Profile Manager - Why create Enrollment Profiles?

So a similar question was asked previously:
Why use an enrollment profile?
I've read through it and I don't think the answers provided tell the whole story, so I'd like to ask again adding some of my own thought and clarifications on the previous thread. This may be considered a "primer" by some - though I am certainly not the expert on Profile Manager. I'm laying it out there to explain my understanding and off of that, ask a question. If you are an expert, and understand how all this works, please just skip to my question below!
First, my experience and understanding. (I urge others to correct/clarify where they see fit):
The previous thread attempted to make a distinction between the 3 different types of profiles: Trust, Enrollment.and Remote Management Profiles.
I believe the proper 3 distinctions should be: Trust, Remote Management/Enrollment, and Configuration Profiles.
- The Trust Profile is basically a Profile (.mobileconfig file) that contains the Server Certificate that needs to be present to validate other signed Profiles. It's a fancy way of packaging up the Root certificates.
- The Remote Management/Enrollment Profile is a Profile (.mobileconfig file) that delivers the Remote Management "connection". It registers the device with the Profile Manager server and facilitates the ability to use PM/APNS to push various Configuration Profiles as well as commands (wipe/lock/etc). It is *only* called an Enrollment Profile when you explicitly create one (more on that below). Because an Enrollment Profile does not need to exist to enroll (or rather it will use the implicit "unseen" enrollment), this is the most confusing of the 3 Profile types. It is further confusing because the term "Profile" is used almost elusively on the device and not within Profile Manager. In fact the "Enrollment Profile" is the only one explicitly called a "Profile" within the management interface!
IOW: While it is not shown anywhere in Profile Manager, I believe that "Remote Management" (called a Profile on the device) is basically the *default* Enrollment Profile that is only inferred and seen when you use the Enroll function on MyDevices. This means you don't need to create any Enrollment Profile to enroll your devices interactively via the MyDevices page.
- The Configuration Profile is a Profile (.mobileconfig file) that delivers specific settings. These Profiles are applied to either Users, Groups, Devices, or Device Groups. They can be automatically pushed to an enrolled device, or they can be manually downloaded from the MyDevices page (seems to apply to User configuration only) for devices even if they are not enrolled (this would allow the end user the 'choice' to pull down settings).
Having outlined that, the simplest steps to enrollment...:
When you setup Profile Manager, you can go right to the MyDevices page on your device, login, and choose "Enroll." (sample device is let's say an iPad)
Doing so will prompt you to install the "Remote Management" profile.
Note that when enrolling in this way it does not appear necessary to install the "Trust Profile" for your server, even when using a Self-signed Cert. It would appear that this "Remote Management" profile contains not only the SCEP Enrollment Request and the Device Management payload, but also the Certificates that would be installed with the "Trust profile"
So we have seen here that one can enroll a device without explicitly creating any "Enrollment Profile."
So why use an Enrollment Profile?
Well according to https://help.apple.com/profilemanager/mac/3.1/#apd6DD5E89E-2466-4D3C-987E-A4FF05 676EB7, the answer is pretty straightforward:
"The user does not need to authenticate or log in to Profile Manager’s user portal"
This is a great feature. For one, you can create an Enrollment Profile and send it via e-mail and the user doesn't need to visit a web page and login to enroll a device. In fact, based on my experience Enrollment Profiles can't even be accessed via the MyDevices page unless you are a Server Admin.
However, when distributing an Enrollment Profile you seemingly *must* install the Trust Profile prior to this, or you will get an error about communicating with the server. Several docs/tutorials you can google explain how to set up your deployment systems (specifically OSX machines) to deploy systems with both the Trust and Enrollment profiles to facilitate automatic enrollment when a new system is deployed so it can instantly be managed.
However, since a device that is already deployed will/may not have the Trust Profile installed, one would have to visit the MyDevices page to install that prior to being able to import a delivered Enrollment Profile. Because of that it seems that from a distribution approach (as opposed to a deployment scenario) there is not much advantage of using an explicit Enrollment Profile anyway since we already need to visit the MyDevices page to get the Trust Profile, we might as well just use the standard MyDevices implicit Enrollment.
All devices that have enrolled themselves via a defined/explicit Enrollment Profile will be listed under that Profile in Profile Manager. Devices that have enrolled via MyDevices will not be listed under any Profile, but rather just under Devices (where *all* devices will be shown regardless of how they enrolled).
So, now the questions:
So, the idea of an Enrollment Profile makes perfect sense - it is basically the only way to create an exportable profile that can be distributed and configured to automatically enroll a device without interactive enrollment via the MyDevices page.
What I don't get is WHY is there the ability to create multiple Enrollment Profiles rather than simply providing a default exportable profile?
The reason it makes no sense to me is there is absolutely no correlation (that I can deduce) between an Enrollment Profile and the devices that used it to enroll. While I can see a (non-exportable) list of each device enrolled via each Enrollment Profile, it ends there. I can't, for instance, create Configuration Settings that I link to an Enrollment Profile. Or dynamically populate a Device Group with all devices enrolled from a specific Enrollment Profile. If I could do these things, it might make sense to me and I have spent much time looking at the interface and scouring documentation to see where the connection is. I have simply determined that there isn't one.
I can go ahead and create several Enrollment Profiles such as:
iPads
Lab Systems
Main Office Systems
High Security Systems
And I can deploy these Profiles (either via mail/file or via initial deployment) to the respective devices. I can then see under each Profile which devices enrolled. But, since I can't actually do anything to correlate those systems to a configuration, why would I want to do this segregation? Sure it gives me a listing of iPads apart from OSX machines, but I can't do anything with this listing!
Now, of course, I can still pre-stage devices and add them into particular device groups so that as soon as they are enrolled (via any Enrollment Profile) they will get the Configuration Profile(s) attached to them. This makes the inclusion of multiple Enrollment Profiles even more suspect.
Am I missing something? Can someone enlighten me as to what the purpose of creating more than one Enrollment Profile would be?
We can easily say "Well it's not hurting having them there" but, in terms of complexity and confusion I believe it is. Had they simply provided a single Enrollment Profile ("Remote Management") that was downloadable/exportable it would have been sufficient.
Thoughts?

