Can't enroll devices with Profile Manager - invalid key

Similar Messages

• Error enrolling devices in profile manager!!

  I have enrolling my macbook to the profile manager.
  When I go to the https://(FQDN)/mydevices/ , and I hit the enroll buttom after logining in, and download the config file, try to install.. I get an error that says:
  "The profile is either missing some required information, or contains information in an invalid format."
  The problem is that I managed to enroll my iPhone with no problems.. only my mac (which is running the server OS) is not enrolling.
  the certificate is valid from a trusted commercial thing..
  Can someone please help?

  only my mac (which is running the server OS) is not enrolling.
  Why are you trying to enroll your device management server in it's own device management?
  I've never tested anything like that, but I bet you can't do that...

• How can I disable backup for managed app with profile manager?

  I use Server App 3.1.2 to manage iOS devices with profile manager.
  Is it possible to exclude managed app's backup from users iCloud or iTunes backup?
  thanks
  Paolo

  Hi,
  Please use the following link (under "Manage Print Apps" to cancel/remove it:
    http://h10025.www1.hp.com/ewfrf/wc/document?docname=c02940901&cc=us&dlc=en&lc=en&product=5058336&tmp...
  Regards.
  BH
  **Click the KUDOS thumb up on the left to say 'Thanks'**
  Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

• Push config files made in Server app with Profile manager

  As I understand the manual you can distribuate configuration files with Profile manager.
  A bit confused now when I want to use Profile manager to distribuate a configuration file I´ve made in Server app.
  I saved a VPN configuration file and want to distribuate it with Profile manager but how do I import or add that file into the settings pane for my devices in profile manager?

  Hi,
  I have the same issue, very frustrating. Using a Win 2003 AD and 10.8.2 server and clients. If i use WGM I can see all users and groups correctly, but Server.app and Profile Manager does not show them correct.
  Strange that we see issues like this since Profile Manager has been around for a while, really interested to hear other peoples experiences.
  PS I see a similar thing here: https://discussions.apple.com/thread/4417085?start=0&tstart=0

• Can't log in to Profile Manager or My Devices with Active Directory logins

  I have an OSX Lion 10.7.4 Server set up with Profile Manager and it is joined to AD.
  I am able to see AD groups in the Profile Manager groups section.
  I can also see and add AD users and groups using the server app.
  I have enabled the "Can Enable Remote Management" check box for Domain Users through Profile Manager. I have also added Domain Admins to the Workgroup group in the Server app. I'm not sure that I want or need either of these options, but they were suggestions to try.
  I am not able to log on to the Profile Manager or My Devices pages with AD logins.
  I found these directions about nested groups in Workgroup Manager http://krypted.com/iphone/integrating-mac-os-x-lion-servers-profile-manager-with -active-directory/ but I don't have a com.apple.access_devicemanagement local group or any groups like are shown in the picture.
  Any ideas what I'm missing?
  Cheers,
  Ian

  I found the two pieces I was missing:
  1) Install the Lion Server Admin Tools
  Launch the Server Admin App
  Click on the server name in the left pane
  Click on the Access button in the upper part of the window
  Click on Profile Manager
  Either manually add specific groups to the list or if you're feeling brave choose the "Allow all users and groups" radio button
  2) Run the command line steps on this page to change the authentication to plain text to support AD authentication:
  http://support.apple.com/kb/HT4837
  Voila!

• Cannot enroll iOS 7 devices in Profile Manager

  Hi All,
  I had some new employees start today who had already updated to the iOS 7 GM and we're having issues enrolling them into profile manager, which we use for all contacts, email, wifi configuration.
  I noticed there was a server update to OS Server 2.2.2 (running on Mac OS X 10.8.5), and ran that already, rebooted and restarted all the services.
  When a user on an iOS 7 device visits https://server.com/mydevices and hits the "enroll" option, the profile downloads, opens sytem settings as would be expected, prompts for the 4 digit passcode and then fails to install stating "This iphone/iPad is not activated".
  Thinking this may have been a developer device, I updated one of our units using the release that happened a few hours ago. Again when I try to enroll I get the same error. I've also tried loading the enrollment profile to the device using Configurator, but no luck.
  I've also added UDID based placeholders in profile manager, and no luck.
  Anyone have any suggestions?
  Thanks!

  I was also having the same issue. Fortunately it has only been one device so far. Here is what I did...
  1. I updated the server to 10.8.5
  2. I updated Server to the newest version (2.2.2)
  3. I restored the device using iTunes to a default state.
  4. At this point I was able to get the Enroll button and enroll the device.
  Now I am running into an issue with it not pushing the settings to the device. But I am testing some things to see what I can figure out. All of my other devices are working just fine.

• Having issues with profile manager on 10.9 loosing users/device assignments.

  I'm having issues with profile manager on 10.9 loosing users/device assignments. Luckly I only have arround 70 devices added so far. The first time it happened I thought it was just a freak thing, but it has just happened again. What I find weird is nothing on the server was changed, no devices added. So when this happens my users phones lose access to email, because I'm using variables, which rely on the user being assigned to the device. Anyone know how to fix this, and if not. Does anyone know how to backup and restore just profile manager in 10.9. Thanks.

