PKCS12 certificate payloads in OS X Server 10.9 Profile Manager

Similar Messages

• Push config files made in Server app with Profile manager

  As I understand the manual you can distribuate configuration files with Profile manager.
  A bit confused now when I want to use Profile manager to distribuate a configuration file I´ve made in Server app.
  I saved a VPN configuration file and want to distribuate it with Profile manager but how do I import or add that file into the settings pane for my devices in profile manager?

  Hi,
  I have the same issue, very frustrating. Using a Win 2003 AD and 10.8.2 server and clients. If i use WGM I can see all users and groups correctly, but Server.app and Profile Manager does not show them correct.
  Strange that we see issues like this since Profile Manager has been around for a while, really interested to hear other peoples experiences.
  PS I see a similar thing here: https://discussions.apple.com/thread/4417085?start=0&tstart=0

• Change Server URL in Profile Manager Enrollment Process?

  It appears devices learn the IP or URL of their MDM server during the Profile Manager enrollment process. It must be part of the configuration profile sent to the device. It also appears this is based on the machine's host name. Is there anyway to change that URL - as when the host name of the server changes? If so, where are the files located on the server.
  I believe in the previous iPhone Configuration Utility there was a "server URL" and "Check in URL" that could be set. We can't seem to find any parameters in Profile Manger to control the same. Thanks for any help.

  Hi Jonathan,
  I stumbled on your responses because I was looking for an answer to my own issues.
  I am like most just a lay user, although wth 20 years Mac experience.
  The issue is as folllows:
  I set up Lion Server and I host a Wiki page and I try to run Profile Manager.
  I do not have a registered host name. The hostname is server.name.private.
  In order to reach the server from the Internet my clients use a DynDNS hostname such as "name.dyndns.org".
  My clients can access the Wiki pages with no problems and Safari shows https://name.dyndns.org in the address line.
  However, if they want to connect to Profile manager, the server re-directs https://name.dyndns.org/profilemanager https://server.name.private/auth?redirect=https://server.name.private/devicemana gement/api/authentication/callback
  which the client's browser cannot resolve because the internal hostname is unknown to public DNS servers.
  Why does Profile Manager redirect in the first place ?
  Can this issue be resolved without obtaining an "officially registered" hostname ?
  Thank you for helping.
  Regards,
  Twistan

• Print server, AD, and Profile Manager

  Having a number of issues that I can resolve regarding printing--I am trying to set up profiles in the Profile Manager, but printers are not available or visable. However they are visable in the workgroup manager. The printers reside on Windows print server (2008 R2). Further I can add the printers to my server, but they are not visable in the "Printer Sharing" section of "sharing". So with that, I have a few questions:
  1. Do I need to turn on Kerberos in CUPS? User's don't authenticate to our printers via Kerberos, but via the Account manager of the individual printers.
  2. Why do settings in Workgroup manager not apply? I can add the printers via LDAP the the new groups I have added, but when I open profile manager the changes or printers are not implemented.
  3. How do I make printers visible in Profile Manager?
  I have scoured the net and several manuals, but I can seem to stumble upon the correct answer.

  Hi,
  I have the same issue, very frustrating. Using a Win 2003 AD and 10.8.2 server and clients. If i use WGM I can see all users and groups correctly, but Server.app and Profile Manager does not show them correct.
  Strange that we see issues like this since Profile Manager has been around for a while, really interested to hear other peoples experiences.
  PS I see a similar thing here: https://discussions.apple.com/thread/4417085?start=0&tstart=0

• OS X Server 10.7 Profile Manager - Force User Pin

  Hi.
  My company has hit a show stopper with OS X Server 10.7 and its Profile Manager. We would like to use OS X as a mobile device manager for iOS but we cannot find the option to force a PIN lock and deny the user the ability to remove the PIN lock. The iPhone configuration utility does have this option however. The user cannot remove the PIN without a master password that we define in the iPhone Config Utility.
  The omission of this feature seriously undermines the usefulness of the Profile Manager.
  Is this a known bug? Can a PIN lock be applied and not removed by the user in the latest OS X server 10.8?
  Thanks for your help.
  James

  I'm new to OS X Server and Radius, and have just spent way too many hours trying to figure out what I was doing wrong. I could connect to our enterprise wifi perfectly fine when selecting the certificate from the keychain, but I just couldn't get it to work when I uploaded the .p12 file and used it as the WiFi identity. I tried so many combinations of passphrase, no passphrase, pem format, pkcs12 format, resetting Radius server, resetting whole PKI... But I'd always see Certificate: ?Error_-25257? in the Settings window while I was trying to install the profile, and I couldn't see anything useful in the Radius logs when I tried to connect.
  But it turns out, all I needed to do was:
     sed -i '' -e '1s/pkcs1/pkcs12/;t' -e '1,/pkcs1/s//pkcs12/' wifi_profile.mobileconfig
  (changes the first instance of pkcs1 to pkcs12 - don't change both! I was wondering why it was asking me for a password for our public certificate.)
  Will try to update and see if that fixes the problem.

