Internet Clients & Mac Enrollment

Similar Messages

• Mac Enrollment

  Hello,
  I'm having an issues trying to enroll a Mac for a certificate.  I've already installed the Enrollment Point and Proxy Point, modified the default client settings to create a Mac profile, and configured the MP, DP to use https with internet clients. 
  I also have created the required templates. 
  When we run sudo ./CMEnroll -s fqdn.siteserver -ignorecertchainvalidation -u ‘DOMAIN\Username, the Mac reports:
  Server connection failed. HTTP Response code is 500 and reason is Internal Server Error
  The EnrollmentService.log reports the following:
  [7, PID:5328][04/22/2013 08:42:27] :WindowsIdentity is created for domain: domain user: username
  [7, PID:5328][04/22/2013 08:42:27] :validated user credentials
  [7, PID:5328][04/22/2013 08:42:27] :Handling RequestSecurityToken
  [7, PID:5328][04/22/2013 08:42:27] :claim identity name: domain\username
  [7, PID:5328][04/22/2013 08:42:27] :ConfigManager: RefreshCache: Creating Enrollment Profile 16777219
  [7, PID:5328][04/22/2013 08:42:27] :EnrollmentServiceProfile: GetDBCAs retrieved Template information:  
  [7, PID:5328][04/22/2013 08:42:27] :Template: ConfigMgrMacClientCertificate
  [7, PID:5328][04/22/2013 08:42:27] :CA: System.Collections.Generic.List`1[System.String]
  [7, PID:5328][04/22/2013 08:42:53] :Failed to find which forest the CA CA.server.domain.com is in. DMP assignment will skip consider forest data
  [7, PID:5328][04/22/2013 08:42:53] :Impersonating caller: domain\username
  [7, PID:5328][04/22/2013 08:42:53] :Revert back to self: NT AUTHORITY\NETWORK SERVICE
  [7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Sending CA Success Status - ENROLLSRVMSG_CA_SUCCESS
  [7, PID:5328][04/22/2013 08:42:53] :ConfigManager: CA Chains count: 1
  [7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Subject name: CN=CA, DC=domain, DC=com
  [7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Issuer Name: CN=CA, DC=domain, DC=com
  [7, PID:5328][04/22/2013 08:42:53] :ConfigManager: CA Chains 1 thumprint: <thumbprint>
  [7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Got root CA hash: <hash>
  [7, PID:5328][04/22/2013 08:42:53] :Impersonating caller: domain\username
  [7, PID:5328][04/22/2013 08:42:53] :Revert back to self: NT AUTHORITY\NETWORK SERVICE
  [7, PID:5328][04/22/2013 08:42:53] :FaultCode is: MessageFormat and reason is: ArgumentException: Value cannot be null.
  Parameter name: name
  Any thoughts?

  turns out firewall was blocking traffic between CA and SCCM.  Once we opened it up, enrollment succeeded. 
  Can you please be a little bit more detail please. I am having the same exact issue and same exact log. Any special ports you open up?

• I have OS 10.8.2 and use wireless at home just fine. When I visit a friend with only a cable modem internet my Mac Book Pro will not connect. What do I need to do?

  I have OS 10.8.2 and use wireless at home just fine.
  When I visit a friend with only a cable modem internet my Mac Book Pro will not connect.
  I see that the Mac Book Pro is picking up the internet when I check the internet preference section but it will not open Safari.
  What do I need to do connect via a cable modem?

  You need to power off the modem for 15-30 seconds, then power back up and then connect. The modem is remembering the last connection (your friend).

• HT4061 My gateway PC is locked up after itunes update.  When i restarted the computer for the hangers to take effect. Now my pc is locked up.  It gives me a client Mac address and no boot file name received.  What happened, and how do I get my pc back?

  jute way pc locked up after iTunes update.   It says client Mac address 001320 be ad 25 .  PXE E53  No boot file name received
  pXE MOF.  Exiting Broadcom PXE. ROM .  How do I unlock my pc?

  jute way pc locked up after iTunes update.   It says client Mac address 001320 be ad 25 .  PXE E53  No boot file name received
  pXE MOF.  Exiting Broadcom PXE. ROM .  How do I unlock my pc?

• HT4061 I downloaded an iTunes update on my HP.  PC and restarted the computer for the hangers to take effect. Now my pc is locked up.  It gives me a client Mac address and no boot file name received.  What happened, and how do I get my pc back?

  I downloaded an iTunes update and when ashen I restarted my pc it locked up.  It says client Mac address 001320bead25,   PXE E53  No boot file name received.  PXE MOF.  Exiting Broadcom pie rom.   How do I get my pc back!

  When you installed iTunes on your work computer, then connected your iPad to that computer, it wiped what was on the iPad, then put the iTunes library (nothing) from the work computer onto the iPad. You can try copying the iTunes folder from your home computer over to your work computer, but since the apps were bought with a different account, they may not load or update properly.