Similar Messages

Profile manager shows only one profile but I have two profiles located in the same place and I want to change

I have had a Firefox crash and uninstalled then reinstalled three times. For some reason Mozbackup won't back up my files. In checking profiles, I have two profiles with different names and both marked default, located in the same place. I would like to use the old profile but the profile manager only shows one profile.
How can I get to use the old profile?
Thanks, Joe

Antaeus00 wrote:
I tried sending a request for help,
But did you succeeed in sending a request for help?
Did you receive a response? How long has it been since you sent a request?
but I need someone with more authority to talk to.
There is no one with more authority than iTunes store support. We herem are only users.

Firefox doesn't open with profile even after creating a profile through Profile Manager.

I created a profile of Firefox yesterday using Profile Manager. And placed it in a virtual encrypted drive created by TrueCrypt. But Firefox didn't open with the profile. Instead it opened in default setting that Firefox usually gets when newly installed. I tried to select the profile through Profile Manager and open Firefox but to no avail. Even tried placing the profile in the Profile folder in Firefox pathway in AppData. Still same thing. At last reset Firefox and the profile was deleted. Now I'm with newly default setting. Luckily I had saved my bookmarks from Bookmark Manager.
I just wanted to save a profile so that only I can only access my profile and any other person would just had to use default setting. Also to restore my settings in case I install a fresh Firefox or reset Firefox to solve a problem.
Please help me fulfill my wants as stated above and why did it not work yesterday with the Profile Manager?

Hello ams963, i think the problem is with TrueCrypt because it is not support your win 8 yet. see: http://www.truecrypt.org/
http://www.truecrypt.org/docs/version-history
see if can find a method in the next link, not too useful i think for your win 8 : [http://kb.mozillazine.org/Protect_the_profiles_contents Protecting the contents of the profile]
thank you

Firefox will not start. Open profile manager. Delete old profile. Create new profile. Click start firefox. Firefox starts. Close firefox. Click start, "Mozilla Firefox", FireFox DOES NOT start. Help!?

Firefox will not start.
Run profilemanager and delete old profile - create new profile - click run firefox from profile manager and firefox opens.
Close firefox and try to reopen. Will not open. Follow above procedure again and foerefox opens until closed them will not open.
== This happened ==
Every time Firefox opened
== Last week ==
== User Agent ==
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8

Thanks for your help. I had tried starting Firefox in safe-mode before I posted this request, but it did not work. I tried to restore the system to an earlier version, but that made everything worse. Two accounts were unusable and one sort of worked, so I reloaded the operating system and now firefox works, for how long, I don't know. But thanks again for your suggestion.

When clicking loading FireFox the profiles box comes up but it blank, no profiles are loading, how do I get profile manager to load the profiles?

