I have a wifi config profile that works on all my Macs but 2, even if I erase and reinstall the os. When it is installed manually or through self-service it is generating an error "The ‘Active Directory Certificate’ payload could not be installed. The certificate request failed.". I have run the debug logs and I am waiting to get access to the CA server to view its cert request logs. Have the Mac bound to the AD and it is connected to the internal network via ethernet when the certs are installed but nothing happens and jamf generates the error above. While I'm waiting for access to the CA server, does anyone have any guesses about why it's not allowing the AD cert to install?
The computer record might be disabled. There might be an AD attribute that is required but not populated (dNSHostName for example). The computer record might not have permissions to use the cert template.
Since rejoining a computer to an existing AD record won't fix unpopulated attributes and you can rejoin to a disabled record, I'd check those. Did you delete the record and rejoin as part of your troubleshooting?
You need to learn Active Directory or have someone with permissions do this for you, then. It doesn't sound like you have permissions or training and that's outside the scope of this thread. I don't want to tell you what to do for your particular environment.
Basically, when you join a computer to Active Directory, it either creates a new computer record or joins to an existing one. If there is a problem with that computer record that is causing the CSR to fail, then you'll need to address that at the AD level because reimaging won't solve it. The AD record would still have the same problem unless you deleted it prior to reimaging, which would force the Mac to create a fresh one.
@ACMT Can you elaborate on this? I'm trying to get my mac's to join our wifi on their own, or at least prompt for it, and i'm in a 'mac users should switch to pc's" type of house so it's a struggle to get much help on the AD side. I get the same error on a couple mac's i'm testing with, using the steps from here: https://sachinparmarblog.com/wireless-802-1x-eap-tls-on-mac-os-x/
Any other help that can be offered would be great.
I'm with @slundy , could you elaborate what within Active Directory you had to fix?
I don't/didn't know what to fix, so I just asked my AD guy to complete delete, then re-add the Active Directory object for the Macbook. After testing Config Profile push, and then testing again, this same Macbook came back with exactly the same error.
We have 1100+ Macbook that had succeeded in getting Wifi profile. We have 50 or so Macbook that fails this constantly. The Config Profile setup would be the same. I really don't know what's the diffference within AD.