Jamf SCEP Proxy

khey
Contributor

Hi all,

I am currently having a problem with deploying SCEP payload for a Wifi Profile.

The profile failed with this error
177748c85fab4291a1bd15f69b165fa8

OSS Error 67701 points to An invalid record was encountered.

My SCEP Payload
1664aae40a4c4cc5b54de5f2befc50b3

I have uploaded the SCEP signing Cert under the external CA PKI Certificate setting by following this article link

Any feedback would be greatly appreciated.

Thanks

10 REPLIES 10

khey
Contributor

Hi all,

Am seeing Error 405 Method not allowed with my SCEP payload. Anyone has seen the error before?

Thanks

2b31b617c6544a2f8a35762aad18b317

Tigerhaven
Contributor

hi @khey did you ever find out why this was happening as we are seeing the same thing.

Kunal V

danny_b
New Contributor II

Hi @khey ,

Did you find a solution to this problem already?

Thanks!

Eigger
Contributor III

Any news?

Anonymous
Not applicable

I had a similar issue with the AD CS connector. I went to the certificate server, opened server manager, clicked on tools and opened Certificate Authority. In there I was able to see the failed request. I discovered it was my subject name giving error then my template was wrong. Once I fixed those, it was able to deploy the configuration profile.

esutedy
New Contributor II

@Tigerhaven ,@d.svejda ,@Eigger Sorry all. Wasnt aware that there were responses.
First under Jamf Pro URL, remove any entry inside "JAMF PRO URL FOR ENROLLMENT USING BUILT-IN SCEP AND IPCU"
Secondly, under the SCEP Server IIS HTTPS binding, ensure you bind the right certificate.

pbenware1
Release Candidate Programs Tester

Not sure if this will help or not. Using SecureW2 as our vendor and Active Directory.
We went through this last year. Took for.ev.ah. to get it working. Lots of trial and error and many hours on the phone with SecureW2 and our network guys.
Anyway, now that its working for us, one thing I note that's different between my config and yours is the formatting of the content in Subject Alternative Name Value.

In my config we use different separators (though its entirely possible this is either vendor specific or makes no difference whatsoever);
$EMAIL;;$COMPUTERNAME;$UDID;$EXTENSIONATTRIBUTE_25

Note; the double ;; is intentional.
also note; $EXTENSIONATTRIBUTE_25 is the LDAP attribute variable, capturing our assigned user AD UUID.

caitlin_mabe
New Contributor

@pbenware1 Using SecureW2 as well and just stared having this problem - <NSOSStatusErrorDomain:-67701>. What was the fix for you?

grahamfw
New Contributor III

@caitlin.mabe for us it was because the computer record didn't have a username associated with it in Jamf, so there was no user to put in the certificate to identify the user.

Hope you got this figured out before now! :)

Slawford
New Contributor III

What was the fix for this?