Can't enroll new clients in Profile Manager 3.0.3

Similar Messages

• Push one new app and Profile Manager resends them all; turn this off?

  I manage the ipads for a medium sized school district. We're using Apple Configurator on Maverics to manage about 700 ipads most of which have been updated to iOS7 and supervised manually through the mini that functions as our MDM and server.
  So average day: a teacher requests a new app to be pushed out to the 30 ipads that are in one of the shared ipad carts. I have all the ipads in a device group in profile manager, so I go out to itunes, download the app, upload it to profile manager and add it to the device group, hit save, and I can see that a new active task has begun pushing that app out to all the devices in the cart.
  The active task used to just say "Push Apps to [device group] 30 of 30 in progress: [#] succeded" 30 copies of an app, one for each of 30 devices. Totally normal.
  Now since the update to iOS7/Maverics when I send one app to one cart configurator is erasing EVERY app on that cart and resending them ALL. So now the active task in the same situation looks like "Push apps to [device group] __ of 538; [#] succeded." Where the 538 is the total number of apps on all 30 ipads.
  As you can imagine this is a bit of a mess. Not only does it bring the mac server to its knees, but it makes the ipads in question useless until the apps have all redownloaded-- which can take hours, if not days, depending on other network traffic. At the very least with iOS7 one doesn't have to hit "confrim" on each app install, but still, small consolation there.
  Is there a way to turn this weird behavior off? Are other people experiencing this? Is it just a horrible bug that someone is planning to fix very soon?
  Any insight is much apreciated!

  Here are the places to report bugs:
  Get an account at
  http://developer.apple.com/  then submit a bug report to http://bugreporter.apple.com/
  Developers:
  "Submitting Bugs and Feedback
  Your feedback goes a long way towards making our products even better. With Apple Bug Reporter, you can submit bug reports or request enhancements to APIs and developer tools."
  https://developer.apple.com/bug-reporting/
  Enterprise support:
  Call enterprise support  (866) 752-7753  to create  a case ID number

• New Client in Solution Manager 4.0

  Hi Gurus,
  i need make a new client copy in Solution Manager 4.0 and I had made a entry also in SCC4 but after that entry when I am trying to login with sap* & pass in that new client.
  It is not allowing me to login it is saying "wrong user or password repeat logon".
  Please Help gurus... is there any change in solman on user name & password.
  Thanks
  Kamal

  Hello Kamal,
  Did you do this?
  1. Create a client in SCC4
  2. Log off from the system.
  3. Logon to the new client with user SAP*, password PASS
  4. Go to SCC3:
  Source: Client 000
  Source User: Client 001
  Target: Your new client
  Profile : SAP_ALL
  Delete the profile parameter 'login/no_automatic_user_sapstar' when you have created the first user in the new client. Restart the system to make the changes effective.
  See: SAP note 806819.
  Best regards,
  Dolores

• How can users add their devices to Profile Manager without a user account?

  We would like to allow company devices to be tracked, inventoried and managed in Profile Manager without creating a user account for each person so they can log into /MyDevices to download the mobile profiles. We aren't staffed to have someone manage user accounts as quickly as iPads are being purchased.
  If we can't do some kind of guest access, can one user, maybe called Enroll, have literally one thousand devices attached to them?
  The other alternative is to have the profiles on a small webpage with a password to download.

  the easiest way is to use apple configurator
  using apple configurator
  enable enrollment in PM
  un tick restrict to users in device library
  apple configurator should pick up your server certs
  and the PM auto enrollment profile
  setup a enrolment wifi lan
  configure your IOS devices with apple configurator adding the
  server cert and your enrolment wifi lan
  you'll still have to handle each device tapping yes to install each profile
  but you should end up with the ipads in PM with no users
  from there you can set which wifi you wish them to connect to
  eg  staff wifi, email setings, VPN etc.
  open the correct ports on firewalls to allow PM to work internaly and externaily
  and pr any port forwading as nessessary and you'll be able to wipe lock change settings outside on your network, providing the device is online.

• Can't launch firefox or the profile manager. Get an error that the profile is missing. Any ideas?

  I have numerous users that are having this same issue. I cannot launch firefox or the profile manager. I have tried removing firefox and installing it again but get the same error. Any help would be greatly appreciated.

