Help

OTA enrollment - Access Denied - Invitation is not valid

Go to solution
cgordy
Contributor

Posted on ‎09-19-2013 08:31 AM

Just discovered since upgrading to 9.01 that my mobile OTA URL enrollment does not work.

Error is:
Access Denied
This invitation is not valid

Invitation? I didn't think OTA URL enrollment used an invitation?

I checked the settings for my User-Initiated Enrollment for Mobile Devices and my option is still checkmarked to allow enrollment without an invitation...soooo what gives?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
cgordy
Contributor

Posted on ‎09-19-2013 08:49 AM

solved.

The generic user account that we use for URL OTA enrollment needed additional permissions.
Not sure why, but previously on the account, the only items checkmarked were for:

Computer Enrollment Invitations - CREATE
Mobile Devices - CREATE

Shooting in the dark, I gave all permissions to that account for Computer Enrollment Invitations
Mobile Devices
Enrollment Profiles

That fixed it.
I probably did some overkill, but in the heat of the moment trying to enroll some important devices, I can work until I figure out which permission fixed it.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
cgordy
Contributor

Posted on ‎09-19-2013 08:49 AM

solved.

The generic user account that we use for URL OTA enrollment needed additional permissions.
Not sure why, but previously on the account, the only items checkmarked were for:

Computer Enrollment Invitations - CREATE
Mobile Devices - CREATE

Shooting in the dark, I gave all permissions to that account for Computer Enrollment Invitations
Mobile Devices
Enrollment Profiles

That fixed it.
I probably did some overkill, but in the heat of the moment trying to enroll some important devices, I can work until I figure out which permission fixed it.

0 Kudos

Go to solution
musat
Contributor III

Posted on ‎09-19-2013 10:05 AM

I ran into the same situation. If I go back to see what minimal rights are need I'll post here. At this point it's not high on the list though.

0 Kudos

Go to solution
jgrimes
New Contributor

Posted on ‎06-30-2014 12:59 PM

My guess is that you only need 1 extra permission turned on in mobile devices - i turned them all on, and it allowed me to log in. I wasn't able to experiment to find out which ones weren't necessary.

0 Kudos