Profile Manager Device limit?

I'm in the process of testing some ipad deployments and have started by setting up profile manager on my 10.7.2 lion server but is there a device limititation?  I have heard that there maybe due to the postgreSQL that may limit it?   Any info would be great.....

We have device groups, once the device have been enrolled we then move to a pre-configured profile which sets up items such as wifi, e-mail and passcpde etc all in one go, this has had mixed results, I've now setup profile groups for each item to give us more control over only given the user what they need instead on forcing everything, this resolved my item above but more testing is needed, the main issue has been trying to pass a pre-owned device to a new user as it seems to remember the pervious user in some cases, this is why I asked about if it was possible to delete device history.

Similar Messages

  • Managed device limit (110) devices has been reached. Unable to manage more.

    I get this message when I am adding more devices after discovery. I have the WLSE 1130 that I just upgraded to 2.12fcs. Need help ASAP.

    Earlier to this, I was upgrading from 2.11fc to 2.12, and the install failed and I had to download the 2.12 iso. I already have over 110 devices I was managing, and the show version does say device limit=110. It also says now I have a 1105 not a 1130 anymore. Since there is no replies yet, I'm going to try to restore again with 2.11.

  • Profile manager device management disabled

    I had a working profile manager but had to move to a new sever which then broke profile manager so i have performed a full wipe of the database ect and then tried to recreate a new one however i go through the configuration setup fine but under settings device management is says Disabled and i cant see any obvious way to turn this on?
    Thanks in Advance

    I would try demoting your Open Directory server from Master to Standalone in the Server Admin app - there's an assistant in Server Admin > Open Directory > Settings > General > click the change button.
    Once it's demoted to a standalone, restart.
    From there, don't create an OD Master again - go to Profile Manager in Server.app and run through the wizard again.  In the process, it will create an OD Master for you.
    Hope that helps,
    Chris

  • Profile Manager Devices/Groups Missing?

    I am trying to set up Profile Manager but all I see listed under the library heading on the left hand side of the page is Apps, Books, Users and Groups.  Earlier today I had Devices, Device Groups and some other stuff like the create enrollment button.  Any idea how I can get these back or why they went missing?  I have attached a screen shot showing what I am talking about.

    It looks like "Device Management" somehow got reset. You need to enable it from the Profile Manager pane in Server.app.

  • Profile Manager Device Pending

    Hello. I am new to OS X Server and have come up against a problem with profile manager. I can enroll devices into profile manager but when I try and do anything (e.g. move them into a device group or update info) the task sits in active tasks as pending.
    I am not sure where to even start debugging this. I am running OS X Server 3.1.2 and OS X 10.9.4.
    Any help would be great.
    Richard

    We could solve this by opening the firewall for some ports (443, 1640, 2195, 2196, 5223, ) and ip addresses (17.0.0.0/8). Have a look at
    OS X Server: Ports used by Profile Manager
    Start Profile Manager

  • Profile Manager - Device Group member of Device Group

    Hi Everyone,
    I have an iPad which is a member of a group on Profile Manager. This device group is in another device group...
    EG.
    Staff iPads (setting a generic profile of security etc.)
         > Site One iPads (setup to use a certain SSID etc. etc.)
         > Site Two iPads (setup to use another SSID etc. etc.)
    Am I right in saying the profiles should be applied much like group policy - so the top level profile is applied then ones lower down the tree?
    If so, anyone got any idea why ours arent?
    Cheers
    John Rickard

    We have device groups, once the device have been enrolled we then move to a pre-configured profile which sets up items such as wifi, e-mail and passcpde etc all in one go, this has had mixed results, I've now setup profile groups for each item to give us more control over only given the user what they need instead on forcing everything, this resolved my item above but more testing is needed, the main issue has been trying to pass a pre-owned device to a new user as it seems to remember the pervious user in some cases, this is why I asked about if it was possible to delete device history.