• Can't connect to internet using Mac OS?!

  Hi! I tried to connect to my friends internet with my macbook over wifi, but I cant when I use Mac OS...using windows over bootcamp I can connect perfectly...also every time I connect to his internet over Mac OS, his internet crash and he need to reboot his router...at home I can use internet perfectly, but every time i try connect to his internet that happens...any idea what can be problem?cause connecting over bootcamp works...thanks!

  ---I'm moving this topic to the Boot Camp forums.
  -Twilight

• Print servers for 30 client Mac Mini Lab

  I have a 30 client Mac Mini lab with printing done by 2 networked HP Officejet 8600+ printers w/ 128mb memory.  I would like to have a print server that will speed up the printing(kindergarteners can be impatient).  A dozen years or so ago there were separate print servers that managed print requests and gave you only 1 queue to keep track of, but I haven't found one lately for 10.5.  Will simply routing print requests to our current document server(PowerMac, Intel 2, 500gb) and giving it the 8600s' IP addresses give me the speed boost I need?

  Okay, I have been able to recreate the error message by changing the Security Options for the Windows print queue (located in Properties > Ports > Configure Port). By default, the printer queue is set to use an anonymous account for the connection. When I changed the setting to use the "Windows logon name and password", I would get the error "Returning IPP client-error-not-authorized for Print-Job". This message was found in the cups error log, the print queue did not show an error - simply the job would not appear in the print queue and therefore there was no print.
  The only problem I then encountered was when I changed the setting back to use the anonymous account, the error continued to occur - again only showing in cups. The only way I could resolve this was to delete the Windows queue, reset the printing system on the Mac and re-add the Canon printer (in my case an iP6000D). Then when I added the printer again on Win7 using the Bonjour Printer Wizard, I was able to print without error.
  So, I suggest you first check that the anonymous account is being used on the Vista PC. If it is, then remove the Windows queue and reset the printing system on the Mac. To reset the printing system, Control-click on the Print & Fax > Printer list and select the reset pop-up. This will delete the Mac queue but not the driver. Now you can add the printer again on the Mac and once that is complete, go back to the PC and add the printer again.
  One final note. My printer is using v10.26.x of the Canon driver. Version 10.19 was part of the default 10.6.0 install and can be updated to the same v10.26 by downloading the Canon Printer Driver Update v2.2.
  Pahu

• How do you make sure the cluster keeps clients macs in it?

  every time the client macs are turned off then back on again they don't rejoin the cluster so each time i have to go around manually and join every mac to the cluster. There must be someway of making them stay in the cluster or be able to at least send a unix command to make them automatically join the cluster???

  You may need to remake the cluster.
  Also i've found that a cluster will work best with machines and software of the same spec. Make sure all the same software including pro-apps updates are running.
  QT will need to be up to date on all computers with the same QT components also.
  Failing that you might want to start from scratch using Digital Rebellions compressor repair, which is an awesome piece of freeware.
  Regards,
  SJ

• Cannot go to the Internet from Mac OSX, and Fedora Core 5

  All Windows users (XP, 2000, Vista Beta) can connect to the Internet no problem on WRT54G with Firmware v4.20.6 (may 26, 2005). But odd enough, though getting the right DHCP assigned IP addresses and DNS server address, MacBook Pro (OS 10.4.1) and Fedora Core 5 cannot go to the internet at all using Safari and firefox browsers: the message keeps saying that your computer is not connected to the internet. Tested with BOTH wired and wireless connections, no luck to the internet. So, it's not about the wireless settings and setup. It doesn't work even if I directly connect the CAT5 cable to the router port.
  Tested at wireless hotspots, at work where we have Cisco access points, and at a friend's place where there is netgear wireless router, MacBookPro is just working fine connected to the internet.
  Any suggestions? Linksys doesn't support Mac and Linux PCs at all?

