MDS-MicroMDM Enroll Device Profile Fails

Ray Fleischmann reporter

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>Challenge</key>
<string>micromdm</string>
<key>Key Type</key>
<string>RSA</string>
<key>Key Usage</key>
<integer>5</integer>
<key>Keysize</key>
<integer>2048</integer>
<key>Name</key>
<string>Device Management Identity Certificate</string>
<key>Subject</key>
<array>
<array>
<array>
<string>O</string>
<string>MicroMDM</string>
</array>
</array>
<array>
<array>
<string>CN</string>
<string>MicroMDM Identity (%ComputerName%)</string>
</array>
</array>
</array>
<key>URL</key>
<string><https://www.mac-guy.net:8443/scep</string>>
</dict>
<key>PayloadDescription</key>
<string>Configures SCEP</string>
<key>PayloadDisplayName</key>
<string>SCEP</string>
<key>PayloadIdentifier</key>
<string>com.github.micromdm.micromdm.enroll.scep</string>
<key>PayloadOrganization</key>
<string>MicroMDM</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>com.apple.security.scep</string>
<key>PayloadUUID</key>
<string>1ba0b865-d798-47e0-9797-fa636302f657</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>AccessRights</key>
<integer>8191</integer>
<key>CheckInURL</key>
<string><https://www.mac-guy.net:8443/mdm/checkin</string>>
<key>CheckOutWhenRemoved</key>
<true></true>
<key>IdentityCertificateUUID</key>
<string>1ba0b865-d798-47e0-9797-fa636302f657</string>
<key>PayloadDescription</key>
<string>Enrolls with the MDM server</string>
<key>PayloadDisplayName</key>
<string></string>
<key>PayloadIdentifier</key>
<string>com.github.micromdm.micromdm.enroll.mdm</string>
<key>PayloadOrganization</key>
<string>MicroMDM</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>com.apple.mdm</string>
<key>PayloadUUID</key>
<string>e709d30f-f389-469d-a582-1b37f9aa4a49</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>ServerCapabilities</key>
<array>
<string>com.apple.mdm.per-user-connections</string>
</array>
<key>ServerURL</key>
<string><https://www.mac-guy.net:8443/mdm/connect </string>>
<key>SignMessage</key>
<true></true>
<key>Topic</key>
<string></string>
</dict>
<dict>
<key>PayloadContent</key>
<data>…..I deleted ………………</data>
<key>PayloadDescription</key>
<string>Installs the TLS certificate for MicroMDM</string>
<key>PayloadDisplayName</key>
<string>Self-signed TLS certificate for MicroMDM</string>
<key>PayloadIdentifier</key>
<string>com.github.micromdm.micromdm.enroll.cert.selfsigned</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.security.pem</string>
<key>PayloadUUID</key>
<string>3c06ea1e-99c2-458d-81ff-dade140a8663</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>The server may alter your settings</string>
<key>PayloadDisplayName</key>
<string>Enrollment Profile</string>
<key>PayloadIdentifier</key>
<string>com.github.micromdm.micromdm.enroll</string>
<key>PayloadOrganization</key>
<string>MicroMDM</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>c3330565-faec-4e8d-8b2e-eeae20a06785</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

2020-09-03T17:58:45+00:00

Comments (7)

Ray Fleischmann reporter
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>Challenge</key>
<string>micromdm</string>
<key>Key Type</key>
<string>RSA</string>
<key>Key Usage</key>
<integer>5</integer>
<key>Keysize</key>
<integer>2048</integer>
<key>Name</key>
<string>Device Management Identity Certificate</string>
<key>Subject</key>
<array>
<array>
<array>
<string>O</string>
<string>MicroMDM</string>
</array>
</array>
<array>
<array>
<string>CN</string>
<string>MicroMDM Identity (%ComputerName%)</string>
</array>
</array>
</array>
<key>URL</key>
<string><https://www.mac-guy.net:8443/scep</string>>
</dict>
<key>PayloadDescription</key>
<string>Configures SCEP</string>
<key>PayloadDisplayName</key>
<string>SCEP</string>
<key>PayloadIdentifier</key>
<string>com.github.micromdm.micromdm.enroll.scep</string>
<key>PayloadOrganization</key>
<string>MicroMDM</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>com.apple.security.scep</string>
<key>PayloadUUID</key>
<string>1ba0b865-d798-47e0-9797-fa636302f657</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>AccessRights</key>
<integer>8191</integer>
<key>CheckInURL</key>
<string><https://www.mac-guy.net:8443/mdm/checkin</string>>
<key>CheckOutWhenRemoved</key>
<true></true>
<key>IdentityCertificateUUID</key>
<string>1ba0b865-d798-47e0-9797-fa636302f657</string>
<key>PayloadDescription</key>
<string>Enrolls with the MDM server</string>
<key>PayloadDisplayName</key>
<string></string>
<key>PayloadIdentifier</key>
<string>com.github.micromdm.micromdm.enroll.mdm</string>
<key>PayloadOrganization</key>
<string>MicroMDM</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>com.apple.mdm</string>
<key>PayloadUUID</key>
<string>e709d30f-f389-469d-a582-1b37f9aa4a49</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>ServerCapabilities</key>
<array>
<string>com.apple.mdm.per-user-connections</string>
</array>
<key>ServerURL</key>
<string><https://www.mac-guy.net:8443/mdm/connect </string>>
<key>SignMessage</key>
<true></true>
<key>Topic</key>
<string></string>
</dict>
<dict>
<key>PayloadContent</key>
<data>…..I deleted ………………</data>
<key>PayloadDescription</key>
<string>Installs the TLS certificate for MicroMDM</string>
<key>PayloadDisplayName</key>
<string>Self-signed TLS certificate for MicroMDM</string>
<key>PayloadIdentifier</key>
<string>com.github.micromdm.micromdm.enroll.cert.selfsigned</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.security.pem</string>
<key>PayloadUUID</key>
<string>3c06ea1e-99c2-458d-81ff-dade140a8663</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>The server may alter your settings</string>
<key>PayloadDisplayName</key>
<string>Enrollment Profile</string>
<key>PayloadIdentifier</key>
<string>com.github.micromdm.micromdm.enroll</string>
<key>PayloadOrganization</key>
<string>MicroMDM</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>c3330565-faec-4e8d-8b2e-eeae20a06785</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
- 2020-09-03T17:58:45+00:00
Ray Fleischmann reporter
- attached Screen_Shot_2020-09-03_at_2.08.08_PM.png
When I manually added text ….. <key>Topic</key>
<string>Ray MDS-MDM Test Profile</string>
</dict> It installed. So PLEASE add some text there.
- 2020-09-03T18:08:49+00:00
timothy perfitt
this happens if there was no push certificate installed. I believe the Topic needs to be the push notifications it registers for so it can’t just be arbitrary text. Does sending MDM commands work?

‌
- 2020-09-03T19:11:36+00:00
Ray Fleischmann reporter
Tim I think that I have to DIS-Agree with you on this. I now have a valid push cert to www.mac-guy.net and the enroll device profile still failed with the “BAD TOPIC” error. I manually added a topic and it installed. Please see screen captures.
- 2020-09-04T13:14:49+00:00
Ray Fleischmann reporter
- attached Screen_Shot_2020-09-04_at_9.10.53_AM.png
- attached Screen_Shot_2020-09-04_at_9.12.06_AM.png
Here they are
- 2020-09-04T13:20:16+00:00
timothy perfitt
- changed milestone to future
- 2020-09-06T01:05:50+00:00
timothy perfitt
can’t replicate.
- 2020-09-06T01:06:00+00:00
Log in to comment