• Server 4.1 Profile Manager - Something Went Wrong

  Hi,
  I just updated my Mac Mini Server from 10.10.2 to 10.10.3, updating to Server 4.1.
  It seemed to go okay, but now Profile Manager is messed up.  When users try to log in, they get the message:
  We're sorry, but something went wrong.
  We've been notified about this issue and we'll take a look at it shortly.
  (If you're the administrator of this website, then please read the log file "profilemanager.log" to find out what went wrong.)
  When I look through the logs I find this:
  [2015/04/09 23:15:47.194] F: ActiveRecord::StatementInvalid (PG::Error: ERROR:  relation "view_all_user_groups_users_flat" does not exist
  [2015/04/09 23:15:47.195] I: Rendering /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/public /500.html (500 Internal Server Error)
  Any suggestions?
  Thanks!
  Frederick

  mscott_mdm wrote:
  Frederick,
  Can you look at the /Library/Logs/ProfileManager/migration_tool.log file and paste in the last 50 or so lines?
  Thanks for the help!
  Here is the entire migration_tool.log file from updating:
  [20723] [2015/04/09 17:13:17.136] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES
  0:: [20723] [2015/04/09 17:13:17.138]
      migration_tool-886.204 (PID:20723, OS:14D131, SERVER:14S1092, ARCH:x86_64) starting
      LA: migration_tool
  0:: [20723] [2015/04/09 17:13:17.203] Waiting for postgres to startup....
  0:: [20723] [2015/04/09 17:13:17.624] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
  0:: [20723] [2015/04/09 17:13:19.409] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
  0:: [20723] [2015/04/09 17:13:20.476] Dropping views...
  0:: [20723] [2015/04/09 17:13:21.427] Dropping trigger functions...
  0:: [20723] [2015/04/09 17:13:22.172] Dropping remaining non-dependent functions...
  0:: [20723] [2015/04/09 17:13:23.810] MIGRATE_00885.001 completed successfully
  0:: [20723] [2015/04/09 17:13:23.949] MIGRATE_00885.003 completed successfully
  0:: [20723] [2015/04/09 17:13:24.566] EXCEPTION:  Postgres <-[PGConnection executeCSQL:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Models/Postgres/PGConnection.m:339): "Postgres error 2BP01 (ERROR:  cannot drop function dm_current_timestamp() because other objects depend on it
      DETAIL:  default for table devices column last_update_info_time depends on function dm_current_timestamp()
      HINT:  Use DROP ... CASCADE to drop the dependent objects too.
      )">
      USERINFO: {
          SQLSTATE = 2BP01;
          errorMessage = "ERROR:  cannot drop function dm_current_timestamp() because other objects depend on it\nDETAIL:  default for table devices column last_update_info_time depends on function dm_current_timestamp()\nHINT:  Use DROP ... CASCADE to drop the dependent objects too.\n";
  0:: [20723] [2015/04/09 17:13:24.566] SQL Module failed at statement:
      DROP FUNCTION dm_current_timestamp();
      -[PGConnection executeCSQL:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Models/Postgres/PGConnection.m:339): "Postgres error 2BP01 (ERROR:  cannot drop function dm_current_timestamp() because other objects depend on it
      DETAIL:  default for table devices column last_update_info_time depends on function dm_current_timestamp()
      HINT:  Use DROP ... CASCADE to drop the dependent objects too.
  0:: [20723] [2015/04/09 17:13:24.567] Caught unhandled exception -[PGConnection executeCSQL:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Models/Postgres/PGConnection.m:339): "Postgres error 2BP01 (ERROR:  cannot drop function dm_current_timestamp() because other objects depend on it
      DETAIL:  default for table devices column last_update_info_time depends on function dm_current_timestamp()
      HINT:  Use DROP ... CASCADE to drop the dependent objects too.
  0:: [20723] [2015/04/09 17:13:24.567] Migration failed at MIGRATE_00885.004 (final step is MIGRATE_00886.204)
  0:: [20723] [2015/04/09 17:13:24.764] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
  0:: [20723] [2015/04/09 17:13:24.769] ShutdownMigrator: 2015-04-10 00:13:24 +0000
  0:: [20723] [2015/04/09 17:13:24.770] BYE
  [22210] [2015/04/09 22:45:34.642] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES
  0:: [22210] [2015/04/09 22:45:34.657]
      migration_tool-886.204 (PID:22210, OS:14D131, SERVER:14S1092, ARCH:x86_64) starting
      LA: migration_tool
  0:: [22210] [2015/04/09 22:45:34.799] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
  0:: [22210] [2015/04/09 22:45:35.010] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
  0:: [22210] [2015/04/09 22:45:35.637] Dropping views...
  0:: [22210] [2015/04/09 22:45:35.638] Dropping trigger functions...
  0:: [22210] [2015/04/09 22:45:35.683] Dropping remaining non-dependent functions...
  0:: [22210] [2015/04/09 22:45:36.515] EXCEPTION:  Postgres <-[PGConnection executeCSQL:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Models/Postgres/PGConnection.m:339): "Postgres error 2BP01 (ERROR:  cannot drop function dm_current_timestamp() because other objects depend on it
      DETAIL:  default for table devices column last_update_info_time depends on function dm_current_timestamp()
      HINT:  Use DROP ... CASCADE to drop the dependent objects too.
      )">
      USERINFO: {
          SQLSTATE = 2BP01;
          errorMessage = "ERROR:  cannot drop function dm_current_timestamp() because other objects depend on it\nDETAIL:  default for table devices column last_update_info_time depends on function dm_current_timestamp()\nHINT:  Use DROP ... CASCADE to drop the dependent objects too.\n";
  0:: [22210] [2015/04/09 22:45:36.548] SQL Module failed at statement:
      DROP FUNCTION dm_current_timestamp();
      -[PGConnection executeCSQL:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Models/Postgres/PGConnection.m:339): "Postgres error 2BP01 (ERROR:  cannot drop function dm_current_timestamp() because other objects depend on it
      DETAIL:  default for table devices column last_update_info_time depends on function dm_current_timestamp()
      HINT:  Use DROP ... CASCADE to drop the dependent objects too.
  0:: [22210] [2015/04/09 22:45:36.548] Caught unhandled exception -[PGConnection executeCSQL:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Models/Postgres/PGConnection.m:339): "Postgres error 2BP01 (ERROR:  cannot drop function dm_current_timestamp() because other objects depend on it
      DETAIL:  default for table devices column last_update_info_time depends on function dm_current_timestamp()
      HINT:  Use DROP ... CASCADE to drop the dependent objects too.
  0:: [22210] [2015/04/09 22:45:36.548] Migration failed at MIGRATE_00885.004 (final step is MIGRATE_00886.204)
  0:: [22210] [2015/04/09 22:45:36.842] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
  0:: [22210] [2015/04/09 22:45:36.847] ShutdownMigrator: 2015-04-10 05:45:36 +0000
  0:: [22210] [2015/04/09 22:45:36.848] BYE

