MDS-MicroMDM Enroll Device Profile Fails

Issue #583 new
Ray Fleischmann created an issue

Please see attached screen captures. When doing the “Enroll Device” process the download profile fails to during System Preferences Install.

Comments (7)

  1. Ray Fleischmann reporter

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>PayloadContent</key>
    <array>
    <dict>
    <key>PayloadContent</key>
    <dict>
    <key>Challenge</key>
    <string>micromdm</string>
    <key>Key Type</key>
    <string>RSA</string>
    <key>Key Usage</key>
    <integer>5</integer>
    <key>Keysize</key>
    <integer>2048</integer>
    <key>Name</key>
    <string>Device Management Identity Certificate</string>
    <key>Subject</key>
    <array>
    <array>
    <array>
    <string>O</string>
    <string>MicroMDM</string>
    </array>
    </array>
    <array>
    <array>
    <string>CN</string>
    <string>MicroMDM Identity (%ComputerName%)</string>
    </array>
    </array>
    </array>
    <key>URL</key>
    <string><https://www.mac-guy.net:8443/scep</string>>
    </dict>
    <key>PayloadDescription</key>
    <string>Configures SCEP</string>
    <key>PayloadDisplayName</key>
    <string>SCEP</string>
    <key>PayloadIdentifier</key>
    <string>com.github.micromdm.micromdm.enroll.scep</string>
    <key>PayloadOrganization</key>
    <string>MicroMDM</string>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>com.apple.security.scep</string>
    <key>PayloadUUID</key>
    <string>1ba0b865-d798-47e0-9797-fa636302f657</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    </dict>
    <dict>
    <key>AccessRights</key>
    <integer>8191</integer>
    <key>CheckInURL</key>
    <string><https://www.mac-guy.net:8443/mdm/checkin</string>>
    <key>CheckOutWhenRemoved</key>
    <true></true>
    <key>IdentityCertificateUUID</key>
    <string>1ba0b865-d798-47e0-9797-fa636302f657</string>
    <key>PayloadDescription</key>
    <string>Enrolls with the MDM server</string>
    <key>PayloadDisplayName</key>
    <string></string>
    <key>PayloadIdentifier</key>
    <string>com.github.micromdm.micromdm.enroll.mdm</string>
    <key>PayloadOrganization</key>
    <string>MicroMDM</string>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>com.apple.mdm</string>
    <key>PayloadUUID</key>
    <string>e709d30f-f389-469d-a582-1b37f9aa4a49</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>ServerCapabilities</key>
    <array>
    <string>com.apple.mdm.per-user-connections</string>
    </array>
    <key>ServerURL</key>
    <string><https://www.mac-guy.net:8443/mdm/connect</string>>
    <key>SignMessage</key>
    <true></true>
    <key>Topic</key>
    <string></string>
    </dict>
    <dict>
    <key>PayloadContent</key>
    <data>…..I deleted ………………</data>
    <key>PayloadDescription</key>
    <string>Installs the TLS certificate for MicroMDM</string>
    <key>PayloadDisplayName</key>
    <string>Self-signed TLS certificate for MicroMDM</string>
    <key>PayloadIdentifier</key>
    <string>com.github.micromdm.micromdm.enroll.cert.selfsigned</string>
    <key>PayloadOrganization</key>
    <string></string>
    <key>PayloadType</key>
    <string>com.apple.security.pem</string>
    <key>PayloadUUID</key>
    <string>3c06ea1e-99c2-458d-81ff-dade140a8663</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    </dict>
    </array>
    <key>PayloadDescription</key>
    <string>The server may alter your settings</string>
    <key>PayloadDisplayName</key>
    <string>Enrollment Profile</string>
    <key>PayloadIdentifier</key>
    <string>com.github.micromdm.micromdm.enroll</string>
    <key>PayloadOrganization</key>
    <string>MicroMDM</string>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>c3330565-faec-4e8d-8b2e-eeae20a06785</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    </dict>
    </plist>

  2. timothy perfitt

    this happens if there was no push certificate installed. I believe the Topic needs to be the push notifications it registers for so it can’t just be arbitrary text. Does sending MDM commands work?

  3. Ray Fleischmann reporter

    Tim I think that I have to DIS-Agree with you on this. I now have a valid push cert to www.mac-guy.net and the enroll device profile still failed with the “BAD TOPIC” error. I manually added a topic and it installed. Please see screen captures.

  4. Log in to comment