When I try to push a profile out to an iOS device, I keep getting this error
Anyone have any idea how to troubleshoot this down further? It also doesn't appear to be obeying the login and password you give it under SCEP setup.
iOS MDM commands
| Name | State | Error description | Insert date |
|---|---|---|---|
| InstallProfile | Error | [4001][MCInstallationErrorDomain]Profile Installation Failed [4001][MCInstallationErrorDomain]Profile Failed to Install [1009][MCProfileErrorDomain]The profile “SCEP Test (1)” could not be installed. [22013][MCSCEPErrorDomain]The SCEP server returned an invalid response. |
I looked through the IIS logs and found this. Anyone got any idea?
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2017-08-16 22:02:52 10.10.24.10 GET /CertSrv/MSCEP_ADMIN - 443 - 10.10.24.20 Apache-HttpClient/4.5.2+(Java/1.8.0_112) - 401 2 5 174
2017-08-16 22:02:52 10.10.24.10 GET /CertSrv/MSCEP_ADMIN - 443 SPECTRA\Administrator 10.10.24.20 Apache-HttpClient/4.5.2+(Java/1.8.0_112) - 301 0 0 191
2017-08-16 22:02:52 10.10.24.10 GET /CertSrv/MSCEP_ADMIN/ - 443 SPECTRA\Administrator 10.10.24.20 Apache-HttpClient/4.5.2+(Java/1.8.0_112) - 200 0 0 214
2017-08-16 22:02:55 10.10.24.10 GET /CertSrv/MSCEP/ operation=GetCACert&message=corp-EMU-CA 443 - 10.10.24.20 Java/1.8.0_112 - 200 0 0 78
2017-08-16 22:02:55 10.10.24.10 GET /CertSrv/MSCEP/ operation=GetCACaps&message=corp-EMU-CA 443 - 10.10.24.20 Java/1.8.0_112 - 200 0 0 22
2017-08-16 22:02:55 10.10.24.10 GET /CertSrv/MSCEP/ operation=PKIOperation&message=MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwGggCSABIIEejCABgkqhkiG9w0BBwOggDCAAgEAMYIBnTCCAZkCAQAwgYAwaTETMBEGCgmSJomT8ixkARkWA2NvbTEmMCQGCgmSJomT8ixkARkWFnNwZWN0cmF0ZWNobm9sb2dpZXNsbGMxFDASBgoJkiaJk%2FIsZAEZFgRjb3JwMRQwEgYDVQQDEwtjb3JwLUVNVS1DQQITeAAAAATywG94uEPinwAAAAAABDANBgkqhkiG9w0BAQEFAASCAQAqgyPFIizCp64%2FexSGgDXmwHfA0p8VIhNsP0idB8L0iluV6xCw5Tyi25A6BUMIddR%2F%2FYJRx8gUM4kBHr5HKiNMHxONY%2FpLM%2FLucIlx5u35DJOtvzHkAjyqtBXBZInrY%2FRQVGyLIrUk%2BeHo0m9X1CvXwEDtx%2FyrI0glEZMqd%2F2j2dCqXb6NYZfKAstaNFvi%2BVLGZNN9o9SUO5FhhH%2Fj91MO%2BLPh0UHweTVp3T5D0keX3WfLeuCh%2B0EPupAjA02ZULkliFBoMb8xPh8FLOhrcKFyMKu9s0C5T4VsmY7EeyvYXc1UA8rSLmDPxxPG5eAExvM6il%2Fl3dXn1fqFkJpn59%2BEMIAGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIp7zKm18gjrGggASCAoiWUunf%2Bs2cbWozBqCaS9pvzq3AZmyDA7655UbDwIpj4vw61v5gI5e4uogXRG8kVToEUO3yzqo3vEWmK57vrLDqzHPOO%2FiwpLHeUdY4ABd0QhLg0Rcm2prot1dX2Zn1fbhAj9250YduDSwB0iyOoh0CCj5EqpyMw84gax30QG%2BoEn8JJ7b8V9UHroUifCOe5puMRrLe8xwru9pK4jIrWYBUyWFvfJFZCREB476KZb0hRIvBqAvL7Tj0nBxFx0xtsus7m1BF8pazC0MyzbpIU%2B3ikMm11JpMK7QvCNf22wAxB1X7%2BPfkWsqwdMTp1tvSC8bJViw9IHQoqz8wxdQHOLbFxjDl7pgbNa7ETCNYtiBGjQMP14i52kEowMx26lM5mHPAOZCivhgb8Cec1LgpOkjtxMvx9UujGjM6FxAP64up8Vu3SncteDZwpx2LJpbFqgfGNqlcQs2pjBiNG%2FIhrA%2FQgIJF4gHI6v9YBQRicf%2FL66qOtsu0dCw4Ur8CPZ5K5rGI4CTMU35guhXd%2FghaBczXhxmqVpQnco4uQhu4N9lkNHS0fOtX1N8Yx5YW9LgfTQCy8uhMsXXOkSqq4sX4ouso76wDtWAHFlln21ZNUzLiNyV%2BL8P05zLcgpsYh63p2n9BymzEv2v0bN1lZTlfW2Dk%2F6IVAuYEyFJc%