Hi all,
I know there are a few users here who are using SCEP services via Sophos Mobile so I'm hoping there are some known tips and tricks I can learn as we are having a problem at the moment.
We previously had SCEP configured to use our old certificate environment. We now have a new certificate environment that is in theory replicated from the old one.
Since this update, we are unable to successfully deploy a SCEP certificate profile to any of our iOS devices.
We have tested two methods of deploying:
1) Profile configured to use %_SCEPPROXYURL_% and %_CACHALLENGE_%
2) Profile configured with full URLS: https://FGSN/CertSrv/MSCEP and FQSN/.../MSCEP_Admin
Using method 1, we get an instant error on the task stating "No SCEP challenge password available because the password cache of your SCEP server is full. Wait for up to 60 minutes or enlarge the password cache.". We have restarted IIS on the server, added the reg entry to increase the cache amount and also waited well over 60 minutes. Always get the same error.
Using method 2, we get an instant error on the task stating "[4001][MCInstallationErrorDomain]Profile Installation Failed [4001][MCInstallationErrorDomain]Profile Failed to Install [1009][MCProfileErrorDomain]The profile “SCEP Profile” could not be installed. [22013][MCSCEPErrorDomain]The SCEP server returned an invalid response."
We are currently at a bit of a loss, and do have an open ticket with Sophos, but has anyone encountered similar issues?
We have deployed the root CA certificate to the iPad and can access the MSCEP URLs on the device fine.
Any advice greatly appreciated!
This thread was automatically locked due to age.