• Is there a way to have separate permissions between Server app and Profile manager?

  I'm running OS X 10.10.1 (Yosemite) with Server app 4.0 installed.
  I am a System Administrator for a University. I want to give our college techs the ability to manage Profile Manager, but if I grant them Admin rights on the Apple server they will also have access to the Server app, if they have the server app installed on their computer.
  Is there a way to limit access to the Server app, but allow certain individuals admin right to Profile Manager?

  This provides instructions:
  How to use multiple iPods, iPads, or iPhones with one computer

• Can I use OS X Server 4.0 Profile Manager to distribute iOS apps with iOS Developer Enterprise Program (iDEP)?

  We are developing an iOS and complementary Mac OS X app for in house use by about 1500 users. I need to manage the devices and distribute the in-house app to these users.
  We have an iOS Developer Enterprise Program (iDEP) licence.
  Can I combine OSX Server and iDEP to distribute and manage the app? Or do I nee dot move to something like Air Watch?

  You should not have to do anything the user/group import should be automatic and you should not have to manually create any accounts and it does onging syncs automatically but I do not know how often.
  Once you are install and connect to profile manager all the accounts should show up just by clinking on users or the groups icons and they will work with that. You should not need to mess with them in the actual server application Although I would assume the other services all ink into the OD directory I don't know exactly how services like email, file sharing or VPN work as we have other more full featured better scaling services for that like MS Exchange for email/calendar and Cisco VPN.
  We are only using OD, Profile Manager and Software Update.
  Just a note I am using Server 3.2 on OS 10.9.5 if you are using Server 4.X your mileage will probably vary slightly as I am not sure what the areas of major change are.

• Server 4.0 Profile Manager Supported Clients

  I'm not ready to pull the trigger on upgrading to Server 4.0 given the bug history, but I'm starting to look at it.
  When server 3.0 came out, Profile Manager abandoned support for 10.7.x and caught a few of us off guard.
  Does anyone know if Server 4.0 has dropped Profile Manager support for older devices e.g. 10.8.x or iOS 7?  I still have some production devices I've not upgraded yet.

  After I upgraded my desktop to OSX 10.10 Yosemite I had to upgrade Server to 4.0
  Unable to manage the server running 10.9 Server 3.X so I upgraded the server to 10.10 with Server 4.0
  Still unable to connect to server on LAN. Its not an IP or authorization issue since I can connect to the server via finder and manage the server via screen sharing...