  See:
  *http://kb.mozillazine.org/Recovering_a_missing_profile
  Create a new profile as a test to check if your current profile is causing the problems.
  See "Basic Troubleshooting: Make a new profile":
  *https://support.mozilla.org/kb/Basic+Troubleshooting#w_8-make-a-new-profile
  There may be extensions and plugins installed by default in a new profile, so check that in "Tools > Add-ons > Extensions & Plugins" in case there are still problems.
  If that new profile works then you can transfer some files from the old profile to that new profile, but be careful not to copy corrupted files.
  See:
  *http://kb.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox

• Why will firefox not start on my laptop? can't uninstall or open the profile manager either. it simply does not run. it used to work fine until i had to restore my system.

  had firefox 4.0 & have been a user of firefox for a few years now. never had any problems. had to do a system restore after my computer detected a virus of some sort & i couldn't do anything. the virus kept popping up a bogus add for me to buy an antivirus program. had to restart laptop in safemode to initiate the restore. ever since then firefox has not opened. can't even uninstall it or open the profile manager. anything that has to do with firefox will simply not run/open at all. i'm stumped.

  System restore can cause problems as well as solve them, it has probably completely mucked up your Firefox installation.
  Try deleting your Firefox installation directory, the default location on 32 bit Windows is C:\Program Files\Mozilla Firefox\
  Now re-install Firefox, it should pick up your current profile folder so you should not lose your bookmarks, passwords etc.

• Create a new Client Copy Profil

  Hi,
  is there a standard application to add a individual client copy profil to table CCPROF ?
  Reason: The client copy via TDMS does not copy the report variants ( note 1159279 ). So I would like to transfer only variants with SCCL or SCC9. The ABAP RSTRANSP creates a transport order with ABAP variants but ignores variants of queries.
  Regards
  p121848

  I don't think so.
  About the variants read,
  https://cw.sdn.sap.com/cw/docs/DOC-44242
  Regards
  Juan

• Create new client in Solution Manager?

  I finished installing Solution Manager 4.0 sp1 for the first time and have the default clients of 000, 001, and 066. I can log on with the SAP* user.  I'm a little confused about the next step. Do I create an addtional client (For example, 100) just like a production or development system to use for users, RFC connections, etc.?
  Or do I use one of the default clients?

  Hi Carl,
  As always... the golden rule applies to SOLMAN as well. Never touch the default clients. Have a client copy and then perfrom all the actions from and ON the Copied client.  Get going with SCC4 for a new SOLMAN client :).. atleast thats what we follow here as a practice.
  All thebest
  Br,
  Sri
  Award points for helpful answers

• Can't create new accounts in Skype Manager

  The second day of "The following 0 accounts were created".
  I heard the same was in 2011. So, the history repeating. Pls fix it!

  I'm really getting irritated that something so basic still doesn't work, and there doesn't seem to be much concern about fixing it. Yesterday, when I went to the chat feature and asked for an update on JIRA Trouble Ticket (SIPTSOB-371), I got fobbed off with the ticket isn't old enough to have any information (clearly they didn't even bother to check). Further, I was told to check here, instead, à la "don't call us, we'll call you", where's there's been no official activity or update of any kind for at least a day.
  This is pretty basic; I create accounts so I can allocate credits, which causes me to buy more, which is one way Skype makes money. So, since I can't even create an account, I guess that sort of makes me wonder if you guys are really in business or not?

• IOS 8.1.1 devices "pending" after enrollment in Profile Manager

  Setup:
  OS X Yosemite with server 4.0
  After installing the trust certificate and enrolling an iOS 8.1.1 client, I can see the specific device in Profile Manager. However the status of the device stays "Pending". It seems that the enrollment proces can't proceed.
  When I enroll a device with iOS 7.1.1 there are no issues. Everything works fine!
  Any suggestions?
  Thx

  The devices had been running ios 8.1 for a number of days.
  We've had two more do this since my last post.  In each occasion, the devices are running iOS 8.1, have been turned off and turned back on again to boot to the Apple logo and remain there indefinitely.
  Hard resets don't solve the issue, the only remedy is a full restore via iTunes resulting in complete data loss.
  Surely others are seeing this issue if we've had 6-7 devices in the past few days?
  iOS 8.1 + reboot = brick?

• Profile manager shows 'new device' instead of device name.

