OS X Exchange Configuration Profile Issues

bgreeno
New Contributor III

I have an interesting issue that I've been working through for awhile. First by myself and then with the help of the wonderful support team at JAMF. However, we're still stuck.

The issue occurs when trying to push out a Configuration Profile for Exchange for OS X. All the server info is entered correctly and we're using the username ($USERNAME) and email ($EMAIL) variables correctly so that everything auto-fills correctly when pushed to the Mac.

The problem occurs with the password field (which of course I need to leave empty because the config profile will go out to all staff/faculty). When the config profile gets pushed and the Exchange account information is entered, the "blank" password is included. As soon as Apple Mail is opened, instead of prompting for the password it appears to be trying to submit a blank password as the password, which ends up locking the users account in Active Directory. If we then enter the user's correct password and then I go into AD and unlock the account, Mail, Calendars, and Contacts start working perfectly.

At this point we've isolated it to the password field in the Exchange Configuration Profile in JSS. Obviously, pushing it out and then having to manually unlock each user's account is not an option. We know that all the other information in the Configuration Profile is correct. Has anyone had any success pushing out an Exchange Configuration Profile for OS X through JSS? Any help you can provide would be tremendous!

6 REPLIES 6

jpfromdc98
New Contributor III

Create the config profile in profile manager in OSX Server, then export it, then import it into the JSS. I've had issues in the past with a few config profiles created in the JSS don't work correctly or push out false information. For some reason, creating them in profile manager, then importing them into the JSS seems to be the ticket.

bgreeno
New Contributor III

@jpwade31][/url I tried your suggestion, but no dice. The blank password field still caused the account to be locked out upon launching.

Let me know if you would like any details about what info I'm populating. I think I can edit it to where it doesn't show any organizational info.

Look
Valued Contributor III

Just a guess here based on the behaviour. I think you need to find a way to not push any password at all, as opposed to a blank password.
Maybe by exporting the policy, editing out the password part using the tool that lets you edit profiles (sorry I forget the name at the moment but I know there is one) and then reimporting.
No password should result in a prompt, where as a pushed blank password might result in a connection attempt using the blank password.

bgreeno
New Contributor III

@Look Good thoughts. That is where I'm struggling. I agree with you that

No password should result in a prompt, where as a pushed blank password might result in a connection attempt using the blank password.

, but I can't figure out how to do this.

Even if I remove the $USERNAME and $EMAIL variables and try installing the config profile via command line, the OS does not prompt for the credentials because the configuration profile install was forced. If I drop the config profile on the desktop and double-click it, it prompts the user to enter all the info for the Exchange account - including the password. But doing it that way I might as well instruct them to configure the Exchange account in System Preferences > Internet Accounts because it would be about the same experience for them and prevent me having to worry about putting the config profile on the Desktop (or other accessible location) and then removing it afterwards.

I wish I could see why/when the blank password is being submitted and why it isn't prompting. I can't be the first person to push an Exchange settings config profile out to managed Macs, but I'm at a loss for why it isn't prompting for a password when the field is empty in the config profile. Thanks for all your help and thoughts! If you think of the config profile editing tool you were referring to let me know.

chmp1
New Contributor II

Any luck resolving this?

lunddal
Contributor

Old thread, but I'm having the same problem. Mail doesn't ask for the password.

Going to System Preferences > Accounts does, but then the users could just skip the config profile and add an account manually.