  • Profile Manager Device Enrollmet

    So, I've been using PM since it's introduction. No iOS devices are managed only MacPro's. Problem developed after upgrading the server and clients to 10.7.4. Enrolling a device now shows up as already enrolled under an existing entry for another device. steps to recreate the problem:
    1. Verify that PM is active.
    2. check the list of devices already enrolled.
    3. log in from a workstation via Web Access (/Profilemanager/Mydevices)
    4. Install the Trust Certificate
    5. Install the Manage Certificate.
    6. Enable "Manage This Device"
    7. Log in from another workstation and attempt to repeat step 3.
    8. The device list is showing that this device is already enrolled with the serial number from the machine that enrolled in step 6.
    I tried everything I could think of, remove profiles from the client machine, delete all certificated in Keychain and reboot. Problem is repeating predictably and reliably.
    Any suggestion will be appreciated.

    We have device groups, once the device have been enrolled we then move to a pre-configured profile which sets up items such as wifi, e-mail and passcpde etc all in one go, this has had mixed results, I've now setup profile groups for each item to give us more control over only given the user what they need instead on forcing everything, this resolved my item above but more testing is needed, the main issue has been trying to pass a pre-owned device to a new user as it seems to remember the pervious user in some cases, this is why I asked about if it was possible to delete device history.

  • Profile Manager: Devices won't Update Info in Server 2.2.2

    When I go to a device and click "Update Info", it moves to the next screen but hangs at the Update Info like this screenshot below:
    Instead of moving foward to the next prompt, allowing me to select it again and then it moving to the active tasks.  Has anyone seen this problem before?
    Thank you,
    Mikel

    When I go to a device and click "Update Info", it moves to the next screen but hangs at the Update Info like this screenshot below:
    Instead of moving foward to the next prompt, allowing me to select it again and then it moving to the active tasks.  Has anyone seen this problem before?
    Thank you,
    Mikel

  • Name clash in profile manager after NetRestore

    Hi there,
    New to the Apple world (Hi ) and struggling with profile manager.
    I have used NetRestore to get an image onto 2 iMacs and I'm just going through the process of adding them to our network.
    Post build I'm trying to enroll both iMacs but they are somehow clashing or linked. If I enroll MU112MAC, MU111MAC suddenly shows as enrolled (from the http://macserver/mydevices page). I've checked to make sure they have the correct computer name/host name but for some reason as soon as I enroll 1 they both show as enrolled (though only 1 device shows in profile manager devices).
    Coming from a Windows background I thought this might be due to lack of a sysprep (or equivalent) beign run pre-capture but from some searching there doesn't seem to be a sysprep as such but rather guides on cleaning up cache and creating default user profile. I have a feeling the device was enrolled pre-capture so wondering if that's where the problem has arisen?
    Any pointers/suggestions gratefully received.

    Hi there,
    New to the Apple world (Hi ) and struggling with profile manager.
    I have used NetRestore to get an image onto 2 iMacs and I'm just going through the process of adding them to our network.
    Post build I'm trying to enroll both iMacs but they are somehow clashing or linked. If I enroll MU112MAC, MU111MAC suddenly shows as enrolled (from the http://macserver/mydevices page). I've checked to make sure they have the correct computer name/host name but for some reason as soon as I enroll 1 they both show as enrolled (though only 1 device shows in profile manager devices).
    Coming from a Windows background I thought this might be due to lack of a sysprep (or equivalent) beign run pre-capture but from some searching there doesn't seem to be a sysprep as such but rather guides on cleaning up cache and creating default user profile. I have a feeling the device was enrolled pre-capture so wondering if that's where the problem has arisen?
    Any pointers/suggestions gratefully received.

  • Profile Manager - iOS device limit?

    Has anyone found any information from Apple (or elsewhere) on approximately how many iOS devices Profile Manager can support?

    I would try demoting your Open Directory server from Master to Standalone in the Server Admin app - there's an assistant in Server Admin > Open Directory > Settings > General > click the change button.
    Once it's demoted to a standalone, restart.
    From there, don't create an OD Master again - go to Profile Manager in Server.app and run through the wizard again.  In the process, it will create an OD Master for you.
    Hope that helps,
    Chris

  • Is there a maximum number of devices to enroll in Profile Manager in OS X Server?

