Ios – Unable to Install iOS MDM Configuration Profile

configurationiosmdm

I am attempting to install a configuration profile on a device via IPCU and I keep getting the following error, which I recover via the IPCU console.

Nov  1 17:55:04 iPad mc_mobile_tunnel[1156] <Notice>: (Note ) MC: mc_mobile_tunnel starting.
Nov  1 17:55:04 iPad profiled[1157] <Notice>: (Note ) profiled: Service starting...
Nov  1 17:55:04 iPad profiled[1157] <Notice>: (Note ) MC: Removing profile 2a18cf02251b4682bf56c502d35060441e5bb4dca...
Nov  1 17:55:05 iPad profiled[1157] <Notice>: (Note ) MC: Profile 2a18cf02251b4682bf56c502d35060441e5bb4dca removed.
Nov  1 17:55:05 iPad profiled[1157] <Notice>: (Note ) MC: Removing certificate with persistent ID 636572740000000000000012
Nov  1 17:55:05 iPad mc_mobile_tunnel[1156] <Notice>: (Note ) MC: mc_mobile_tunnel shutting down.
Nov  1 17:55:05 iPad mc_mobile_tunnel[1158] <Notice>: (Note ) MC: mc_mobile_tunnel starting.
Nov  1 17:55:05 iPad mc_mobile_tunnel[1158] <Notice>: (Note ) MC: mc_mobile_tunnel shutting down.
Nov  1 17:55:05 iPad mc_mobile_tunnel[1159] <Notice>: (Note) MC: mc_mobile_tunnel starting.
Nov  1 17:55:05 iPad mc_mobile_tunnel[1159] <Notice>: (Note ) MC: mc_mobile_tunnel shutting down.
Nov  1 17:55:09 iPad mc_mobile_tunnel[1160] <Notice>: (Note ) MC: mc_mobile_tunnel starting.
Nov  1 17:55:09 iPad profiled[1157] <Notice>: (Note ) MC: Profile com.abc.lk queued for installation.
Nov  1 17:55:09 iPad mc_mobile_tunnel[1160] <Notice>: (Note ) MC: mc_mobile_tunnel shutting down.
Nov  1 17:55:18 iPad mc_mobile_tunnel[1163] <Notice>: (Note ) MC: mc_mobile_tunnel starting.
Nov  1 17:55:18 iPad profiled[1157] <Notice>: (Note ) MC: Profile com.abc.lk queued for installation.
Nov  1 17:55:18 iPad mc_mobile_tunnel[1163] <Notice>: (Note ) MC: mc_mobile_tunnel shutting down.
Nov  1 17:55:20 iPad profiled[1157] <Notice>: (Note ) MC: Checking for MDM installation...
Nov  1 17:55:20 iPad profiled[1157] <Notice>: (Note ) MC: ...finished checking for MDM installation.
Nov  1 17:55:20 iPad profiled[1157] <Notice>: (Note ) MC: Beginning profile installation...
Nov  1 17:55:32 iPad profiled[1157] <Notice>: (Error) MC: Connection to https://hostaddress.abc.lk/MDMServer/checkin failed with error: NSError:
Desc   : The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
US Desc: The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
Domain : MCHTTPTransactionErrorDomain
Code   : 23002
Type   : MCFatalError
Params : (
    "https://hostaddress.abc.lk/MDMServer/checkin"
)
Nov  1 17:55:32 iPad profiled[1157] <Notice>: (Error) MDM: Cannot Authenticate. Error: NSError:
Desc   : The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
US Desc: The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
Domain : MCHTTPTransactionErrorDomain
Code   : 23002
Type   : MCFatalError
Params : (
    "https://hostaddress.abc.lk/MDMServer/checkin"
)
Nov  1 17:55:32 iPad profiled[1157] <Notice>: (Error) MC: Cannot install MDM com.abc.lk.mdm2. Error: NSError:
Desc   : The payload com.abc.lk.mdm2 could not be installed.
Sugg   : The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
US Desc: The payload com.abc.lk.mdm2 could not be installed.
US Sugg: The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
Domain : MCInstallationErrorDomain
Code   : 4001
Type   : MCFatalError
Params : (
    "com.abc.lk.mdm2"
)
...Underlying error:
NSError:
Desc   : The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
US Desc: The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
Domain : MCHTTPTransactionErrorDomain
