Posted on 03-09-2022 08:19 AM
now a year into my Jamf pro experience (so still relatively newb) .. but one thing I have not been able to figure out is I have not been able to successfully use Jamf to pull down a cert for our wireless. Same configurations built from apple configurator work with a manual install, but when deploying the same from Jamf it does not pull down the cert. Originally was pulling directly from AD (so had to be on internal network via LAN for this to work) and now we are attempting a SCEP proxy connected to Jamf. In the original the config would install, just with out the proper cert being acquired, but the SCEP profile looks like its just stuck attempting to install. SCEP maybe a different issue as the server logs show this:
"[CEPChallengeConfiguration] - $MSSCEPCHALLENGE found for a challenge password but no event listeners returned a challenge. Setting to a blank string.
2022-03-09 14:52:47,105 [ERROR] [ina-exec-48] [InstallProfile ] - Error getting SCEP challenge response from server
com.jamfsoftware.jss.exceptions.mdm.ScepChallengeBlankException: Setting a blank challenge, returning!"
Reached out to a co-worker to check if they can see if they can see the incoming traffic, any thing else I should be looing at with the described behavior?
Posted on 03-09-2022 09:35 AM
additional note on client side I am not seeing any reference to the profile attempting to install in the jamf.log or install.log any other places I should be looking?
Posted on 05-05-2022 07:54 PM
Hi @jpeters21 , did you get any chance to fix this issue
Posted on 05-10-2022 07:09 AM
I did not.. reached out to my network team to assist with troubleshooting at which time it got tabled. They are also in the middle of restructuring our VLANs so I suspect it would not get worked on again until that is complete.
Posted on 06-09-2022 08:48 AM
Hi any updates on your issue?
Posted on 06-20-2022 05:29 AM
Same issue here...
Posted on 07-06-2022 08:29 AM
Sorry nothing new to add.. and this does not seem to be a pressing issue for our network team to work with me on. The is a reality for us its an additional few second on the clients for our support techs who do most of the setups vs. the hours our engineers/administrators would spend tracing the issue, and work from home people were zero touch deployment may be desired don't need internal wireless.
Posted on 07-06-2022 01:06 PM
@jpeters21 did you use the exact same FQDN as the certificate expects?
Posted on 07-06-2022 01:18 PM
using ADCS connector were we never actually getting to the point were we acquired the cert, Jamf logs suggested no response from the host, but I got as far as seeing the request traffic come in the firewall.
Posted on 07-06-2022 01:28 PM
Could it be possible that if you have things like SSL inspection set up on your firewall would inspect certificates and making them invalid?