Help

Jamf SCEP Proxy

khey
Contributor

Posted on ‎10-22-2018 10:17 PM

Hi all,

I am currently having a problem with deploying SCEP payload for a Wifi Profile.

The profile failed with this error
177748c85fab4291a1bd15f69b165fa8

OSS Error 67701 points to An invalid record was encountered.

My SCEP Payload
1664aae40a4c4cc5b54de5f2befc50b3

I have uploaded the SCEP signing Cert under the external CA PKI Certificate setting by following this article link

Any feedback would be greatly appreciated.

Thanks

0 Kudos
Reply
10 REPLIES 10

khey
Contributor

Posted on ‎11-01-2018 04:50 PM

Hi all,

Am seeing Error 405 Method not allowed with my SCEP payload. Anyone has seen the error before?

Thanks

2b31b617c6544a2f8a35762aad18b317

0 Kudos
Reply

Tigerhaven
Contributor

Posted on ‎08-08-2019 02:32 PM

hi @khey did you ever find out why this was happening as we are seeing the same thing.

Kunal V
0 Kudos
Reply

danny_b
New Contributor II

Posted on ‎08-19-2019 02:54 AM

Hi @khey ,

Did you find a solution to this problem already?

Thanks!

0 Kudos
Reply

Eigger
Contributor III

Posted on ‎09-18-2019 02:15 PM

Any news?

0 Kudos
Reply

Anonymous
Not applicable

Posted on ‎10-29-2019 08:01 AM

I had a similar issue with the AD CS connector. I went to the certificate server, opened server manager, clicked on tools and opened Certificate Authority. In there I was able to see the failed request. I discovered it was my subject name giving error then my template was wrong. Once I fixed those, it was able to deploy the configuration profile.

0 Kudos
Reply

esutedy
New Contributor II

Posted on ‎08-31-2020 12:06 AM

@Tigerhaven ,@d.svejda ,@Eigger Sorry all. Wasnt aware that there were responses.
First under Jamf Pro URL, remove any entry inside "JAMF PRO URL FOR ENROLLMENT USING BUILT-IN SCEP AND IPCU"
Secondly, under the SCEP Server IIS HTTPS binding, ensure you bind the right certificate.

0 Kudos
Reply

pbenware1
Release Candidate Programs Tester

Posted on ‎08-31-2020 07:49 PM

Not sure if this will help or not. Using SecureW2 as our vendor and Active Directory.
We went through this last year. Took for.ev.ah. to get it working. Lots of trial and error and many hours on the phone with SecureW2 and our network guys.
Anyway, now that its working for us, one thing I note that's different between my config and yours is the formatting of the content in Subject Alternative Name Value.

In my config we use different separators (though its entirely possible this is either vendor specific or makes no difference whatsoever);
$EMAIL;;$COMPUTERNAME;$UDID;$EXTENSIONATTRIBUTE_25

Note; the double ;; is intentional.
also note; $EXTENSIONATTRIBUTE_25 is the LDAP attribute variable, capturing our assigned user AD UUID.

0 Kudos
Reply

caitlin_mabe
New Contributor

Posted on ‎03-23-2021 12:17 PM

@pbenware1 Using SecureW2 as well and just stared having this problem - <NSOSStatusErrorDomain:-67701>. What was the fix for you?

0 Kudos
Reply

grahamfw
New Contributor III

Posted on ‎06-11-2021 05:46 AM

@caitlin.mabe for us it was because the computer record didn't have a username associated with it in Jamf, so there was no user to put in the certificate to identify the user.

Hope you got this figured out before now! :)

0 Kudos
Reply

Slawford
New Contributor III

Posted on ‎08-18-2022 09:25 PM

What was the fix for this?

0 Kudos
Reply