Skip to main content
Solved

Problem installing MDM profile

dpertschi
Forum|alt.badge.img+19

I set up a lab, Casper 9.3 on Win2012. All the JSS and network requirements for profiles are meet, verified and in place, as best I can tell. First test profile, computer level, never makes it to the Mac.

JAMF log shows: "jamf[6182]: Problem installing MDM profile."

System log shows:
mdmclient[6586]: ** ERROR ** [SCEPPlugin:0] <: [MDM_SCEP_Enroll] Calling SCEPGetCACert. CA Ident: --> -915 (OSStatus -915)
mdmclient[6586]: ** ERROR ** [SCEPPlugin:0] <: [MDM_SCEP_Enroll] Retrying SCEPGetCACert with CA Ident: RetryCAIdent --> <NSOSStatusErrorDomain:-915>
mdmclient[6586]: Error: Unable to contact the SCEP server at “https://casper.company.net:8443//CA/SCEP”. <MDM-SCEP:-915> from: InstallPayload in SCEPProfilePlugin
mdmclient[6586]: ** ERROR ** [Daemon:0] Unable to get MDM identity persistent reference with UUID: snip-4A414D460006 from profile: MDM Profile (snip-4A414D460003)
mdmclient[6586]: ** ERROR ** [Daemon:0] Unable to find MDM identity in keychain for profile: MDM Profile (snip-A000-4A414D460003)
mdmclient[6586]: ** ERROR ** [Daemon:0] Unable to get client identity for: <Payload: JAMF Manual Enrollment Payload: MDM (snip-A000-4A414D460004) from profile: MDM Profile (snip-A000-4A414D460003)

I'm using the built-in CA. Also interesting is that the client computer record reports MDM Capable: No. It's a bone stock 10.9.2 iMac.

Any suggestions on where to turn next?

Best answer by dpertschi

I renewed the SSL certificate and profiles are now working.

View original
    Did this topic help you find an answer to your question?

    8 replies

    mpermann
    Forum|alt.badge.img+22
    • mpermann
    • Valued Contributor
    • 690 replies
    • April 8, 2014

    Is the Push Certificate setup completed on the server? If not, you may want to start there.

    dpertschi
    Forum|alt.badge.img+19
    • dpertschi
    • Author
    • Contributor
    • 459 replies
    • April 9, 2014

    Yes, APN cert installed.
    Certificate based auth and push notifications enabled.
    telnet to APN at 443, 2195, 5223 is successful.

    The Mac is clearly getting instructions to install the MDM profile, but failing.
    The JAMF log and the output of jamf manage -verbose shows:

    Problem installing MDM profile.
    Problem detecting MDM profile after installation.

    No profiles ever show up in System preferences.

    dpertschi
    Forum|alt.badge.img+19
    • dpertschi
    • Author
    • Contributor
    • 459 replies
    • Answer
    • April 9, 2014

    I renewed the SSL certificate and profiles are now working.

    E
    Forum|alt.badge.img+3
    • ebioit
    • New Contributor
    • 9 replies
    • April 24, 2014

    By updating your SSL certificate under the Apache Tomcat Settings, you were able to enroll computers with MDM capability? I seem to be unable to add new Macs with MDM capability

    P
    Forum|alt.badge.img

    I am also having the same issue, the reissused SSL cert is fixing the problem. I am getting the same error when I run jamf manage...any other ideas?

    P
    Forum|alt.badge.img+4
    • palitech
    • Contributor
    • 15 replies
    • August 1, 2014

    Hello. I am new to this and appreciate these forums very much> They are so useful. But i am in the jssdatabaseutil, and under "utilities" i see only the option of restarting tomcat, not stopping it. I have searched for how to stop it and have had no success. I have tried renewing the certificates without this step of stopping it and have not been successful. If anyone can point me in the right direction Id appreciate it greatly> Thanks I have some computers that enroll fine, and older imac labs we have are not MDM capable. but inventory is collected.

    S
    Forum|alt.badge.img+11
    • ShaunRMiller83
    • Valued Contributor
    • 142 replies
    • August 1, 2014

    @palitech

    What platform are you running your jss on? Windows, OSX, Linux?

    What version of MySQL are you running? If it's v8.6 or higher you should make sure strict mode is disable in your my.cfg or MY.INI file by putting a pound sign in front of the line in that file and save it.

    P
    Forum|alt.badge.img+4
    • palitech
    • Contributor
    • 15 replies
    • August 4, 2014

    @ShaunM9483
    It is on OSX 10.9. Ok thanks I will try that.

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings