Jump to content


tbox31

Mac Enrollment Issue

Recommended Posts

Hello,

I'm having an issues trying to enroll a Mac for a certificate. I've already installed the Enrollment Point and Proxy Point, modified the default client settings to create a Mac profile, and configured the MP, DP to use https with internet clients. I also have created the required templates.

 

When we run sudo ./CMEnroll -s fqdn.siteserver -ignorecertchainvalidation -u ‘DOMAIN\Username, the Mac reports:

Server connection failed. HTTP Response code is 500 and reason is Internal Server Error

 

The EnrollmentService.log reports the following:

[7, PID:5328][04/22/2013 08:42:27] :WindowsIdentity is created for domain: domain user: username
[7, PID:5328][04/22/2013 08:42:27] :validated user credentials
[7, PID:5328][04/22/2013 08:42:27] :Handling RequestSecurityToken
[7, PID:5328][04/22/2013 08:42:27] :claim identity name: domain\username
[7, PID:5328][04/22/2013 08:42:27] :ConfigManager: RefreshCache: Creating Enrollment Profile 16777219
[7, PID:5328][04/22/2013 08:42:27] :EnrollmentServiceProfile: GetDBCAs retrieved Template information:
[7, PID:5328][04/22/2013 08:42:27] :Template: ConfigMgrMacClientCertificate
[7, PID:5328][04/22/2013 08:42:27] :CA: System.Collections.Generic.List`1[system.String]
[7, PID:5328][04/22/2013 08:42:53] :Failed to find which forest the CA CA.server.domain.com is in. DMP assignment will skip consider forest data
[7, PID:5328][04/22/2013 08:42:53] :Impersonating caller: domain\username
[7, PID:5328][04/22/2013 08:42:53] :Revert back to self: NT AUTHORITY\NETWORK SERVICE
[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Sending CA Success Status - ENROLLSRVMSG_CA_SUCCESS
[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: CA Chains count: 1
[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Subject name: CN=CA, DC=domain, DC=com
[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Issuer Name: CN=CA, DC=domain, DC=com
[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: CA Chains 1 thumprint: <thumbprint>
[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Got root CA hash: <hash>
[7, PID:5328][04/22/2013 08:42:53] :Impersonating caller: domain\username
[7, PID:5328][04/22/2013 08:42:53] :Revert back to self: NT AUTHORITY\NETWORK SERVICE
[7, PID:5328][04/22/2013 08:42:53] :FaultCode is: MessageFormat and reason is: ArgumentException: Value cannot be null.
Parameter name: name

 

Any thoughts?

Share this post


Link to post
Share on other sites

I am having issues as well in my production envrionment.

When we run sudo ./CMEnroll -s fqdn.siteserver -ignorecertchainvalidation -u ‘DOMAIN\Username, the Mac reports:

Server connection failed. HTTP Response code is 500 and reason is Internal Server Error

Please help management is down my back and our consultant gave up on it....fail

 

I am also including the log from the MAC the CCMClient.log

 

I cant get the damn macs to enroll, here is my EnrollmentService.log:

 

[7, PID:9300][04/23/2013 10:49:06] :WindowsIdentity is created for domain: pbcc.edu user: munroep-2
[7, PID:9300][04/23/2013 10:49:06] :validated user credentials
[7, PID:9300][04/23/2013 10:49:06] :Handling RequestSecurityToken
[7, PID:9300][04/23/2013 10:49:06] :claim identity name: PBCC_ADMIN1\munroep-2
[7, PID:9300][04/23/2013 10:49:06] :ConfigManager: RefreshCache: Creating Enrollment Profile 16777218
[7, PID:9300][04/23/2013 10:49:06] :EnrollmentServiceProfile: GetDBCAs retrieved Template information:
[7, PID:9300][04/23/2013 10:49:06] :Template: ConfigMgrMacClientCertificate
[7, PID:9300][04/23/2013 10:49:06] :CA: System.Collections.Generic.List`1[system.String]
[7, PID:9300][04/23/2013 10:49:27] :Failed to find which forest the CA SUBCA1.pbcc.edu is in. DMP assignment will skip consider forest data
[7, PID:9300][04/23/2013 10:49:27] :Impersonating caller: PBCC_ADMIN1\munroep-2
[7, PID:9300][04/23/2013 10:49:27] :Revert back to self: NT AUTHORITY\NETWORK SERVICE
[7, PID:9300][04/23/2013 10:49:27] :ConfigManager: Sending CA Success Status - ENROLLSRVMSG_CA_SUCCESS
[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: CA Chains count: 2
[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Subject name: CN=pbcc-SUBCA1-CA, DC=pbcc, DC=edu
[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Issuer Name: CN=pbcc-ROOTCA1-CA, DC=pbcc, DC=edu
[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: CA Chains 2 thumprint: D7E9B1CDCE8B2429F9D09A7563D88C4478C3E933
[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Subject name: CN=pbcc-ROOTCA1-CA, DC=pbcc, DC=edu
[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Issuer Name: CN=pbcc-ROOTCA1-CA, DC=pbcc, DC=edu
[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: CA Chains 1 thumprint: 5C44A6725714F486F8ED4007924E9CB4785A3114
[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Got root CA hash: 5C44A6725714F486F8ED4007924E9CB4785A3114
[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Got CA chain hash: D7E9B1CDCE8B2429F9D09A7563D88C4478C3E933
[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: CAStoreXML:
<characteristic type="CA">
<characteristic type="System">

<characteristic type="D7E9B1CDCE8B2429F9D09A7563D88C4478C3E933">
<parm name="EncodedCertificate" value="MIIF5DCCBMygAwIBAgIKYSG6KgACAAAAHTANBgkqhkiG9w0BAQUFADBFMRMwEQYKCZImiZPyLGQBGRYDZWR1MRQwEgYKCZImiZPyLGQBGRYEcGJjYzEYMBYGA1UEAxMPcGJjYy1ST09UQ0ExLUNBMB4XDTEzMDMxNDE1MzgyMloXDTE3MDMxNDE1NDgyMlowRDETMBEGCgmSJomT8ixkARkWA2VkdTEUMBIGCgmSJomT8ixkARkWBHBiY2MxFzAVBgNVBAMTDnBiY2MtU1VCQ0ExLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pdtSRoF9gl2W4FI99IkDL/r4iMgn2xdcRnPLZPcVQIArFzcHpP6BmVzCH+hxoBpjBaGx+YyadUFL/tsPeI295iLDeTsTuor46DoAYbtXk3E8zJGlRwibcOo5A5eC/iQBnTb3t2Q7hASgGlvPAQN8vp7WuZIse5Lol2q4Cbg1GVmlU7ugJc7O7uzY9RVd5/OsIycVrojZxim9M6ajqj//4bhCyWxN8ihvXcyMyOVKbp3V3CN1GnBXygVKhd0tr11wP9yWvr1xHJWwQafmXf2POmiH8akggqESZPuhMkwfL+vrkP6n9djqEr/QFqhJ6At1z4sV/1KVKi2e4g777BzeQIDAQABo4IC1TCCAtEwEgYJKwYBBAGCNxUBBAUCAwIAAjAjBgkrBgEEAYI3FQIEFgQUN99ovbYOYKfVCb9N2iRHT7xIegEwHQYDVR0OBBYEFDdSWeI4OoePmd3fXHUmVFcaiqbRMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFK9fFvC8gPR/PAgv/ggQ6xKThP4FMIIBCQYDVR0fBIIBADCB/TCB+qCB96CB9IY4aHR0cDovL3d3dy5wYWxtYmVhY2hzdGF0ZS5lZHUvQ1JML3BiY2MtUk9PVENBMS1DQSgyKS5jcmyGgbdsZGFwOi8vL0NOPXBiY2MtUk9PVENBMS1DQSgyKSxDTj1ST09UQ0ExLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPVBCQ0MsREM9RURVLD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwggEOBggrBgEFBQcBAQSCAQAwgf0wTAYIKwYBBQUHMAKGQGh0dHA6Ly93d3cucGFsbWJlYWNoc3RhdGUuZWR1L0NSTC9ST09UQ0EyX3BiY2MtUk9PVENBMS1DQSgyKS5jcnQwgawGCCsGAQUFBzAChoGfbGRhcDovLy9DTj1wYmNjLVJPT1RDQTEtQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9UEJDQyxEQz1FRFUsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQAhZkA8Fd4g5pgr/4xiPY6dbtOVXBl5brveV/GggXsUACVK6WACCy2Mc4UXYQlVXE4EZw5py7/l8DI2j3BPBXjuM65UI+HQYazDuW5yjXybH/IgYYAgbSfypcDyfdeCHaXobiyuG2M4zUDrRSUAra4ILg/wzLBVhhoBF4i/SKD47sMSiIXCCnTjmtqQpQWlkruoOlLBe6KxoTeWFiJjPUPv9o38T+2Y4EBqC4ROEVPI1znrvpSKozy1iZ/l9PX/sCCIdcrnfS+qgY2WmoCynb/3zh9RL9p3F7OPqF8ybVWl2Qwh1BAFEoxc5/lbGSJPQuPYnFSnJEWDcDqqJoKHJseZ" />
</characteristic>

</characteristic>
</characteristic>
[7, PID:9300][04/23/2013 10:49:42] :Impersonating caller: PBCC_ADMIN1\munroep-2
[7, PID:9300][04/23/2013 10:49:42] :Revert back to self: NT AUTHORITY\NETWORK SERVICE
[7, PID:9300][04/23/2013 10:49:42] :FaultCode is: MessageFormat and reason is: ArgumentException: Value cannot be null.
Parameter name: name

 

I am also including the log from the MAC the CCMClient.log

 

<![LOG[

System Center Configuration Manager Client for Mac OS X

CCMClient Daemon

Version: 5.00.7804.1202

Copyright Microsoft Corporation

 

]LOG]!><time="11:12:09.293+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="OMADMClient.mm:45">

<![LOG[RunClient]LOG]!><time="11:12:09.397+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="CCMClientProcessor.mm:225">

<![LOG[CFLocalServer: Starting up (pid: 59).