    Just wondering if there's a limit to the number of devices that should be managed using profile manager.
    I have the Mac Mini Server running the lastest version.

    There's no real maximum although there are limits in which everything on your network would start to struggle in a major way. You could use Apple's support article regarding PM's Scalability as a rough guide?:
    http://support.apple.com/kb/HT4780
    I was recently involved in a real world deployment of approx 1600 iPads and 8 MacMini Servers (200 devices per server) each in their own subnet and using PM as the MDM. It works well but only after working very, very closely with the network designer prior to roll-out. If all you're ever going to have is 100-300 devices then one server should be enough? As ever YMMV.

  • Keep 443 open for profile updates, but limit profile manager login

    I notice that port 443 is used by clients to communicate with the server when profiles are pushed (I assume as an encrypted connection for transmitting the profile file). Therefore it seems that for profiles to be pushed to devices outside the LAN 443 needs to be available when clients come calling to the FQDN to get a new profile (when Apple's push notification service says 'hey something is waiting for you').
    However, from a security standpoint I'm not thrilled about exposing the profile manager login to the page to the whole world. Is there a way to limit access to this page to say just our LAN (e.g., using .htaccess) and still allow clients to come calling to the server from anywhere on 443 to fetch profiles? How have others handled this scenario?
    Thanks!

    ...minor updates (see below) after some additional testing. Added /auth as this is another mechanism for authenticating against the admin panel. Also Added an additional allow for loopback traffic since logs showed some items being blocked on : : 1
    <Location /profilemanager>
        AllowOverride None
        Options MultiViews FollowSymlinks
        Order deny,allow
        Deny from all
        Allow from 10.0.0.0/8                   #OUR LAN
        Allow from XXX.XXX.XXX.XXX              #SERVER'S PUBLIC IP
        Allow from 127.0.0.0/255.0.0.0 ::1/128    #FOR INTERNAL LOOPBACK TRAFFIC
        Header Set Cache-Control no-cache
    </Location>
    <Location /mydevices>
        AllowOverride None
        Options MultiViews FollowSymlinks
        Order deny,allow
        Deny from all
        Allow from 10.0.0.0/8                   #OUR LAN
        Allow from XXX.XXX.XXX.XXX              #SERVER'S PUBLIC IP
        Allow from 127.0.0.0/255.0.0.0 ::1/128    #FOR INTERNAL LOOPBACK TRAFFIC
        Header Set Cache-Control no-cache
    </Location>
    <Location /auth>
        AllowOverride None
        Options MultiViews FollowSymlinks
        Order deny,allow
        Deny from all
        Allow from 10.0.0.0/8                   #OUR LAN
        Allow from XXX.XXX.XXX.XXX              #SERVER'S PUBLIC IP
        Allow from 127.0.0.0/255.0.0.0 ::1/128    #FOR INTERNAL LOOPBACK TRAFFIC
        Header Set Cache-Control no-cache
    </Location>