Code   : 23002
Type   : MCFatalError
Params : (
    "https://hostaddress.abc.lk/MDMServer/checkin"
)
Nov  1 17:55:32 iPad profiled[1157] <Notice>: (Error) MC: Rolling back installation of profile com.abc.lk...
Nov  1 17:55:32 iPad profiled[1157] <Notice>: (Error) MC: Installation of profile com.abc.lk failed with error: NSError:
Desc   : The profile Profile Name 6 could not be installed.
Sugg   : The payload com.abc.lk.mdm2 could not be installed.
US Desc: The profile Profile Name 6 could not be installed.
US Sugg: The payload com.abc.lk.mdm2 could not be installed.
Domain : MCProfileErrorDomain
Code   : 1009
Type   : MCFatalError
Params : (
    "Profile Name 6"
)
...Underlying error:
NSError:
Desc   : The payload com.abc.lk.mdm2 could not be installed.
Sugg   : The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
US Desc: The payload com.abc.lk.mdm2 could not be installed.
US Sugg: The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
Domain : MCInstallationErrorDomain
Code   : 4001
Type   : MCFatalError
Params : (
    "com.abc.lk.mdm2"
)
...Underlying error:
NSError:
Desc   : The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
US Desc: The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
Domain : MCHTTPTransactionErrorDomain
Code   : 23002
Type   : MCFatalError
Params : (
    "https://hostaddress.abc.lk/MDMServer/checkin"
)
Nov  1 17:55:32 iPad profiled[1157] <Notice>: (Error) MC: Profile com.abc.lk failed to install with error: NSError:
Desc   : Profile Failed to Install
Sugg   : The profile Profile Name 6 could not be installed.
US Desc: Profile Failed to Install
US Sugg: The profile Profile Name 6 could not be installed.
Domain : MCInstallationErrorDomain
Code   : 4001
Type   : MCFatalError
...Underlying error:
NSError:
Desc   : The profile Profile Name 6 could not be installed.
Sugg   : The payload com.abc.lk.mdm2 could not be installed.
US Desc: The profile Profile Name 6 could not be installed.
US Sugg: The payload com.abc.lk.mdm2 could not be installed.
Domain : MCProfileErrorDomain
Code   : 1009
Type   : MCFatalError
Params : (
    "Profile Name 6"
)
...Underlying error:
NSError:
Desc   : The payload com.abc.lk.mdm2 could not be installed.
Sugg   : The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
US Desc: The payload com.abc.lk.mdm2 could not be installed.
US Sugg: The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
Domain : MCInstallationErrorDomain
Code   : 4001
Type   : MCFatalError
Params : (
    "com.abc.lk.mdm2"
)
...Underlying error:
NSError:
Desc   : The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
US Desc: The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
Domain : MCHTTPTransactionErrorDomain
Code   : 23002
Type   : MCFatalError
Params : (
    "https://hostaddress.abc.lk/MDMServer/checkin"
)

The important part I identify as important in the above error message is…

Desc   : The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.
    US Desc: The server certificate for https://hostaddress.abc.lk/MDMServer/checkin is invalid.

The confusion here is that I know I am using a valid server certificate issued by the CA, whose root certificate is installed on the device. What could I be doing wrong ?

Best Answer

By seeing your error, I guess there is some field you are missing in the payload. Try installing the profile without using your certificate.

And one more thing, you should use the certificate which is trusted. Are you using the server certificate which you got from any trusted entity ?

Related Topic