  Have just enrolled an iphone into profile manager for - oddly it just isnt showing up as it's proper name and attempts to 'update info' just hang. Our other deivces continue just fine. I can't figure out why this iphone is such a problem. I've restored back to factory iOS in tunes and its still just showign as 'new device'.
  Anyone else seen this?
  OS X 10.8.2, Server App 2.1.1

  I'm having the same issue now with a device that's on the latest iOS (6.1.1)
  Symptom:
  1.  Enroll device, no issue
  2.  Install Trust Profile and Settings for Everyone, no issue
  3.  Put user in proper Device Group, those settings never push down. Always show "sending".
  Troubleshooting:
  1.  Completed wiped iPhone and manually installed new OS - same issue
  2.  Removed user's account from our Apple Server, recreated account, reenrolled device - same issue.
  3.  Replaced the iPhone hardware - same issue
  4.  We have tried these steps both on the cellular data connection and on a unrestricted wifi connection - same issue
  Woudl really like to get this resolved.  Any thoughts would be appreciated.

• Profile Manager Enrollment - iOS - Server Certificate Invalid

  I have been getting an error trying to enroll iOS devices into profile manager. My MacBook and iMac enroll just fine. However my iPhone and iPad do not.
  When I enroll my MacBook Pro, I first log into https://(FQDN)/mydevices, select profiles, Install Trusted Profile. I then go back to devices, and click 'Enroll now'. When I check the Profiles section of System Preferences, I see that the 'Trusted Profile' has added two certificates refering to my server. I can only assume one matches the Self Signed I generated shortly after making my hostname public, and the other Apple Push generated for me.
  However when I do this exact same process on my iPad/iPhone, when I attempt the 'Enroll Now' step, I get the error "The server certificate for "https://(FQDN)/devicesmanagement/api/device/ota_service" is invalid.
  My searches for this issue have turned up issues close to this, but never exactly this, and the solutions don't seem to work for me. Here are some key points to note:
  1. Tried demoting to standalone, re-promote to OD Master, then deleted all certificates, and regenerated all (including the Push cert from Apple)
  2. Ran sudo changeip -checkhostname
  3. DNS routes forward and reverse correctly in my local LAN
  4. I had been getting "Remote Verification failed: (os/kern) failure" / "TEAVerifyCert() returned NULL" in my logs every 3 seconds until I did the steps listed in '1'
  Looking forward to 10.7.1

  @hombre7777
  Thanks for the info. That makes sence what you are telling me. Their instuctions are kind of bland and dont make sence as much as they should.
  The only thing that scares me on this one is now we need to put a device in the dmz....
  So now upgrading our xserv to 10.7 when it becomes stable would now be using the magic triangle, and trying to only have 1 to manage osx machines / and now ios devices. Edit our wiki's thats already in place, and have important databases on filemaker is now going to reside in the dmz....
  So someone wasn't thinking on this one!!! haha
  It looks like we will have to seperate things now, so ios devices are managed on their own machine in the dmz with now a hole leaked in the firewall for AD to authenticate so we can pull users down to associate profiles with them.
  Our osx machine will then contain a seperate spot to manage osx devices bound to user accounts, as well as manage filemaker and wiki's that are in use already.
  It would be nice if they had figured out a way to do this a little different so we wern't opening holes in the firewall.
  The funny thing is I was able to get the ipad to bind and enroll the very first time when i was on a vpn tunnel from my house trying things out.
  So I know you can do it, without having to go public, although the push service wasn't working properly and I was not able to bind osx and enroll. So i stared over.
  Ill play around to see what I can figure out later. Thanks for the help. If you find out the port numbers please let me know as well! Im not able to move the box to an outside firewall right now. I have to much to do. I can probably do that next week.

• Can configurator/profile manager group apps

  Appologies if this post is in the wrong section. 
  I have been asked to set up profile manager in such a way that the on-site admin can not only wirelessly deploy apps to devices, but also group and re-group those apps together on the devices screen over-the-air.  End result should be that end users do not have to wade through a sea of apps just to find one application (users include a large number of very young children, so it has to be easy to direct them to specific apps). 
  Now I'm aware that this could be achieved by making a back-up of a pre-configured device, however, this doesn't work well in terms of maintaining the iPads configuration since any new apps added would fall outside of the grouping and the devices would need to be returned to the server room to get their configurations updated with a new backup image and would defeat the purpose of using Profile Manager.  I have attempted to convince the on-site admin that they should assign the devices to gropus in profile manager so that Group A only get the apps they use, Group B only get the apps they use, and so on the really isn't keen on the idea because there would still be way too many apps (we're talking 50 or so per device) to wade through just to find the one the class will use. 
  Is this possible or will it at some point in the future be possible?  The advances made by this new version of profile manager and the VPP store is fantastic, but it'd be nice if this feature could be added at some point in future. 
  Kindly
  Stom

  If I remember it correctly the user (Apple ID) get a 30 days grace period during which they can migrate data from the app and continue use it. When that period ends they get the opportunity to buy the app for themselves and continue using it for their own money.

