Enrolling with Management Server Failed

Knight_Owl
New Contributor III

Hello Jamf Community, 

We are currently in the process of setting up an on-premises Jamf server but have encountered an error. The computer begins to enroll with the MDM after entering the user credentials in Remote Management, then retrieves enrollment profile, begins to install enrollment profile, then gives an error. 

The error: 

Enrolling with management server failed. 

Unable to contact the SCEP server at https://our-server-domain.local:8443//CA/SCEP 

 

Has anyone experienced this issue, or know what is causing it and how to fix it? Also, I am not sure why it is inserting two forward slashes after the port and before CA: 8443//CA.

 

Any and all help is greatly appreciated.

 

Thank you.

1 ACCEPTED SOLUTION

Knight_Owl
New Contributor III

Found the cause of the issue. It was an incorrectly configured CA Certificate for the Web Server.

View solution in original post

3 REPLIES 3

AJPinto
Honored Contributor II

Have you made sure all the proper ports are open for a JAMF Environment? Assuming your datacenter is setup for least privileged access and the sever is setup correctly I'd start with network related issue.

 

Knight_Owl
New Contributor III

Hi AJPinto,

Thanks for the reply. Yes, we have opened the necessary ports and IP ranges. An update to this post. I tried to enroll it using the web enroll, to check if that gave a different error, which it did.

The Error for Web Enroll:
Profile Installation failed.

The certificate for this server is invalid. You might be connecting to a server that is pretending to be "hostname.domain.local" which could put your confidential information at risk. If the server's certificate cannot be verified using a trusted root authority, you must install the "Trust Profile" for the server.

 

So, perhaps this is why the Pre-Stage enrollment is not working as well. Question is, how do I correct this? 

For the Apache web server, we are using our AD as the CA, but we are also using the built-in CA of Jamf Pro. Could this be creating a conflict? Do I need to push the root CA of AD with the profile installation? Also, these computers were added to Apple School Manager using Apple Configurator on the iPhone. Do I need to add the certificates on Apple Configurator before I added them to ASM? 

Still researching. I appreciate any feedback on this. Thank you.

Knight_Owl
New Contributor III

Found the cause of the issue. It was an incorrectly configured CA Certificate for the Web Server.