• Server 10.8 Profile Manager error

  I hope some one just help me out here:
  Last week, shortly after the 2.2 update came out, I installed the update. Unfortunately, doing so made our NetInstall service run very badly. We rolled back the Server.app from a Time Machine backup. That caused out Profile Manager process to not be able to find it's info. I suspect it was updated with the first 2. update and rolling back the server.app confused it. So, we reapplied the update to 2.2. That allowed Profile Manager to work, and we have been living with the poorly working NetImage. Now, we seem to have an error with Profile Mamager not being able to start due to errors. I would like to restore the database from Time machine and perhaps even the postgreSQL and DeviceManager process to get it working, but I can't figure out which folders I need to restore.  I've spent the better aprt of the day surfing for answers to a non functional Profile Manager, but nothing works.
  What is the proper location for the Profile Manager database ?
  How can I tell that postgreSQL is looking in the right place ?
  Can I reindex the database to repair it ?

  I hope some one just help me out here:
  Last week, shortly after the 2.2 update came out, I installed the update. Unfortunately, doing so made our NetInstall service run very badly. We rolled back the Server.app from a Time Machine backup. That caused out Profile Manager process to not be able to find it's info. I suspect it was updated with the first 2. update and rolling back the server.app confused it. So, we reapplied the update to 2.2. That allowed Profile Manager to work, and we have been living with the poorly working NetImage. Now, we seem to have an error with Profile Mamager not being able to start due to errors. I would like to restore the database from Time machine and perhaps even the postgreSQL and DeviceManager process to get it working, but I can't figure out which folders I need to restore.  I've spent the better aprt of the day surfing for answers to a non functional Profile Manager, but nothing works.
  What is the proper location for the Profile Manager database ?
  How can I tell that postgreSQL is looking in the right place ?
  Can I reindex the database to repair it ?

• Backup Server Settingd - Including Profile Manager

  We want to ensure that we have a backup of our server settings and also the network settings of the machine. We have experienced issues with TimeMachine in the past and want to ensure we are backing our server up including the Profile Manager database and active directory database.
  Thanks,
  James.

  The files are created by PostGreSQL and contain WAL (write-ahead-logging) data. It's still not clear why these files should be growing at more than 33 MB a day.
  Why is there no snapshot of the database taken, past WAL files deleted and new ones started every day/week/month? Can I do this myself? I'm now wasting 16GB of storage as an inefficient backup for PostgreSQL.

• Mountain Lion Server: Wiki and Profile Manager return 'Error Reading Settings'

  Hi,
    Have recently installed Mountain Lion Server (clean install) when I open the Server App I am constantly receiving the following error messages on various services inc. Wiki and the Profile Manager Service
  After clicking on various other services that error message evolves into
  Any help would be greatly appreciated.

  Nvm, I managed to resolve this issue to a degree. The errors seem to occur if I copied and installed the Server.app from a windows network location where I had it stored. However if I downloaded and installed the Server.app from the App store the errors dod not occur.

• Beginner needs help to fix server web, wiki, profile manager

  Hi All,
  I seem to have messed up my server by changing settings for the hostname.
  Now I cant get profile manager, wiki, web to show in Safari anymore.
  Can someone please help me with a step by step walkthrough?
  Greatly appreciate any help I can get

  I have had the same thing and a hostname change is killing for your configuration.
  What I suggest is that you backup your stuff and reinstall your server with the correct hostname if possible.

• What kind of code signing certificate do I need for Profile Manager?

  I'm new to Lion Server and the Profile Manager, and I'm wondering what kind of CA-recognized code signing certificate I would need to buy to use in the Profile Manager -> Sign configuration profiles? For example, Verisign sells a bunch of different kind (http://www.verisign.com/code-signing/): Microsoft Authenticode, Java, etc.
  Patrick

  The cable should be just the normal one, the special smarts that tell the tablet to charge at full speed is in the power brick.

• Can Profile Manager Enroll the Server Itself?

  Hi all,
  I can successfully enroll clients, but when I try to enroll the server itself, I receive the error message, "Profile installation failed. The profile "Remote Management (com.apple.config.myserver.com.mdm)" could not be installed due to an unexpected error."
  I created a seperate local network user account (a different user name) for this purpose and did not use the local admin's account for device enrollment.  On the server machine itself, I logged into http://myserver.com/mydevices and used the admin's local network acount to begin enrollment.  The trust profile successfully installs first, but enrollment fails.
  I would like to group server machines using Profile Manager and I would like to setup a configuration payload is for Software Update.
  Many Thanks!

  I really doubt you can enroll your server in it's own MDM.
  If all you're trying to do is set the software update server, it's a lot easier to just do this...
  sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate
  CatalogURL http://myserver.com:8088/index.sucatalog