  Thank you very much All (devildance, and Frank).
  Seems like it is working fine now...
  I reset the router as factory default, and reconfig the wireless setting(disable broadcasting SSID, configure TKIP PSK, and MAC filtering). Directly connected CAT5 cable from the router to my MacBookPro Windows XP. Working fine. Switched to Mac OSX, working fine. But, when I disconnected the LAN, and attempted to connect wireless, I couldn't go to the Internet using Safari and Firefox: keeps saying that your computer is not connected to the Internet.
  Still could ping to 4.2.2.2 and 207.232.22.25, but getting errors "could not resolve the host name" when I pinged with the hostname bearshare.com.
  Connected the wired CAT5. Working fine. Unplugged and used the wireless, could not get to the internet.
  Checked the NICs settings on both LAN ethernet and wireless airport. All seems the same and correct: IP address, subnetmask and gateway address, and NO DNS entry. The same settings, but works on LAN cat5, and not works with wireless. So, for the sake of it, just manually added the DNS server IP addresses and domain names on wireless NIC. And Wala...it is working fine with wireless. Still strange the fact that Ethernet LAN NIC still doesn't have any DNS entries and working fine, but required DNS entries on wireless NIC.
  For Fedora Core, could ping and resolve names without changing any settings. But when going to the Internet, got the error saying "comcast doesn't support this platform/OS" and another error "Welcome to Comcast High speed Internet....registration currently unavailable" when attempting to go any websites. Notieced that we pinging cnn.com, bearshare.com, or any websites, got ping reply from the same IP address which appears to be one of the comcast DNS server IP, 68.87.64.132.
  So, I think it is a comcast issue not supporting Linux or something else which I would need to call to Comcast about...
  But, thanks...looks like I can go to the Internet on Mac OSX, and Fedora core now with Linksys WRT54G. Thanks so much guys for all the suggestions....

• Mac Enrollment Issue on SCCM 2012 SP1

  Hi Guys,
  I am working on Mac enrollment(10.7) and facing issue during enrollment. Below is the error message when we try to run the enrollment command on Mac :
  “Server connection failed. HTTP Response code is 500 and reason is Internal Server Error"
  Below are Log info:
  Enrollsrv.log : No error message is highlighted.
  Enrollweb.log:
  No error message is highlighted.
  Enrollservice.log:
  [7, PID:7304][10/28/2013 16:40:03] :ConfigManager: ChainStatus error: RevocationStatusUnknown,The revocation function was unable to check revocation for the certificate.
  ;OfflineRevocation,The revocation function was unable to check revocation because the revocation server was offline.
     at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.SplitCACertChain(String base64cert)
     at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.setCAChain(EnrollmentServiceProfile profile, WindowsIdentity requester)
     at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.RefreshCache(Int32 enrollmentProfileId, EnrollmentRecordType type, String template, WindowsIdentity requester)
     at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.ProcessRequestSecurityToken(RequestSecurityTokenType request, WindowsIdentity caller, ActionEnum action)
     at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.EnrollDevice(Message messageRequest)
     at Microsoft.ConfigurationManagement.Enrollment.DeviceEnrollmentService.RequestSecurityToken(Message messageRequest)
  [7, PID:7304][10/28/2013 16:40:03] :FaultCode is: EnrollmentServer and reason is: EnrollmentServerException InitializeFailed
  [13, PID:7304][10/28/2013 17:11:01] :EnrollmentService application stop ...
  [3, PID:956][10/28/2013 17:45:37] :EnrollmentService application start ...
  [3, PID:956][10/28/2013 18:06:38] :EnrollmentService application stop ...
  [3, PID:4700][10/28/2013 18:45:39] :EnrollmentService application start ...
  [7, PID:4700][10/28/2013 19:06:40] :EnrollmentService application stop ...
  [3, PID:5872][10/28/2013 19:45:42] :EnrollmentService application start ...
  [13, PID:5872][10/28/2013 20:06:42] :EnrollmentService application stop ...
  Can someone shed info on resolution of the above issue?
  Also, is there any means by which we can troubleshoot the Mac enrollment issue step by step? Also what entries needs to be checked in all logs for successful enrollment?

  the following links may give you some hints:
  http://social.technet.microsoft.com/Forums/en-US/48bc7fcc-3d84-4042-abac-67f30d701121/mac-enrollment-issue?forum=configmanagerdeployment
  http://www.windows-noob.com/forums/index.php?/topic/7391-mac-enrollment-issue/

• How to setup Wireless Clients MAC+Active Directory based acess

  Dear Gents,
  I want to setup Wireless Clients MAC+Active Directory based acess on AP 1242 standalone Wireless series .
  Steps i have configured :
  1) SSID manger  under Open authentication : Selected with EAP.
  2) under advacned Radius : s
  MAC Address  Authentication
  MAC Addresses Authenticated by:
  Authentication Server Only
  3) Server Manger : Current server list
  added the radius ip address 10.1.200.x
  EAP  Authentication
  MAC  Authentication
  Accounting
  Priority  1:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  1: < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  1: < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  2:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  2:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  2:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  3:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  3:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  3: < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  From ACS - Radius  we have choose a Group x( named as Mac-address group )
  All the wireless Client ( laptops ) mac-address are added as add username option and enter username
  as mac-address & enter the mac-address as pwd second option of password TAB.