]LOG]!><time="11:12:09.397+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="CCMClientProcessor.mm:125">

<![LOG[Failed to Fetch last Install message. Nothing to cleanup]LOG]!><time="11:12:09.431+004" date="04-23-2013" component="Default" context="" type="1" thread="2954985472" file="InstallServiceThread.mm:44">

<![LOG[RunThread() ]LOG]!><time="11:12:09.433+004" date="04-23-2013" component="Default" context="" type="1" thread="2956050432" file="OMADMServiceThread.mm:254">

<![LOG[PreferencesService RunThread()]LOG]!><time="11:12:09.433+004" date="04-23-2013" component="Default" context="" type="1" thread="2957115392" file="PreferencesThread.mm:42">

<![LOG[No Preferences found for Key - 'SwJobCleanupInterval', Domain - 'com.microsoft.ccmclient'.]LOG]!><time="11:12:09.437+004" date="04-23-2013" component="Default" context="" type="1" thread="2954985472" file="OSXUtilities.mm:456">

<![LOG[No Preferences found for Key - 'MP', Domain - 'com.microsoft.ccmclient'.]LOG]!><time="11:12:09.442+004" date="04-23-2013" component="Default" context="" type="1" thread="2956050432" file="OSXUtilities.mm:456">

<![LOG[Error: No Server selected for MP connection. Perhaps the client is not enrolled correctly .

]LOG]!><time="11:12:09.442+004" date="04-23-2013" component="Default" context="" type="3" thread="2956050432" file="OMADMServiceThread.mm:116">

<![LOG[OMA : Sending Notification to UI : <CCMClientNotification><Sender>Service</Sender><Name></Name><Id></Id><Type>CCM_OMA</Type><State>Error</State><Data>-2147467259</Data><Description></Description><RebootRequired></RebootRequired><Time></Time></CCMClientNotification>]LOG]!><time="11:12:09.442+004" date="04-23-2013" component="Default" context="" type="1" thread="2956050432" file="OMADMService.mm:271">

<![LOG[CCMClient - Broadcasting Msg to UI : <CCMClientNotification><Sender>Service</Sender><Name></Name><Id></Id><Type>CCM_OMA</Type><State>Error</State><Data>-2147467259</Data><Description></Description><RebootRequired></RebootRequired><Time></Time></CCMClientNotification>]LOG]!><time="11:12:09.443+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="NotificationProcessor.mm:65">

<![LOG[002386C0: Listen

]LOG]!><time="11:14:31.594+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="SocketServer.mm:645">

<![LOG[ClientGotSpace: Client 002386C0 lifted write-side flow control.

]LOG]!><time="11:14:31.594+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="SocketServer.mm:557">

<![LOG[002386C0: Client Sent : "<CCMClientNotification><Sender>Agent</Sender><Name>munroep-2</Name><Id>1772840664</Id><Type>CCM_User</Type><State>Initiate</State><Data>UserLogin</Data><Description>1743903037</Description><RebootRequired></RebootRequired><Time></Time></CCMClientNotification>"

]LOG]!><time="11:14:31.660+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="SocketServer.mm:748">

<![LOG[CCMClient - ProcessUIMessage. Msg : <CCMClientNotification><Sender>Agent</Sender><Name>munroep-2</Name><Id>1772840664</Id><Type>CCM_User</Type><State>Initiate</State><Data>UserLogin</Data><Description>1743903037</Description><RebootRequired></RebootRequired><Time></Time></CCMClientNotification>]LOG]!><time="11:14:31.660+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="NotificationProcessor.mm:31">

<![LOG[OMADMService - ProcessNotification() ]LOG]!><time="11:14:31.661+004" date="04-23-2013" component="Default" context="" type="1" thread="2956050432" file="OMADMServiceThread.mm:315">

<![LOG[PreferencesService - ProcessNotification() ]LOG]!><time="11:14:31.661+004" date="04-23-2013" component="Default" context="" type="1" thread="2957115392" file="PreferencesThread.mm:63">

<![LOG[Failed to Fetch last Install message. Nothing to send back to user agent]LOG]!><time="11:14:31.661+004" date="04-23-2013" component="Default" context="" type="1" thread="2954985472" file="InstallServiceThread.mm:225">

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.