  I enabled all users in my AD "Domain Users" group access to "Profile Manager". I had also initially enabled "Profile Manager" access for a few individual users. Those users did not loss the device assignments. I'm not absolutely sure why/if allowing access for a group is causing this issue. Enabling access for each person would be very time consuming.... Maybe adding access to the individual users is importing that user into OD?

• Unable to push user profiles to AD groups with Profile Manager since upgrade to Server v3

  Since upgrading our OS X Mac server from 10.8.5 to 10.9.1, and OS X Server app to v3 (now 3.0.2) I have been unable to push or modify user profiles to AD groups (or AD users) using Profile Manager. This was working fine on OS X 10.8.5. Pushing device profiles is still working OK after the upgrade.
  From what I can see from the logs on the client side and server side, it seems related to a problem with the mdm authtoken.
  In the client console I can see this entry:
  27/01/14 14:30:15.844 mdmclient[38557]: *** ERROR *** [Agent:636102071] Unable to proceed with connection to: https://ourserver.ourdomain/devicemanagement/api/device/mdm_connect (com.apple.mdmconfig.mdm) because don't have valid MDM AuthToken
  On the server, in the php.log I can see the corresponding attempt to authenticate:
  1::Jan 27 14:29:50.930 [158] <192.168.28.171> {require_once (mdm_checkin.php:11)} vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv - PUT mdm_checkin
  0::Jan 27 14:29:50.931 [158] <192.168.28.171> checkin: 'UserAuthenticate'
  1::Jan 27 14:29:50.936 [158] <192.168.28.171> {Target_for_incoming_request (target.php:209)} Found target NETWORK LS: <User[156]@ourclientmachine>
  0::Jan 27 14:29:50.937 [158] <192.168.28.171> {LabSession_validate_auth_token (mdm_checkin.php:22)} Failed auth for target NETWORK LS: <User[156]@Device[1697]>, incoming_request={
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'MessageType'=>'UserAuthenticate',
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'UDID'=>'17aff5c5a40f51acbbd78023d0028c80',
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'UserID'=>'A5EA25B7-7CCD-4EF4-B240-F23DED275EEC'
  0::Jan 27 14:29:50.937 [158] <192.168.28.171> }
  1::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Sent Final Output (407 bytes)
  1::Jan 27 14:29:50.965 [158] <192.168.28.171> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - /devicemanagement/mdm/mdm_checkin
  0::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Completed in 34ms | 200 OK [https://ourserver.ourdomain/devicemanagement/api/device/mdm_checkin]
  So I can see there is a failure to authenticate, but don't really know how to troubleshoot this further. Or maybe this is just a bug in the new server app?
  I have tried to remove and re-enroll clients in Profile Manager but no joy there.
  In the client's Keychain I can see an MDM user AuthToken linked to the correct user account.
  Thanks in advance for any help or suggestions

  I just wanted to update my post, as this issue for me is resolved.
  I uninstalled and reinstalled the Server.app on our Mac server, since then I've been able to push profiles to AD Users and Groups. I guess that in my case the Server app got into a bit of a mess when it was upgraded to v3.
  Now the next headache I have is that my AD Groups which are displayed in Profile Manager are not syncing any recent changes. I think I'm probably seeing the same issue as described in this post
  https://discussions.apple.com/message/25420919#25420919

• Purge a device from Profile Manager

  Is there a way to completely remove any record of a device from profile manager ?
  Problem: I have two phones which were managed/supervised by Profile Manager/Configurator but were then reset and deleted from Profile Manager. BUT for some reason their SIMs have been swapped so when I reinstate them on Profile Manager it gets confused as it seems to have "remembered" each phone but using its old number i.e. the number on the SIM swapped to the other phone. As a result we cannot push any settings to those phones (they do enrol though).
  Any ideas?

  You're not going crazy :)
  There were a few posts about this problem along with a fix being posted
  The fix consisted of manually purging the sim/iphone  records from the profile manager database via terminal
  From memory the method changed when mountain lion was released, the old method didn't work
  Sorry I can't find the post that referred to the fix
  This problem persisted from lion to mountain lion, I'm not sure if it's been fixed

• Push profile with profile manager to two users on one mac

  I have been testing profile manager today. Very interesting setup.
  Unfortunately I ran into one problem:
  I have a profile for a group setup as a push profile.
  Two users of the group use the same mac.
  So I logged in as the first user, browsed to .../mydevices and installed the trust profile. Then I clicked enroll to enroll the Mac.
  Then I did the same with the second user on the same Mac.
  So far so good.
  When I log in again as the first user, the Mac isn't enrolled anymore. Strange but I went on.
  I made a change to the profile with Profile Manager on the server. I saved the settings and checked Active Tasks to see wether it pushed the settings.
  Displayed: Push Settings 1 of 2 in progress; 1 succeeded. first user sending, second user succeeded.
  Then I enrolled the mac with the first user again. Then the task completes completely. But when I make a change to the profile again and push the new profile, the same problem occurs: the user last enrolled the mac gets the updated profile. The other user will not get the update.
  Hopefully this wil be fixed in a next update.
  Anyone got this working the right way / workaround?