  • Can't enroll devices with Profile Manager - invalid key

    n my case I can install profiles on devices from Profile Manager page but I cannot enroll devices.
    The certificate I download to enroll is reject by my MacBook Pro Lion: Says Invalid blablabla at the end:
    Now I have done log research and I now exactly and understand why it doesn't work:
    the scep_helper daemon is supposed to listen to port 1640 TCP (which you should forward to your server by the way, if you want to be able to enroll devices) and provide the requsting client the root CA that signed the certificate. In my case, it can't find the root CAT to provide the client with so it can finalize the cert validation process.
    In my case, that's what I see in the log:
    Jul 29 02:12:44 teknologism scep_helper[1638]: SCEP_HELPER: /SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-701.70/scep_helper/m ain.m:727 'status = SCEPGetCACert(session, NULL, 0)' = -25300
    Jul 29 02:12:44 teknologism scep_helper[1638]: SCEP_HELPER: /SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-701.70/scep_helper/m ain.m:513 'SCEPGetCACert(session, NULL, 0)' = -25300
    Jul 29 02:12:44 teknologism scep_helper[1638]: SCEP_HELPER: /SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-701.70/scep_helper/m ain.m:819 'challenge = GetChallengeFromSCEP(password, guid, hostURL)' is NULL
    Jul 29 02:12:44 teknologism ProfileManager[516]: Could not retrieve root certificate from open directory server.
    No , as for the bad news: I have no idea on how to fix. Have dug into scep_helper, googled etc. Not a single clue on how to check it's configuration or even why it can't find the root CA. By the way everyhting else (I really mean everything, ical,cardav,web,wiki etc.) work great. And profile manager too, it's just the enroll thingy that doesn't work. And the root CA cert is in /etc/certificates. My server a legit Class 1 SSL cert signed by a system trsuted CA (Startfiel to name it)
    I have tried with other certs etc... It's a no go.
    Can anyone help ??
    How can I add that missing CA Cert in opendirectory ?

    Here is some more infos...
    teknologism:root root# serveradmin settings devicemgr
    devicemgr:SSLAuthorityChain = "/etc/certificates/trinity.teknologism.org.C1D19D55699B48C94A18787E4F53B4C3230E 91FE.chain.pem"
    devicemgr:od_active = yes
    devicemgr:ssl_active = yes
    devicemgr:enableCodeSigning = yes
    devicemgr:updated_at = 2011-07-28 16:04:52 +0000
    devicemgr:email_delivery_method = ""
    devicemgr:CodeSigningPrivateKey = "/etc/certificates/teknologism.org Code Signing Certificate.ED29CE4BD9D2926D64E60EF7A117EFDB2213F0CC.key.pem"
    devicemgr:apns_active = yes
    devicemgr:CodeSigningAuthorityChain = "/etc/certificates/teknologism.org Code Signing Certificate.ED29CE4BD9D2926D64E60EF7A117EFDB2213F0CC.chain.pem"
    devicemgr:default_profile_created_at_least_once = yes
    devicemgr:knob_sets_enabled:com.apple.mail.managed = yes
    devicemgr:knob_sets_enabled:com.apple.vpn.managed = yes
    devicemgr:knob_sets_enabled:com.apple.carddav.account = yes
    devicemgr:knob_sets_enabled:com.apple.jabber.account = yes
    devicemgr:knob_sets_enabled:com.apple.caldav.account = yes
    devicemgr:email_authentication = ""
    devicemgr:email_port = 25
    devicemgr:email_username = ""
    devicemgr:id = 1
    devicemgr:last_modified_guid = ""
    devicemgr:SSLPrivateKey = "/etc/certificates/trinity.teknologism.org.C1D19D55699B48C94A18787E4F53B4C3230E 91FE.key.pem"
    devicemgr:od_master = "127.0.0.1"
    devicemgr:apns_topic = ""
    devicemgr:email_password = ""
    devicemgr:mdm_acl = 2047
    devicemgr:user_timeout = 43200
    devicemgr:server_organization = ""
    devicemgr:SSLCertificate = "/etc/certificates/trinity.teknologism.org.C1D19D55699B48C94A18787E4F53B4C3230E 91FE.cert.pem"
    devicemgr:created_at = 2011-07-24 11:47:33 +0000
    devicemgr:email_address = ""
    devicemgr:email_domain = ""
    devicemgr:CodeSigningCertificate = "/etc/certificates/teknologism.org Code Signing Certificate.ED29CE4BD9D2926D64E60EF7A117EFDB2213F0CC.cert.pem"
    devicemgr:email_server_address = ""
    devicemgr:admin_session = ""
    The 3 CodeSigning certs/keys are in /etc/certificates and their permissions are correct.
    Also, don't ask me why but my ProfileManager pane in Server.app is working again. It shows all the config...but can't modify anything....as soon as I try to modify it spins the waiting whell forever... I guess it's the same error as command line serveradmin...

