Posted on 04-03-2016 10:06 AM
APNS certificate was up for renewal and so I renewed, but I renewed the wrong certificate and then revoked the proper one (face palm). This means any iOS device I needs to re-enroll, simple solution, except...one of my restrictions is that the option to erase all content and settings is disabled (face palm again). so I can't use that option. I am running out of ideas and feel like I have a bunch of bricks that work as iPads but have no manageability to them. Any thoughts or suggestions?
On the flipside, I have the issue with OSx side figured out for the APNS.
Solved! Go to Solution.
Posted on 04-03-2016 09:38 PM
you could use apple configurator 2 and restore them to factory default, then you could enroll them? Not the best if you have a lot of iPads...
Posted on 04-03-2016 10:41 AM
Would User-Initiated Enrollment for Mobile Devices take care of the issue?
Posted on 04-03-2016 09:38 PM
you could use apple configurator 2 and restore them to factory default, then you could enroll them? Not the best if you have a lot of iPads...
Posted on 04-04-2016 07:11 AM
Well, the User-Initated Enrollment didn't fly. When installing the MDM portion an error occurs saying "Profile Installation Failed - A profile containing an MDM payload must be removable." Next up, give Apple Configurator a shot to at least see if I can use that as a last resort. Not a ton of iPads, but 167 is plenty enough.
Posted on 04-04-2016 07:35 AM
do you make regular backups of the jss? try to restore a backup from before you pooched the cert?
maybe, depending your your backup method, restore to a new machine just to test first. if it works roll back your live environment.
you will loose some inventory data between your restore point in now but it might get you running again
Posted on 04-04-2016 08:10 AM
Unfortunately, I do not. (Slap on wrist) Would have been a good solution.
Posted on 04-04-2016 08:25 AM
I'd probably be going down the Apple Configurator route as well. Unless the devices are due to be replaced soon?
Posted on 04-04-2016 11:48 AM
Used configurator on JSS server that I used to set them all up with, wiped them out, the used DEP to add them back in (also while removing restriction on erase all content and settings on the DEP enrolled devices). Especially since DEP helps ensure the device is tied to my MDM.