Invalid Profile - iPad OS - Apple Configurator 2

sirsir
Contributor

I am trying to DEP a number of iPads via Apple Configurator 2. I have done this in the past on 700 iPads with no issue. However now I am getting the following error: Invalid Profile [MCProfileErrorDomain – 0x3E8 (1000)]

My organization is set correctly in Apple Configurator, as is the enrollment URL. The iPads are assigned in Apple School Manager and have been added to the correct PreStage config in JAMF.

If I setup an iPad manually by hand, it also fails with the message "Invalid Profile."

11 REPLIES 11

Victor_Barrera
New Contributor II

I will try to create a new Pre-Stage Enrollment and asign to this iPad only, and check if you get a different message.

Heavy_D
Contributor III

Did you ever get this resolved I am getting the same error with an iphone enrollment.

sirsir
Contributor

I did not, still getting invalid profile when enrolling. If I go back in the setup wizard and forward a few times, I can get it to go through. Sounds like it's hitting a node that has an invalid cert or something.

ESensenbrenner
New Contributor

Have you made sure to put the Serial Number of the device into the school manager? Maybe try running configurator, having it fail, enter the serial number and then seeing if you get the invalid profile still. Or add the serial number to the school manager before running configurator.

alab
New Contributor II

Follow these?
1. Add to DEP using Apple Configurator 2.5
2. Assign to your MDM in ABM/ASM
3. Assign to PreStage Enrolment Profile
4. Wipe/Restore the iOS devices again using Apple Configurator 2.5

sirsir
Contributor

Can you explain step #1 on your list? I've always plugged them into configurator, restored them to the latest OS, and then went through automated enrollment (making sure to select a WiFi profile first.)

The iPads were assigned to ASM months ago, and I've already went through and re-added them again.

wifichallenges
Contributor II

Did you ever get this resolved? after days trying to follow various instructions to get something into mdm (and the solution being that the MDM is actually school.apple.com NOT our jamf URL grrrrr....) i now get stuck with this invalid profile message. I thought it was the wireless profile i was trying to apply (nothing can be fucking clear ever in apple land...) but i reformatted the ipod and used the USB internet sharing from a mac laptop to make the internet connection.

on the device itself remote management screen, i get "invalid profile" but i have no idea what its reffering to. On the apple configurator, i get the message as above "invalid profile [MCProfileErrorDomain - 0x3e8 (1000)]

I will continue my research.

wifichallenges
Contributor II

Oh i just got it. actually the trick is that you do your prepare. Prepare finishes, and before you configure the ipod, you switch it in school manager to use jss as the mdm server. With that done, the remote management doesnt even run and it comes up as basically a unconfigured ipod. You walk through all the steps till you get to the home screen. Then you factory wipe the ipad.

next time it comes up, it will do the remote management, be registered in JAMF and it all works! no profile error.

ref: https://www.jamf.com/jamf-nation/discussions/25416/configurator-2-5-and-enrolling-ios-11-devices-in-dep (specifically the post by haugena)

Andrew-I
New Contributor

I just had this exact error in my new development environment. The fix (for me) was to re-create the Organization profile as part of the Prepare steps. I'm testing MDM differences, so have two MDMs setup (Jamf and the other both had this same error).

So last thing to try was to choose the 'New Organization' option on the 'Assign to Organisation' option. It revalidated with the ABM apple ID and then the prepare went through on the iPad without error.

However, I now have two items in my Org list have exactly the same string, which isn't brilliant. So I head on over to Configurator 2 Preferences, Orgs, and then look for the one that has the older certificate date when you click on 'Show Supervision Identity...' - this is where I find that the older idendity appears to have an untrusted cert, and the newer one is trusted. Date ranges are valid on both, as to why the older org profile is untrusted, I can only guess.

So I assume this untrusted cert is the root of the error, have now removed accordingly.

RobbieG
New Contributor III

We get this all the time with devices not bought directly from Apple. It happens basically because Configurator adds it to Apple School Manager but there isn't a profile / enrollment waiting for it in Jamf yet. So basically you can ignore the error - go to ASM find the serial and assign it to your server - go to Jamf and add it to a prestage enrollment - erase the iPod and when it comes back on it will enroll.

 

 

Tophernad
New Contributor II

I also found that if you are doing dynamic invitations and put the URL into Apple Configurator when you are first setting it up, AC will default to the static version. You will need to go and edit the server again to modify the server URL again.