Jamf Nation Community

dpertschi · ‎04-08-2014

I set up a lab, Casper 9.3 on Win2012. All the JSS and network requirements for profiles are meet, verified and in place, as best I can tell. First test profile, computer level, never makes it to the Mac.

JAMF log shows: "jamf[6182]: Problem installing MDM profile."

System log shows:
mdmclient[6586]: ** ERROR ** [SCEPPlugin:0] <: [MDM_SCEP_Enroll] Calling SCEPGetCACert. CA Ident: --> -915 (OSStatus -915)
mdmclient[6586]: ** ERROR ** [SCEPPlugin:0] <: [MDM_SCEP_Enroll] Retrying SCEPGetCACert with CA Ident: RetryCAIdent --> <NSOSStatusErrorDomain:-915>
mdmclient[6586]: Error: Unable to contact the SCEP server at ‚Äúhttps://casper.company.net:8443//CA/SCEP‚Äù. <MDM-SCEP:-915> from: InstallPayload in SCEPProfilePlugin
mdmclient[6586]: ** ERROR ** [Daemon:0] Unable to get MDM identity persistent reference with UUID: snip-4A414D460006 from profile: MDM Profile (snip-4A414D460003)
mdmclient[6586]: ** ERROR ** [Daemon:0] Unable to find MDM identity in keychain for profile: MDM Profile (snip-A000-4A414D460003)
mdmclient[6586]: ** ERROR ** [Daemon:0] Unable to get client identity for: <Payload: JAMF Manual Enrollment Payload: MDM (snip-A000-4A414D460004) from profile: MDM Profile (snip-A000-4A414D460003)

I'm using the built-in CA. Also interesting is that the client computer record reports MDM Capable: No. It's a bone stock 10.9.2 iMac.

Any suggestions on where to turn next?

dpertschi · ‎04-09-2014

I renewed the SSL certificate and profiles are now working.

View solution in original post

mpermann · ‎04-08-2014

Is the Push Certificate setup completed on the server? If not, you may want to start there.

dpertschi · ‎04-09-2014

Yes, APN cert installed.
Certificate based auth and push notifications enabled.
telnet to APN at 443, 2195, 5223 is successful.

The Mac is clearly getting instructions to install the MDM profile, but failing.
The JAMF log and the output of jamf manage -verbose shows:

Problem installing MDM profile.
Problem detecting MDM profile after installation.

No profiles ever show up in System preferences.

dpertschi · ‎04-09-2014

I renewed the SSL certificate and profiles are now working.

ebioit · ‎04-24-2014

By updating your SSL certificate under the Apache Tomcat Settings, you were able to enroll computers with MDM capability? I seem to be unable to add new Macs with MDM capability

printthelegend2 · ‎05-17-2014

I am also having the same issue, the reissused SSL cert is fixing the problem. I am getting the same error when I run jamf manage...any other ideas?

palitech · ‎08-01-2014

Hello. I am new to this and appreciate these forums very much> They are so useful. But i am in the jssdatabaseutil, and under "utilities" i see only the option of restarting tomcat, not stopping it. I have searched for how to stop it and have had no success. I have tried renewing the certificates without this step of stopping it and have not been successful. If anyone can point me in the right direction Id appreciate it greatly> Thanks I have some computers that enroll fine, and older imac labs we have are not MDM capable. but inventory is collected.

ShaunRMiller83 · ‎08-01-2014

@palitech

What platform are you running your jss on? Windows, OSX, Linux?

What version of MySQL are you running? If it's v8.6 or higher you should make sure strict mode is disable in your my.cfg or MY.INI file by putting a pound sign in front of the line in that file and save it.

palitech · ‎08-04-2014

@ShaunM9483
It is on OSX 10.9. Ok thanks I will try that.