Error -915 (unable to contact the SCEP server at...

bobo
New Contributor III

I have a newly built JSS hosted on an RHEL 7 VM that I’m currently trialing. Everything is working well except my configuration profiles. It’s my understanding that a JSS can also act as a SCEP server. Is that correct? I have the push certificate configured and the necessary settings to allow the creation of the config profiles with various payloads. If I run a “sudo jamf manage” on the managed Mac after creating and uploading various config profiles, I receive an “error installing the computer level mdm profile: profiles install for file:’/library/Application Support/JAMF/tmp/mdm.mobileconfig’ and user:’root’ returned -915 (unable to contact the SCEP server at...linktomyscep
Problem installing MDM profile.
Problem detecting MDM profile after installation.

Am I missing something here? Mac is on Mojave, logged in as a local admin. I can’t seem to get any MDM profiles to load and apply on the Mac from the JSS. I can download them there and manually import but that defeats the purpose and seems like a bad idea since it’s not being managed and applied by the MDM. Thanks!

4 REPLIES 4

keith_lytle
New Contributor II

This is just to make sure since I would get random problems like this too, on a “user enrolled device” did you make sure the mdm profile is fully approved? I have had machines go through the process before but until I went back and checked that it was verified and approved certain things wouldn’t work all the way.

bobo
New Contributor III

The profiles show up green and verified when I import and download them manually from the JSS. I don’t see the option to approve them anywhere under profiles on the Mac. Should I be looking somewhere else?

sfurois
New Contributor II

Did you ever find an answer for this?

bobo
New Contributor III

I didn't. I did run a push diagnostics to see if it was due to necessary ports being closed and sure enough all required ports to Apples APN servers are closed. I'm pretty sure that its the issue though you'd think someone would have responded with that likely being the cause. Either way, I haven't had the ports opened up yet to verify.