Profile manager loads up but the window is now blank. I have checked in the profiles folder and the profiles exist but I can not get them to load. What do I need to do to make profile manager load the profiles? Thanks.

Is this a new installation of Firefox you're running for the first time, or have you been running Firefox for a while?
Are you using the "built in" profile manager (firefox.exe /profilemanager) or the new "stand alone" profile manager?
If you look in this folder:
C:\Users\''username''\AppData\Roaming\Mozilla\Firefox
do you have a file named profiles.ini? It's a text file that usually has information for each of the profile folders in the Profiles subdirectory.

Profile manager can't enroll after restore from time machine

I am using mac mini server as ipad manaagement server ,the server cashed and can't load the OSX,then i use time machine to restore the backup ,after that i try to enroll new ipad to server but it can't.
also i can't push the setting through the server to ipad
anyone can help me?

There could be a few reasons for this.
First what version of OS X do you have installed?
What version of OS X is the Time Machine Backup file from?
Did Reinstalling OS X from Recovery install the same version you had before reinstalling?
If you have not changed OS X versions then:
It sounds like there may be a bad file in the backup that is causing the computer to not startup after restoring it. This is especailly true if the computer boots just fine after a fresh installation of OS X, but without the Migrated Data being restored.
If that is the case, then the solution is not a quick one. You have to hunt down the bad file.
Moving Files Manually (Not in Migration Assistant)
Manually access your Time Machine backup folder from within Finder (you should see the backup drive in a Finder Window or on your Desktop). Once open, manually move data from the User folder (documents, music, movies, photos etc.) into their respective folders on the Mac. Reboot after each folder you move to see which folder contains the corrupted file then delete the affected folder/file after reinstalling OS X from Recovery.
If none of the files cause the computer to hang at startup after moving all your User data, then the issue is from within the System or Library folders.
NOTE: DO NOT manually move Applications, System, or System Library files over to the Mac. You can cause major issues with the current installation by doing so. It is safer to just reinstall all the Apps from wherever you got them so they can recreate their support files and such themselves.
2- Using Migration Assistant
Basically, if you have discovered the affected file. You can just simply delete it from the backup folder.
Reinstall OS X after you have done that, and use Migration Assistant to automatically migrate the data over minus the affected file/folder.
Its a pain in the rear, but it will at least let you salvage most of your data.
Let me know what happens riorec!
- Captain

CalDAV created as "manual download" by profile manager.

why CalDav account pushed by profile manager to my iDevices are created and setted as "fetch manually" and not as "push" ?
is there a way to tell profile manager to create them as "push" or at least to "fetch every X minutes" ?
if I manually create the account on my idevice it will let me set as "push".
if Profile manager create the account for me it will set it as "manual" and the "push" setting is unavailable.
i use iCal server from Lion Server (fully updated) and iOS 5.1 (fully updated)
thanks.

no one ? please help me

HT1822 [Add Certificate...] hangs in Profile Manager 2 (Mountain Lion)

I just installed Mac OS X Server on Mountain Lion for the sole purpose of configuring a new network profile for my workplace. After configuring my system to enable Profile Manager, I launched the Profile Manager web interface, logged in, went to Device Groups, and created a new profile.
Settings are to include:
General (required): includes general info about the profile itself
Network: configure profile for both wired and wireless 802.1x authentication
Certificates: include two certificates to trust for authentication to the network.
I was able to easily configure General and Network. However, whenever/however I attempt to upload the required certificates, the browser window displays "Uploading <name of certificate file.cer>...", with the spinning indicator and does nothing else, regardless of how long I leave it alone.
Thoughts appreciated. Considered firewall, DNS, etc issues but haven't found anything that may be getting in the way.
Thanks.

I'm having this same issue.
I can install the Trust Profile
but when I go to Enroll Device, I get:
profile installation failed
could not download the identity profile from the encrypted profile service. The credentials within the device enrollment profile may have expired.
what I've done:
backed up my Device Manager database
wiped the database
re-setup Device Manager
replaced the database
tried to Enroll Device and failed (same error)
wiped the database
re-setup the Device Manager
tried to Enroll Device and failed (same error)
I've tried recreating my ssl certs
Ive tried running it without code signing certs
I refuse to wipe my entire Open Directory
is there any to get this working or am I going to need to go third party to manage my Mac-only shop?

How can users add their devices to Profile Manager without a user account?