  • The Ultimate Guide to Resolving Profile and Device Manager Issues

    The following article also applies to issues after re-setting the severs' hostname. It also applies to situations where re-setting the Code Signing Certifictateas described by Apple has not resolved the issue.
    Hello,
    I have been plagued with Profile Manager and Device Manager issues since day one.
    I would like to share my experience and to suggest a way how to resolve issues such as device cannot be enrolled or Code Signing Certificate not accepted.
    I shall try to be as brief as possible, just giving an overview of the steps that resolved my issues. The individual steps have been described elsewhere in this forum. For users who have purchased commercial SSL certs the following may not apply.
    In my view many of these issues are caused by missing or faulty certificates. So let us first touch on the very complex matter of certificates.
    Certificates come in many flavours such as CA (Certificate Authority), Code Signing Certificate, S/MIME and Server Identification.
    (Mountain?) Lion Server creates a so-called Intermediate CA certificate (IntermediateCA_hostname_1") and Server Identification Certificate ("hostname") when it installs first. This is critical for the  operation of many server functionalities, including Open Direcory. These certs together with the private/public keys can be found in your Keychain. Profile  and Device Manager may need a Code Signing Certificate.
    The most straightforward way to resolve the Profile Manaher issues is in my view to reset the server created certicates.
    The bad news is that this procedure involves quite a few steps and at least 2 hours of your precious time because it means creating a fresh Direcory Master.
    I hope that I have not forgotten to mention an important step. Readers' comments and addenda are welcome.
    I shall outline a sensible strategy:
    1. Clone your dysfunctional server to an external harddrive (SuperDuper does a reliable job)
    2. Start the server fom the clone and shut down ALL services.
    3. It may be sensible to set up a root user access.
    4. Back-up all user data such as addess book, calendar and other data that you *may* need to set up your server.
    5. Open Workgroup Manager and export all user and workgroup accounts to the drive that you using to re-build your server (it may cause problems if you back-up to an external drive).
    6. Just in case you may also want to back-up the Profile Manager database and erase user profiles:
    In Terminal (this applies to Lion Server - paths may be diferent in Mountain Lion !)
    Backup: sudo pg_dump -U _postgres -c device_management > $HOME/device_management.sql
    Erase database:
    sudo /usr/share/devicemgr/backend/wipeDB.sh
    7. Note your Directory (diradmin) password for later if you want to re-use it.
    8. Open Open Server Admin and demote OD Master to Standalone Directory.
    9. In Terminal delete the old Certificate Authority
    sudo rm -R /var/root/Library/Application\ Support/Certificate\ Authority/
    This step is crucial because else re-building you OD Master will fail.
    9. Go back to Server Admin and promote the Standalone Directory to OD Master. You may want to use the same hostname.
    10. When the OD Master is ready click on Overview and check that the LDAP and Keberos Realm reflect your server's hostname.
    11. Go back to Workgroup Manager and re-import users and groups.
    NOTE: passwords are not being exported. I do not know how to salvage user passwords. (Maybe passwords can be recovered by re-mporting an OD archive - comments welcome! ).
    12. Go to Server App and reset passwords and (not to forget) user homefolder locations, in particular if you want to login from a network account!
    If the home directory has not been defined you cannot login from a network account.
    13. You may now want to restore Profile Manager user profiles in Terminal. Issue the following commands:
    sudo serveradmin stop devicemgr
    sudo serveradmin start postgres
    sudo psql -U _postgres -d device_management -f $HOME/device_management.sql
    sudo serveradmin start devicemgr
    14. You can now switch back on your services, including Profile Manager.
    In Profile Manager you may have to configure Device Management. This creates a correct Code Signng Certicate.
    15. Check the certificate settings in Server App -> Hadware -> Settings-> SSL Certificates.
    16. Check that Apple Push Notifications are set.(you easily check if they are working later)
    17. You may want to re-boot OS Server from the clone now.
    18. After re-boot open Server App and check that your server is running well.
    19. Delete all profiles in System Preferences -> Profiles.
    19. Login to Profile Manager. You should have all users and profiles back. In my experience devices have to be re-enrolled before profiles can be pushed and/or devices be enrolled. You may just as well delete the displayed devices now.
    20. Grab one of your (portable) Macs that you want to enrol and go to (yourhostname)/mydevices and install the server's trust profile. The profile's name  should read "Trust Profile for...) and underneath in green font "Verified".
    21. Re-enrol that device. At this stage keep your finger's crossed and take a deep breath.
    22. If the device has been successfully enrolled you may at last want to test if pushing profiles really works. Login to Profile Manager as admin, select the newly enrolled device. Check that Automatic Push is enabled (-> Profile -> General). Create a harmless management profile such as defining the dock's position on the target machine. (Do not forget to click SAVE at the end - this is easily missed here). If all is well Profile Manager will display an active task (sending) and the dock's position on the target will have changed in a few seconds if you are on a LAN (Note: If sending seems to take forever: check on the server machine and/or on your router that the proper ports are open and that incoming data is not intercepted by Little Snitch or similar software).
    Note: if you intend to enrol an Apple iPhone you may first need to install the proper Apple Configuration software.
    Now enjoy Profile and Device Manager !
    Regards,
    Twistan

