Would User-Initiated Enrollment for Mobile Devices take care of the issue?

you could use apple configurator 2 and restore them to factory default, then you could enroll them? Not the best if you have a lot of iPads...

Well, the User-Initated Enrollment didn't fly. When installing the MDM portion an error occurs saying "Profile Installation Failed - A profile containing an MDM payload must be removable." Next up, give Apple Configurator a shot to at least see if I can use that as a last resort. Not a ton of iPads, but 167 is plenty enough.

do you make regular backups of the jss? try to restore a backup from before you pooched the cert?



maybe, depending your your backup method, restore to a new machine just to test first. if it works roll back your live environment.



you will loose some inventory data between your restore point in now but it might get you running again

Unfortunately, I do not. (Slap on wrist) Would have been a good solution.

I'd probably be going down the Apple Configurator route as well. Unless the devices are due to be replaced soon?

Used configurator on JSS server that I used to set them all up with, wiped them out, the used DEP to add them back in (also while removing restriction on erase all content and settings on the DEP enrolled devices). Especially since DEP helps ensure the device is tied to my MDM.

Terms & ConditionsCookie settings