We would like to allow company devices to be tracked, inventoried and managed in Profile Manager without creating a user account for each person so they can log into /MyDevices to download the mobile profiles. We aren't staffed to have someone manage user accounts as quickly as iPads are being purchased.
If we can't do some kind of guest access, can one user, maybe called Enroll, have literally one thousand devices attached to them?
The other alternative is to have the profiles on a small webpage with a password to download.

the easiest way is to use apple configurator
using apple configurator
enable enrollment in PM
un tick restrict to users in device library
apple configurator should pick up your server certs
and the PM auto enrollment profile
setup a enrolment wifi lan
configure your IOS devices with apple configurator adding the
server cert and your enrolment wifi lan
you'll still have to handle each device tapping yes to install each profile
but you should end up with the ipads in PM with no users
from there you can set which wifi you wish them to connect to
eg staff wifi, email setings, VPN etc.
open the correct ports on firewalls to allow PM to work internaly and externaily
and pr any port forwading as nessessary and you'll be able to wipe lock change settings outside on your network, providing the device is online.

Profile Manager site blank externally

Changed the server's host name to include the company's domain name and lost the ability to navigate to the site eternally. I've recreated all certs following the name change and can navigate to the site internally and enroll devices without issue however the external site is blank. When I enable Websites I'm able to navigate to the sites homepage however selecting Profile Manager loads a blank page.
Navigating to the MyDevices page loads a Service Unavailable error:
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache Server at PUBLIC_IP Port 443
Any idea what could be causing this behavior and how to resolve? Thank you

I used the Server app to change the name which did recreate the self-signed certificate. Unfortunately Profile Manager also relies on two other certificates, the code signing cert and the MDM Identity cert. Deleting and recreating the Open Directory master DB recreated these for me and allowed me to point Profile Manager's "Sign Configuration profiles" to the newly created certificate.
After all of that I was able to navigate to all the pages internally and enroll devices however still can't access it externally. I'm going to apply an SSL cert to the server to see if anything changes however I should be able to access the sites externally w/out one.
Anyone ever run into this issue before?

Deploy iPads AC 1.5 + PM 3 enrollment profile install-issues

I'm having a hard time in deploying iPads the OTA-way using Profile Manager 3 and Apple Configurator 1.5.
Under Profile Manager (OS X Mavericks) I have a valid trust certificate and a created enrollment profile (for the iPads).
Under Apple Configurator 1.5 I prepare an iPad using Supervised mode and added the trust certificate and a WiFi-setting. In the Supervise-tab I add the enrollment profile (created in Profile Manager). Everything works nice until the enrollment profile needs to be installed. Every time I get an error stating the profile could not be installed... AC 1.5 has a new feature on the Prepare-tab: anchor profiles. Is it possible this has something to do with the error I get? I can't find any info on that new feature...
Extra info: I'm using the same Profile Manger to deploy iMacs and this works without problems. So the trust certificate is valid.
I've been watching so many video's demonstrating the deployment-process of iPads using AC and PM. Those installments all work. Very frustrating... I can't get it to work... I've to state that all those video's use AC 1.4.x and the iPads have versions prior to iOS7.1.
I even have tried to enroll the iPads on a manual basis but I always end up with the same error.
Can anyone help me or give some tips in order to get my iPads enrolled?

Same issues here.
Buggy as ****..
Also after some time, the Profile Manager PAne doesn't even fill in Server.app.....stays at Loading...
Nevertheless, the service itself works with the bug you outlined, plus enroll is impossible for me (check my post here: Can't enroll devices with Profile Manager - invalid key )
I hope all these get fixed in 10.7.1 !!!

Firefox won't open unless i create new profile.

Well, basically firefox won't start unless i open the profile manager and create and/or use a newly created profile. However, if i try to open firefox again after closing it with the same mozilla profile it just won't start. The mouse will briefly display a loading symbol but nothing happens. Google chrome and internet explorer work just fine if that helps.

