Config Profiles deploy on some machines, but not others

Stuey
New Contributor III

Hi all,

Hoping you can help me out.

I'm migrating our Wi-Fi Config profiles away from downloading the .mobileconfig file and installing with the profiles command, to distribute directly. We need to do this for our User based Wi-Fi Certificates, so that the users are prompted for renewal of the cert as it approaches expiry.

Strangely, I've bene able to apply the new Profiles to some machines, but not others. It is failing on more machines than it works on.

It fails whether distributed through Self-Service or pushed.
APNS works in our environment (as evidenced by being able to apply the profile to more than one device that is internal)

Any and all suggestions welcome.

6 REPLIES 6

bentoms
Release Candidate Programs Tester

@Stuey are there dependencies for the profile?

Such as an AD bind etc? If so, might be worth checking them.

ocla__09
Contributor

How does one push a user based profile? The only way for that to trigger is via a login event, correct?

Stuey
New Contributor III

@bentoms The Profile does generate an AD Certificate.
I've just tested on a machine with a known-good AD Bind (tested it seconds ago) and it's still failing.

I'm pretty much stumped as to what else it could be, Can't find a common denominator between machines. Some were User-Initiated enrollment, others were enrolled during imaging.

@ocla&&09 User Based config profiles can be pushed when you set the distribution method to "Install Automatically"1e51077b7cf34ed48a4fc232e940e5b3

ocla__09
Contributor

Ok. Am I mistaken in thinking that the install automatically will only get triggered at login for a login profile? Unlike computer profiles that are instantly deployed.

Stuey
New Contributor III

That would make sense, but is irrelevant to the problem, as the issue still occurs when the profile is made available through Self Service.

bentoms
Release Candidate Programs Tester

@Stuey So it's just an AD Certificate profile that is showing these issues?

If so, I have a blog post on some things that might help here, the logging part & the subsequent checking of those on the cert server are what I think might help narrow down the issue here.