Help

Configuration Profile Failed

maleuthold
New Contributor

Posted on ‎10-20-2016 08:13 AM

Got Error Message in Management

The 'Active Directory Certificate' payload could not be installed. The certificate server did not return a request ID.

it dont works since this morning.

any ideas ?

0 Kudos
2 REPLIES 2

m_donovan
Contributor III

Posted on ‎10-20-2016 07:39 PM

We are currently trying to make wireless certificate authentication work in our environment. I see this error a lot and it is seems to be caused by the AD certificate authentication failing which in turn causes the config profile to fail. This can be due to AD not communicating for a multitude of reasons (not being bound, binding broken, even time being off). Once the configuration profile fails you can clear the failed command in the device record or in the config profile logs after fixing the AD communication issue.

0 Kudos

Aaron
Contributor II

Posted on ‎10-20-2016 10:57 PM

Firstly, my condolences. I've recently had to look into 802.1x payloads in OSX, and I have less hair as a result.

I typically see this issue if the machine in question has an incorrect date/time, or the record in AD is missing (or the AD password has expired and the machine is trying to authenticate using stale credentials). Usually setting the correct date/time, and rebinding fixes it.

You might also see this is your issuing/root cert has expired, causing the trust to fail. Double check your certs to make sure they're still valid. I've found that you don't need to explicitly set trust to "always", just that it needs to be installed/part of the payload.

Also I've had no luck whatsoever in 10.8 - I know it's old now, but despite Apple saying they support it in 10.8 it has never worked for me.

0 Kudos