  Hi Akber,
  I think you didnt understood what i was trying to say here :-( No problem..I will explain my theory again.Your requirment is to autheticate user from ACS internal database (you have already added the MAC address as the username on your ACS internal database) as well as from ACS external database (in your case this is AD).
  What i was saying is when when authetication request comes to raidus server it checks its internal database and if it find a valid username and password (here it will the MAC address and password which you have entered to the ACS database) the ACS will not query the external database (in your case the AD) for authetication.
  You can not have ACS to look in to both MAC and AD database at the same time.
  Hope this clears your doubt.
  Regards
  Najaf

• Netboot drives not showing up on post start up of client macs

  Hello I just had a question regarding netboot my images works fine its just that when I boot up my client computers and hold the alt key to see available drives it does not show any of the netboot or netinstall drives. But when I open a clients computer and press N it boots up on the default image I have selected. is there any way that I can see the drives when I press the alt key when I startup a clients mac to select which netboot image to load? Forgot to mention when I startup a clients computer on there own hard drive and go to the system preferences and check the startup volumes all my volumes appear there no problem
  thank you

  See:
  http://support.apple.com/kb/HT1533
  It does not do everything we might like but it is documented.

• OS X Server 4 - Time Machine Restore of client Mac

  Can anyone confirm that a client Mac when booted into its Recovery HD is able to perform a full system Restore over the network from a Time Machine back up on OS X Server 4 (Yosemite)? Are the user's login credentials accepted and a list of back ups with dates presented to choose from?
  OS X Server 2.2.5 (Mountain Lion) works fine, but OS X Server 3.2.2 (Mavericks) has always given me fits where the client Mac's login credentials would result in the following error.
  "There was a problem connecting to the server "sever.local. The server may not exist or it is unavailable at this time. Check the server name or IP address, check your network connection, and then try again"
  I was told by Apple Support back on 7/16/2014 Engineering was aware of the issue, but had no ETA for a solution. At the time I was running OS X Server 3.1 but each and every update since then including the most current Mavericks version (3.2.2) has had the above issue. I'm just wondering if Apple fixed it in OS X Server 4.x.x.

  Launch the Console application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
  Make sure the title of the Console window is All Messages. If it isn't, select All Messages from the SYSTEM LOG QUERIES menu on the left. If you don't see that menu, select
  View ▹ Show Log List
  from the menu bar.
  Click the Clear Display icon in the toolbar. Then try the action that you're having trouble with again. Select any messages that appear in the Console window. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
  When posting a log extract, be selective. In most cases, a few dozen lines are more than enough.
  Please do not indiscriminately dump thousands of lines from the log into this discussion.
  Important: Some private information, such as your name, may appear in the log. Anonymize before posting.

• Accessing user's local Time Machine backup on client Mac?

  I'm trying to configure a file server with backup for local Macs.
  I've set up file sharing, users and groups in Server.app and it works as intended – after logging to the server, users see their home folders and other shared folders where they store their files.
  The idea is to use Time Machine backups on the server Mac. I've enabled it on the server and used a separate hard drive. It works well, and I can enter the Time machine from the server.
  Now, is it possible for users on client Macs connected to and working on the server volume to access Time Machine backups of their files?
  Thanks!

  Yes, I'm using OS X Mavericks Server. There's a shared volume "Design Work" where clients keep their files. It's backed up to a separate volume "Backup" via Time Machine. What I would like to do is to let clients access Time Machine backup of their files (stored on "Design Work" volume on the server) without the need to physically go to the server computer. Is that at all possible?
  I've tried to follow this instruction but it doesn't seem to work. I can select the shared TM backup from a client via "browse other backup disks" option but I can't see the files on "Design Work" share, just local files.

• I have samsung corby gts3653 mobile and need to connect internet to mac through it but it doesn't have wifi and pcsuite for mac and how could i able to connect it through gprs? GPRS is active in mobile but unable to link it with macbook pro(using lion os)

  i have samsung corby gts3653 mobile and need to connect internet to mac through it but it doesn't have wifi and pcsuite for mac and how could i able to connect it, through gprs? GPRS is active in mobile but unable to link it with macbook pro(using lion os) can any one reply.

  Until the MacBook Air was released and supported in 10.5, the Mac did not consider USB to be a valid Networking Protocol. So set the Mac with USB solutions aside.
  To connect computer-to-computer, you typically need to be using an Ethernet crossover cable. Assigning the same address to two Ethernet devices is never the solution -- it gives a Network Conflict, just as you said.
  If your Windows box has some mechanism for Sharing its WiFi connection over Ethernet, you would have to follow its rules. Whether that means Manually assigning an Ethernet Address in the same range or the PC will provide the Address, I do not know.
  Best success may be running an Ethernet cable to your Wired/Wireless Base Station, or using a "gaming adapter" (Ethernet-to-Wireless no drivers required) connected to the Mac's Ethernet port to give it WiFi access. What is your Base Station {Cable, DSL, FIOS, Other} ? Ethernet cables can be up to 100 meters (an American Football Field). Often the Base Station can be moved closer for more convenience.