Posted on 05-14-2015 12:31 PM
Is anyone else running into a problem with fresh Yosemite Macs, not able to get a certificate from an Active Directory Certificate Server using the AD Certificate Config Profile? It's working fine for Mavericks, but not Yosemite. I took the exact same Mac, built it with our Mavericks configuration and it worked. I then re-built it with our Yosemite configuration, and it didn't work. "Cert Request Failed" is the only error we see.
Even when trying manually using profiles -I -F <path to mobileconfig file> doesn't work.
JSS version 9.66 which will be upgraded to the latest version later this week.
I wanted to ask here before I opened a ticket.
Thanks
Posted on 05-14-2015 12:45 PM
It is working ok for us at a couple of sites.
I would have a look at the settings on the certificate template on the CA and the server side logs.
The client won't tell you much, other than the enrollment failed. I think that is by design to avoid compromising security.
Posted on 05-14-2015 12:48 PM
Thanks David. I can't post the template for security reasons. Are you on 9.72?
Posted on 05-14-2015 12:54 PM
It's 9.65 in our case.
Posted on 05-14-2015 01:12 PM
Good to know you got it working. Unfortunately the ADCS server is supported by another team in another state.
Posted on 05-14-2015 01:20 PM
Hopefully it will be embraced with open arms!
I'm working for an external support company so always have to request changes from the onsite CA server admin at the clients sites. It can be a challenge sometimes.
Posted on 05-15-2015 11:02 AM
Hi,
at first - I added the CA and the Intermediate CA Certificate to the mac ...
after that i configured the CA Settings within the same Configuration profile like this:
Be sure that:
The Certificate Template exists
The User you are using is existing and has rights on the template
You use HTTP (without S!) to connect to certsrv.
But - I have some issues too which i couldnt address so far - i thought about DNS but that can't be a Problem.
bofh
Posted on 05-20-2015 02:11 PM
@ndelgrande2 Works fine for us, are the clients bound at the time of the request?
Posted on 05-20-2015 02:14 PM
Yes, everything has been setup and working since 10.9. It was just showing as "pending" forever for any new Yosemite Configuration. We think the ADCS box was having issues, as I just heard certs are pulling again but I need to test.
Thanks for all the help and feedback.