Unable to manually enroll a device

New Contributor III

Hey guys,

I was trying to enroll iPhone 6S Plus on 10.2.1. Wasn't able to on that particular phone for some reason. I tried on another similar device and was successfully able to manually enroll it.

I was able to install and trust the CA cert but was unable to install the MDM portion. It gave a very generic fail to install response. There aren't any other profiles on the phone.

Current JSS Version: 9.97

Not sure if anyone had seen this before or not. Any tips or tricks to try would be greatly appreciated.

Thanks in advanced!


New Contributor II

I'd check the date & time on the phone. Check this out and see if this helps


Contributor II

Is the iPhone on iOS 10.3?

Beginning with iOS 10.3, during user-initiated enrollment of a device, the MDM profile is unable to be installed if the device does not trust the JSS built-in certificate authority (CA) signed Tomcat SSL certificate. This is also true of any Tomcat SSL certificates that are self-signed or issued from a CA that the device does not trust by default. In previous versions of iOS, installing the CA certificate during enrollment caused the device to trust the CA but this is no longer the case. This is the result of intended behavior and will not be resolved.
To manually trust the CA certificate installed during enrollment on the iOS device, go to Settings > About > Certificate Trust Settings.
For a list of trusted certificates for iOS devices, see the following Apple Knowledge Base article: https://support.apple.com/en-us/HT204132