If you check the Windows task manager, is Firefox doing anything in the background, or just frozen?
You can use Ctrl+Shift+Esc to open the Task Manager, and check the Processes tab for firefox.exe. Sometimes Firefox will hang when shutting down, and then be prevented from restarting. Other times, it may hang starting up due to configuration issues. If you don't find firefox.exe at all, that could indicate a silent crash.
Some possibly relevant articles depending on the situation:
* [[Firefox hangs or is not responding - How to fix]]
* [[Firefox crashes - Troubleshoot, prevent and get help fixing crashes]]

Profile Manager not starting anymore on Lion

I recently had the bright idea to change my server's hostname and my admin password on the same day (don't ask) and things have been pretty wobbly since then. After going over each entry in the Keychain to change the password, I'm still having some issues with the Profile Manager. I had profiles created under the old hostname (with devices associated to it). I deleted the profiles from my various devices hoping to re-associate them with the new hostname but the Profile Manager won't start anymore, or rather will show as running but really, it timed out.
I know people have been have been having issues with postgres but everything was working fine under the old hostname so I'm not sure that's the same problem. Thanks for the help.
Aug 13 09:51:52 helios servermgrd[90]: servermgr_postgres: waiting for postgres to respond
Aug 13 09:52:30 helios com.apple.devicemanager[16820]: DEBUG: Initializing DeviceManagerDaemon with ports 3320,3321,3322,3323,3324,3325 (physmem = 5GB)
Aug 13 09:52:30 helios com.apple.devicemanager[16820]: DEBUG: Making sure Rails is configured properly
Aug 13 09:52:30 helios com.apple.devicemanager[16820]: DEBUG: Running rake command: /usr/bin/rake db:migrate
Aug 13 09:52:31 helios com.apple.launchd.peruser.70[16834]: Background: Bug: launchd_core_logic.c:3063 (24984):3
Aug 13 09:52:31 helios com.apple.launchd.peruser.70[16834]: Background: job_mig_intran() was confused by PID 16750 UID 70 EUID 70 Mach Port 0x1a07:
Aug 13 09:52:31 helios com.apple.launchd.peruser.70[16834]: Bug: launchd_core_logic.c:8528 (24984):3: j != NULL
Aug 13 09:52:31 helios sandboxd[16830] ([16827]): ruby(16827) deny file-read-metadata /private/var/folders/zz/zyxvpxvq6csfxvn_n00000vm00006x
Aug 13 09:52:32 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:32 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:34 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:34 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:34 helios sandboxd[16830] ([16827]): ruby(16827) deny mach-lookup com.apple.distributed_notifications@1v3
Aug 13 09:52:36 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:36 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:38 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:38 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:40 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:40 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:42 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:42 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateDevices (20100225003807)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateEmailKnobSets (20100226010444)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateUsers (20100303214947)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateWebClipKnobSets (20100303223617)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateRestrictionsKnobSets (20100303223810)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateLdapKnobSets (20100303223914)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateCalDavKnobSets (20100303224035)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateCalSubKnobSets (20100303224314)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateScepKnobSets (20100303235704)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateApnKnobSets (20100304000230)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateExchangeKnobSets (20100304000404)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateWifiKnobSets (20100304000926)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateCertificateKnobSets (20100304233616)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateVpnKnobSets (20100304234049)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateDockKnobSets (20100305002947)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateFinderKnobSets (20100305223616)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateUserGroups (20100317233008)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateTasks (20100322225845)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateDataFiles (20100422224508)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateProfiles (20100510203627)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateMembersProfiles (20100510220318)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateKnobSetsProfiles (20100510220334)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateDeviceGroups (20100510222436)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateGeneralKnobSets (20100518204147)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreatePasscodeKnobSets (20100518204156)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateProvisioningProfiles (20100609232301)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateMcxKnobSets (20100615210803)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateSettings (20100617233207)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateEnetAddresses (20100708220118)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateCardDavKnobSets (20100723165735)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateIchatKnobSets (20100804174836)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateDirectoryKnobSets (20100909181713)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateInterfaceKnobSets (20101022202242)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateSecurityKnobSets (20101022202251)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateSessions (20110120211636)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateSoftwareUpdateKnobSets (20110129135100)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreatePrintingKnobSets (20110129183610)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateApplicationsKnobSets (20110129183821)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateMediaAccessKnobSets (20110129183919)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateMobilityKnobSets (20110129184019)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateLabSessions (20110131082411)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreatePrinters (20110131153902)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateSystemApplications (20110132160137)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateLoginWindowKnobSets (20110202142954)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateWidgets (20110224125749)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateLoginItemKnobSets (20110228082620)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateAutoJoinProfiles (20110299999999)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateMacRestrictionsKnobSets (20110329155119)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateEnergySaverKnobSets (20110402120909)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateParentalControlsKnobSets (20110404133805)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to SettingsAddServerHostname (20110407154640)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to ProfilesAddIsSystemLevel (20110407155130)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to DropApplicationsKnobSets (20110407155300)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to DropMediaAccessKnobSets (20110407155330)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to DevicesAddEthernetmac (20110421100355)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to SettingsAddCodeSignCertRef (20110426131700)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreateCfprefsKnobSets (20110426150013)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to SettingsUpdateCodeSignCertRef (20110428103150)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to InterfacesAddSecurity (20110502140408)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to CreatePrivacyKnobSets (20110506085644)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to SettingsAddIsOdCaRooted (20110512141100)
Aug 13 09:52:44 helios com.apple.devicemanager[16820]: Aug 13 09:52:44 myserver.mydomain.com ProfileManager[16831] <Info>: Migrating to LabSessionAddPendingOdUserGuid (20110520135430)
Aug 13 09:52:44 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:44 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:45 helios com.apple.devicemanager[16820]: (in /usr/share/devicemgr/backend)
Aug 13 09:52:46 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:46 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:48 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:48 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:50 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:50 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:52 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:52 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:54 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:54 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:56 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:56 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:52:58 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:52:58 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:53:00 helios servermgrd[90]: servermgr_devicemgr: response statusCode: 0
Aug 13 09:53:00 helios servermgrd[90]: servermgr_devicemgr: waiting for devicemgr to respond
Aug 13 09:53:02 helios servermgrd[90]: servermgr_devicemgr: Timed out trying to confirm devicemgr is responding.

