Jump to content


lord_hydrax

Mac Enrollment Issue

Recommended Posts

Hello,

Having some trouble enrolling my first Mac device with SCCM 2012 SP1.

I have installed the client and am trying to use the CMEnroll Tool with no success.

Command I am using is this:

CMEnroll -s fqdn.siteserver -ignorecertchainvalidation -u "domain\username"

and on the client I recieve the error:

Server connection failed. http response code is 500 and reason is internal server error.

On the server in the EnrollmentServer.log I recieve this error:

[6, PID:5748][02/01/2013 13:48:35] :WindowsIdentity is created for domain: domain user: username
[6, PID:5748][02/01/2013 13:48:35] :validated user credentials
[6, PID:5748][02/01/2013 13:48:35] :Handling RequestSecurityToken
[6, PID:5748][02/01/2013 13:48:35] :claim identity name: domain\username
[6, PID:5748][02/01/2013 13:48:35] :ConfigManager: RefreshCache: Creating Enrollment Profile 16777220
[6, PID:5748][02/01/2013 13:48:35] :EnrollmentServiceProfile: GetDBCAs retrieved Template information:
[6, PID:5748][02/01/2013 13:48:35] :Template: ConfigMgrMacClientCertificate
[6, PID:5748][02/01/2013 13:48:35] :CA: System.Collections.Generic.List`1[system.String]
[6, PID:5748][02/01/2013 13:48:35] :The CA server.domain is in forest cac.local
[6, PID:5748][02/01/2013 13:48:35] :Impersonating caller: domain\username
[6, PID:5748][02/01/2013 13:48:35] :Revert back to self: NT AUTHORITY\NETWORK SERVICE
[6, PID:5748][02/01/2013 13:48:35] :ConfigManager: Sending CA Success Status - ENROLLSRVMSG_CA_SUCCESS
[6, PID:5748][02/01/2013 13:48:50] :ConfigManager: CA Chains count: 2
[6, PID:5748][02/01/2013 13:48:50] :ConfigManager: ChainStatus error: RevocationStatusUnknown,Unknown error.;
[6,
PID:5748][02/01/2013 13:48:50] :ConfigManager: ChainStatus error:
RevocationStatusUnknown,Unknown error.;OfflineRevocation,Unknown error.;

[6,
PID:5748][02/01/2013 13:48:50]
:Microsoft.ConfigurationManagement.Enrollment.EnrollmentServerException:
RevocationStatusUnknown,Unknown error.;OfflineRevocation,Unknown
error.;

at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.SplitCACertChain(String base64cert)

at
Microsoft.ConfigurationManagement.Enrollment.ConfigManager.setCAChain(EnrollmentServiceProfile
profile, WindowsIdentity requester)

at
Microsoft.ConfigurationManagement.Enrollment.ConfigManager.RefreshCache(Int32
enrollmentProfileId, EnrollmentRecordType type, String template,
WindowsIdentity requester)

at
Microsoft.ConfigurationManagement.Enrollment.RequestHandler.ProcessRequestSecurityToken(RequestSecurityTokenType
request, WindowsIdentity caller, ActionEnum action)

at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.EnrollDevice(Message messageRequest)
at Microsoft.ConfigurationManagement.Enrollment.DeviceEnrollmentService.RequestSecurityToken(Message messageRequest)
[6, PID:5748][02/01/2013 13:48:50] :FaultCode is: EnrollmentServer and reason is: EnrollmentServerException InitializeFailed

Any ideas?

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Oh I could've been clearer there, I mean step five of the section Mac Client Installation and Enrollment.

 

5. Next, navigate to the Tools folder in Terminal where the CMEnroll utility is, and enter the following: “sudo ./CMEnroll -s fqdn.siteserver -ignorecertchainvalidation -u ‘DOMAIN\Username’” where DOMAIN\Username is an account which is authorised to enrol the Mac certificate;

 

So I run that and get the errors I posted to begin with.

 

In answer to your other question, yes I include an account in the command, which is apart of a security group which has enrol permissions on the certificate template.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.