2F5SaGgzgBBWaCKB%2B8uB%2FkpMAlYxIvXF9kjzpCKd%2FLzQ%2B%2Bh33w8KsWNlpdZ7n8dSbYlJeQI9XRbZ8gQ6IPmpbiDgkw4LJzx9i7gkU%2FY8fYj746ujKrEcFhNA0o%2Bpkke6MBFYGTXY7JF3vTebSZXvXzfBXrXsvmyrBIjNz6v%2FjSyU9DLDjlWOpqddy%2B9%2Fev1cECITcH1axxqjZAAAAAAAAAAAAAAAAAAAAAKCCAu8wggLrMIIB06ADAgECAgEBMA0GCSqGSIb3DQEBBQUAMC8xLTArBgNVBAMTJEI1NzA1N0NELTRDOEQtNDBCRS04QzQ0LTE2RUQ0RjkyMkQzNjAeFw0xNzA4MTYyMjAyNTZaFw0xODA4MTYyMjAyNTZaMC8xLTArBgNVBAMTJEI1NzA1N0NELTRDOEQtNDBCRS04QzQ0LTE2RUQ0RjkyMkQzNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL%2B%2B3hzi9VhUNx9WmithQaSSdIOQYkv43l%2Fz53ouoEhIY9hBJmWZYLs2GPWb3AWIbzZz2OiGTmclmugMG%2Bh43n9U1GoAIDgOkD2dThJDgeBFLcPQqOdByJURqlyOY%2FoSain%2Fr8t9VYyzKcSgJG0onbZZhZXepVanCOtm6kg87JS5erfbIP2UyFhrbqruYZiWkZTOmbI4k9ZKBLO7QJeHn1eQj8nkpxRAZDWD5LsDY%2BChKDPcmcjfpopKBe%2FAf9c8Jd%2F45ziDQzNGU448NcsmAcDg3JavQvHTaRM7j2a2eNdjrJG95ZjKjUJ63Mt6DCV5Nz5fPOWiKfAp2m3zNFD31i0CAwEAAaMSMBAwDgYDVR0PAQH%2FBAQDAgWgMA0GCSqGSIb3DQEBBQUAA4IBAQBu75TO12Mv6qCtglEj76LWhTXUnxPa1CaPYE19CpJFjtZoQRZOHKyvS772YNFSvxufaPCtbsCaNa5uL2G8w2xtJMJk%2Faf%2BvazB2Cbf%2BSmq00eobMkvizKQYZuH%2FXjkRNDWc6pjjFhiIRDAbQ1z%2BW2IN9zYDP9ybSbf3mHsJNQS5gjx6g%2FNL%2Fk1a%2F2lXxUb3w%2FUWewWVKcuAiXb4%2BanwzyAmm7wZUbGYifRNX0W39An4GXErSOd6h4MAQstT2seSYERLn4vgzVA8rjoxYuLyhERxN8Eos8wdK70MgxbISBD3c%2FtbthKr3yMwqa7Y1lvzMqIq4EjEAOwic%2FdZh1H2gn9MYICWzCCAlcCAQEwNDAvMS0wKwYDVQQDEyRCNTcwNTdDRC00QzhELTQwQkUtOEM0NC0xNkVENEY5MjJEMzYCAQEwDQYJYIZIAWUDBAIDBQCggfkwEgYKYIZIAYb4RQEJAjEEEwIxOTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzA4MTYyMjAyNTZaMCAGCmCGSAGG%2BEUBCQUxEgQQ65IgLsrWQOTv5rnFnNqL1TA4BgpghkgBhvhFAQkHMSoTKDQ5RUMwMDFGQTZCMzJDRjdFMkUyQ0Y5QjJDQjQ4Qjc3MDlERUU5RTAwTwYJKoZIhvcNAQkEMUIEQHgULUr9BGX%2FRVaRSjXWZZA7rlz0RaVx%2FONrTgC2iZi9bc10kbhuAkPPp0a0wdvn67CZZeRBbBeNqzPQg0fRsi0wDQYJKoZIhvcNAQEBBQAEggEAAMdvIAMpJJNI1WYzwViwkYT5VNftyD%2FXOf8DyMF%2BkUyE0szYh2wZEAX%2Bu1b26dI2hiisFZFe3r3auw41Y1UlIbymNLKdO4shVHjRWK5WPUpBiZrOQvMque70nYuAPNYnVD5rlUQayAymQHQSQ4CrFzkmm%2F0RCAYcEdU%2B8UXuK2Dc8hNz5fhOPOx8V4kA%2BXfxbGfFqYOg%2FoiK1OAyCBctvo9ERspM0ANKzmBQYQ%2Bz8VVofYs5PKYi5cWXOyTXaPcrHtJieHHbr7RmDf%2FUEgTStIAUtYEJ%2BXj22cQ04iUSN%2Fru6oD7T%2F5sS1cCyKwqJUi%2FYk9rm9LDTAji2uJKVMLZQgAAAAAAAA%3D%3D 443 - 10.10.24.20 Java/1.8.0_112 - 400 0 0 15
I fixed that issue. It has to due with two changes I made I think.
1. I moved the NDES to its own VM and removed it from the CA & AD controller.
2. I read an article PeterRist from this forum gave me and made changes to URL lengths and a few other things.
After making these changes i'm able to send the SCEP profile down to the iPhone. I think Sophos should probably add these steps for IIS changes to their article on setting up SCEP.
Article
Hi Charles,
Thank you for sharing the solution with us. Is there anything that you may want me to assist you with?
Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Hi Charles,
Thank you for sharing the solution with us. Is there anything that you may want me to assist you with?
Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