Try this in Terminal.app:
cd /etc/apache2/sites
sudo -s # become admin--you will have to enter your password here
rm 0000_any_443_.conf
cp 0000_any_80_.conf.default 0000_any_80_.conf
cp virtual_host_global.conf.default virtual_host_global.conf
exit # go back to being a normal user
Then go back to Server.app and restart your services.

Solution: Server 3.2.1 "Invalid Profile" w/ Supervision-based Enrollment

After installing Server 3.2.1, I had been fighting an "Invalid Profile" error on Apple Configurator-supervised devices trying to auto-enroll with Profile Manager. Manual enrollment continued to work as expected. This morning, I found this gem in Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/php/mdm_enroll.php, right at the start of the handling logic in the 'try' block:
// Bail immediately if DEP is not enabled
$settings = GetSettings();
if (empty($settings['dep_service_state'])) DieUnauthorized('DEP is not enabled on this server'); // We'll allow it for any non-zero value
I'm no PHP guru, nor do I have an inordinate amount of free time to try to fully understand this script and its includes, but since this appears to abort further processing if the server isn't participating in the Device Enrollment Program, I commented it out and restarted profile manager. Low and behold, my supervised devices can auto-enroll again!
I compared this file to the same one in the previous version of Server I was running and it looks to be the only change. I'm sure it's a bug caused by unintentional misplacement or hurried consideration, but it's egregious. It sure feels like every single step Apple has taken regarding device management since the introduction of Activation Lock has been carefully designed to punish businesses for not re-purchasing all of their devices through the Device Enrollment Program.

Also another place to look for this issue is in the profile manager web interface. We have an Everyone group which every user is a part of. It seems as in a recent server update they added a tick box for allowing enrolment during the setup assistant when supervised through Apple Configurator or DEP. For us, the tick box for Apple Configurator was unticked which was giving us the exact same issue with "Invalid profile."
Worth looking at your groups and checking that tick box.

Profile cannot be loaded, profile manager cannot be accessed, firefox not working

This is somewhat similar to other listed profile manager problems but none of the answers worked for me. OS is Win 8-64 bit. Have 2 user accounts. Admin and Limited. In Admin, Firefox works, can access Profile Manager, there is this profile.ini etc. Everything ok.
But in the Limited account, can not access Firefox. When clicked, it says 'Your Firefox profile can not be loaded. It may be missing or inaccessible'. Cannot access Profile Manager "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -p. Gives the same error message (Firefox not running).
Tried copying files in the Admin in to Limited. But the error message is same.
Uninstalled and installed using the Limited Account (supplying Admin password), no result.
Please help me.
Thank you for your time.

Hello jcbala
see '''IF''' we can create a test profile in the location you want, type the command:
===== "C:\Users\Limited\AppData\Roaming\Mozilla\Firefox\firefox.exe" -CreateProfile test =====
check if the path is correct (in the specific location)
http://kb.mozillazine.org/Command_line_arguments
thank you

Profile Manager - Why create Enrollment Profiles?

Similar Messages

Maybe you are looking for