    HI
    1. In Action profiles, logon to system and recheck correcion are available in action definition as well in condition configuration and the schedule condition is also maintained. but the display is not coming(i.e in the worklist this action is not getting displayed).
    You can check the schedule condition for the action and match the status values...or try recreating the action with schedule condition again....for customer specific ....copy the standard aciton with ur zname and make a schedule condition and check the same.
    2, In suppport team of incident when i give individual processor it throwing a warning that u r not the processor. but when i give org unit it is working perfectly. Could anyone guide on this.
    You need to have the empolyee role for BP ..goto BP and got here dropdown for ur bp and choose role Employee and then enter ur userid
    also make sure that u have the message processing role
    Hope it clarifies ur doubt and resolve ur prob
    Regards
    Prakhar

  • Set or Change Device Name in Profile Manager

    Hello,
    Is it possible to set or change the device name of an enrolled device using profile manager?
    I notice WGMs old 'Set computer name to computer record name' is still there under Login Window options, but I couldn't find away to actually change the record name.
    Am I missing something obvious?

    The only way I have found to change the device name in Profile Manager is to change it on the device itself, then wait for the updated info to reach PM.
    The option to "set the computer name to computer record name" will set the computer name to the name of a computer record that matches in Open Directory (based on MAC). This option would allow you to change the device name in Profile Manager in a round about way... change the computer record name in OD, wait for the change to make it's way to the computer, then back up to the Profile Manager. In my experience, this doesn't take too long.

Maybe you are looking for

  • Updating the system has broken ssh-agent

    Hi everyone, I recently encountered a strange problem with ssh-agent. For a very long I started it with a simple ssh-agent and everything was fine - I could add a key from a different console and everything was immediately visible in all the applicat

  • Static Policy NAT in VPN conflicts with Static NAT

    I have a situation where I need to create a site-to-site VPN between an ASA 5505 using IOS 7.2 and a Sonicwall NSA4500. The problem arises in that the LAN behind the Cisco ASA has the same subnet as a currently existing VPN created on the Sonicwall.

  • Internal speakers silent

    There is a red light coming out of my headphone jack. The internal speakers don't work but when I plug speakers in they work fine. Also, I don't know if my internal microphone is working. Nothing bad happend, the red light just came on and they stopp

  • Keynote file (OSX 10.9.5) does not show up in iCloud drive

    I have created a keynote presentation, using OS X 10.9.5, saving it in iCloud. The next day I wanted to continue to work on the presentation. But it does not show in iCloud Drive, whereas Keynote states, that the file is stored in iCloud Drive. That´

  • Joining multiple albums

    I have a 3 CD set of the opera Aida, which I would like to join all the songs of into one long piece so it will always play all together on shuffle mode. Is there any way to join multiple CDs? I tried to burn all onto one CD so I could import it from