  Do not use a network or local user to "enroll" a device. Create a Enrolment profile in profile manager I have found that the way you are doing this will work fine. However I am having the problem that now that I have a OD with 350+ users with 100+ devices profile manager cannot keep up and cannot push the settings fast enough or just hangs on user profiles but not device profiles......

• Blocking Applications with Profile Manager

  At my workplace we recently upgraded to mountain lion and are attepting to use profile manager. After configuring a simple profile and pushing to a test device running 10.7 i decided to further test, i attepted blocking application with parental controls with profile manager through a device group, after pushing the profile and resarting (I know this isn't necessary) the computer the Administrator account is blocked from using every single application, how can i fix this? I even tried just allowing Safari butit still won't work, what should i do?

  Just updated OSX - problem solved

• Setting apn with Profile Manager

  apn profiles in Profile Manager seemes malformed.
  This is a snippet of how it looks when downloaded from Profile Manager:
  <dict>
            <key>DefaultsData</key>
            <dict>
                      <key>apns</key>
                      <array>
                                <dict>
                                          <key>apn</key>
                                          <string>mytestapn</string>
                                          <key>proxy</key>
                                          <string></string>
                                          <key>proxyPort</key>
                                          <string></string>
                                </dict>
                      </array>
            </dict>
  </dict>
  <dict>
            <key>DefaultsDomainName</key>
            <string>com.apple.managedCarrier</string>
  </dict>
  when I create a .mobileconfig file with IPCU, the xml looks like this:
  <dict>
            <key>DefaultsData</key>
            <dict>
                      <key>apns</key>
                      <array>
                                <dict>
                                          <key>apn</key>
                                          <string>mytestapn</string>
                                          <key>proxy</key>
                                          <string></string>
                                          <key>proxyPort</key>
                                          <integer></integer>
                                </dict>
                      </array>
            </dict>
            <key>DefaultsDomainName</key>
            <string>com.apple.managedCarrier</string>
  </dict>
  that is, in profile Manager, DefaultsDomainName key is contained within its own dict tag, and in IPCU it is located together with the DefaultsData key.
  when I try to deploy the profile to a device using profile manager, the job failed with MCPayloadErrorDomain
  Has anyone had any luck on setting apn settings with Profile Manager?

  Just updated OSX - problem solved

• Can I assign subscriptions with Skype Manager?

  My company wants to implement Skype for cost reducing, but there is an important issue I couldn't find the answer for: can I assign subscriptions with Skype Manager? For example, I buy a 400-minutes subscription and assign this subscription for an user?
  If that is the case, can I take the subscription back from the user and give to someone else, or must I cancel it and buy a new one? And also, if an user is going to make 800 minutes in phone calls, in a land where there isn't a unlimited package, can I buy and assign him two 400 minutes subscriptions, or in fact as many subscriptions as I would like?
  The best solution for me would be to have subscriptions that I can assign to users when they need it, and if in a month they are going to use less minutes, I can take that subscription and give it to another user.
  Alternatively, I could have an account that many users would use, but at the same time and they would make calls at the same moment, and I don't know if Skype allows us to do this, both in computational terms as also in legal terms.
  Does anyone knows the answers to my questions or could give me a suggestion?
  Thank you for you time

  Assigning subscriptions with S.M. is very easy but unfortunately some countries are missing on the list. For example I need to assign a subscription for one of my users registered in SM, which allow make calls to cell phones to Ukraine at lower rates. It's not possible because there is no Ukraine on the drop down list. Could someone explain me why?

• How I can use bluetooth devices with my Satellite L650D-14L?

  Please can someone help me on how I can use bluetooth devices with my Satellite L650D-14L?
  I can't see a bluetooth icon to help manange bluetooth connections.
  Thanks for your help.
  Regards

  Hi
  You cannot connect any BT device to this notebook because this has not been equipped with any BT module.
  So BT is not available for this unit.

• Do I need internet access on my iOS devices to enroll with Profile Manager?

  Hi, I'm trying to configure Profile Manager on a closed network. The Mac Server does have Internet access, but the network for the iOS devices can only have communication with the server, but not to the internet because of company policies. Is there a way around to make it work or do I need internet access on the iOS devices as well?
  I've made the enrollment process in another network with internet access for every device and everything works well, but on the other network(no internet for iOS devices)  everything seems ok (from conection to the server, profile certifiacation and stuf) but the devices can't send or receive anything else, like pushed configurations and device info. Ports and everything is ok, I even read that they need to be on an open network so I know it all comes down to having internet access, but just wanted to ask if there's another way around?? Suggestions?
  Thanks!

  You can share internet connection with your XP-PC using a router(as I do with XP-old MAC's,connected via cable).You may look for more info at:
  http://homepage.mac.com/car1son/mylinksyssetup.html
  and
  http://homepage.mac.com/car1son/os9xnet_nfilesharing.html
  Did you ever use a MAC before? Have you got Airport at your PC?Which?
  Good luck