• Can I use Apple Volume Purchasing Codes with Apple Profile Manager?

  I am using Apple Profile Manager (on OS X 10.8) to manage some iOS devices.  I would like to be able to push apps to users using Profile Manager, however, I cannot seem to find a way to import an Apple Volume Purchasing Program redemption code spreadsheet.  Basically, I am looking for a way to deploy apps to the devices without the users having to purchase them using their own Apple ID's.  I've done some research, and I have determined that this funcationality seems to be included in Apple Configurator.  I am wondering if I can do the same thing in Profile Manager.  I would rather not have to change my MDM solution, if at all possible.  Thanks in advance, I appreciate it.

  Hey JTShelatz,
  just push you Apps with Profileservice. But just the amount of purchased licences .
  Thats how I understood Apples VPP deployment strategy.

• Unable to push user profiles to AD groups with Profile Manager since upgrade to Server v3

  Since upgrading our OS X Mac server from 10.8.5 to 10.9.1, and OS X Server app to v3 (now 3.0.2) I have been unable to push or modify user profiles to AD groups (or AD users) using Profile Manager. This was working fine on OS X 10.8.5. Pushing device profiles is still working OK after the upgrade.
  From what I can see from the logs on the client side and server side, it seems related to a problem with the mdm authtoken.
  In the client console I can see this entry:
  27/01/14 14:30:15.844 mdmclient[38557]: *** ERROR *** [Agent:636102071] Unable to proceed with connection to: https://ourserver.ourdomain/devicemanagement/api/device/mdm_connect (com.apple.mdmconfig.mdm) because don't have valid MDM AuthToken
  On the server, in the php.log I can see the corresponding attempt to authenticate:
  1::Jan 27 14:29:50.930 [158] <192.168.28.171> {require_once (mdm_checkin.php:11)} vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv - PUT mdm_checkin
  0::Jan 27 14:29:50.931 [158] <192.168.28.171> checkin: 'UserAuthenticate'
  1::Jan 27 14:29:50.936 [158] <192.168.28.171> {Target_for_incoming_request (target.php:209)} Found target NETWORK LS: <User[156]@ourclientmachine>
  0::Jan 27 14:29:50.937 [158] <192.168.28.171> {LabSession_validate_auth_token (mdm_checkin.php:22)} Failed auth for target NETWORK LS: <User[156]@Device[1697]>, incoming_request={
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'MessageType'=>'UserAuthenticate',
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'UDID'=>'17aff5c5a40f51acbbd78023d0028c80',
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'UserID'=>'A5EA25B7-7CCD-4EF4-B240-F23DED275EEC'
  0::Jan 27 14:29:50.937 [158] <192.168.28.171> }
  1::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Sent Final Output (407 bytes)
  1::Jan 27 14:29:50.965 [158] <192.168.28.171> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - /devicemanagement/mdm/mdm_checkin
  0::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Completed in 34ms | 200 OK [https://ourserver.ourdomain/devicemanagement/api/device/mdm_checkin]
  So I can see there is a failure to authenticate, but don't really know how to troubleshoot this further. Or maybe this is just a bug in the new server app?
  I have tried to remove and re-enroll clients in Profile Manager but no joy there.
  In the client's Keychain I can see an MDM user AuthToken linked to the correct user account.
  Thanks in advance for any help or suggestions

  I just wanted to update my post, as this issue for me is resolved.
  I uninstalled and reinstalled the Server.app on our Mac server, since then I've been able to push profiles to AD Users and Groups. I guess that in my case the Server app got into a bit of a mess when it was upgraded to v3.
  Now the next headache I have is that my AD Groups which are displayed in Profile Manager are not syncing any recent changes. I think I'm probably seeing the same issue as described in this post
  https://discussions.apple.com/message/25420919#25420919