tbox31 Posted April 23, 2013 Report post Posted April 23, 2013 Hello, I'm having an issues trying to enroll a Mac for a certificate. I've already installed the Enrollment Point and Proxy Point, modified the default client settings to create a Mac profile, and configured the MP, DP to use https with internet clients. I also have created the required templates. When we run sudo ./CMEnroll -s fqdn.siteserver -ignorecertchainvalidation -u ‘DOMAIN\Username, the Mac reports: Server connection failed. HTTP Response code is 500 and reason is Internal Server Error The EnrollmentService.log reports the following: [7, PID:5328][04/22/2013 08:42:27] :WindowsIdentity is created for domain: domain user: username[7, PID:5328][04/22/2013 08:42:27] :validated user credentials[7, PID:5328][04/22/2013 08:42:27] :Handling RequestSecurityToken[7, PID:5328][04/22/2013 08:42:27] :claim identity name: domain\username[7, PID:5328][04/22/2013 08:42:27] :ConfigManager: RefreshCache: Creating Enrollment Profile 16777219[7, PID:5328][04/22/2013 08:42:27] :EnrollmentServiceProfile: GetDBCAs retrieved Template information: [7, PID:5328][04/22/2013 08:42:27] :Template: ConfigMgrMacClientCertificate[7, PID:5328][04/22/2013 08:42:27] :CA: System.Collections.Generic.List`1[system.String][7, PID:5328][04/22/2013 08:42:53] :Failed to find which forest the CA CA.server.domain.com is in. DMP assignment will skip consider forest data[7, PID:5328][04/22/2013 08:42:53] :Impersonating caller: domain\username[7, PID:5328][04/22/2013 08:42:53] :Revert back to self: NT AUTHORITY\NETWORK SERVICE[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Sending CA Success Status - ENROLLSRVMSG_CA_SUCCESS[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: CA Chains count: 1[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Subject name: CN=CA, DC=domain, DC=com[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Issuer Name: CN=CA, DC=domain, DC=com[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: CA Chains 1 thumprint: <thumbprint>[7, PID:5328][04/22/2013 08:42:53] :ConfigManager: Got root CA hash: <hash>[7, PID:5328][04/22/2013 08:42:53] :Impersonating caller: domain\username[7, PID:5328][04/22/2013 08:42:53] :Revert back to self: NT AUTHORITY\NETWORK SERVICE[7, PID:5328][04/22/2013 08:42:53] :FaultCode is: MessageFormat and reason is: ArgumentException: Value cannot be null.Parameter name: name Any thoughts? Quote Share this post Link to post Share on other sites More sharing options...
PaulDASYSADMIN Posted April 23, 2013 Report post Posted April 23, 2013 I am having issues as well in my production envrionment. When we run sudo ./CMEnroll -s fqdn.siteserver -ignorecertchainvalidation -u ‘DOMAIN\Username, the Mac reports: Server connection failed. HTTP Response code is 500 and reason is Internal Server Error Please help management is down my back and our consultant gave up on it....fail I am also including the log from the MAC the CCMClient.log I cant get the damn macs to enroll, here is my EnrollmentService.log: [7, PID:9300][04/23/2013 10:49:06] :WindowsIdentity is created for domain: pbcc.edu user: munroep-2[7, PID:9300][04/23/2013 10:49:06] :validated user credentials[7, PID:9300][04/23/2013 10:49:06] :Handling RequestSecurityToken[7, PID:9300][04/23/2013 10:49:06] :claim identity name: PBCC_ADMIN1\munroep-2[7, PID:9300][04/23/2013 10:49:06] :ConfigManager: RefreshCache: Creating Enrollment Profile 16777218[7, PID:9300][04/23/2013 10:49:06] :EnrollmentServiceProfile: GetDBCAs retrieved Template information: [7, PID:9300][04/23/2013 10:49:06] :Template: ConfigMgrMacClientCertificate[7, PID:9300][04/23/2013 10:49:06] :CA: System.Collections.Generic.List`1[system.String][7, PID:9300][04/23/2013 10:49:27] :Failed to find which forest the CA SUBCA1.pbcc.edu is in. DMP assignment will skip consider forest data[7, PID:9300][04/23/2013 10:49:27] :Impersonating caller: PBCC_ADMIN1\munroep-2[7, PID:9300][04/23/2013 10:49:27] :Revert back to self: NT AUTHORITY\NETWORK SERVICE[7, PID:9300][04/23/2013 10:49:27] :ConfigManager: Sending CA Success Status - ENROLLSRVMSG_CA_SUCCESS[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: CA Chains count: 2[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Subject name: CN=pbcc-SUBCA1-CA, DC=pbcc, DC=edu[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Issuer Name: CN=pbcc-ROOTCA1-CA, DC=pbcc, DC=edu[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: CA Chains 2 thumprint: D7E9B1CDCE8B2429F9D09A7563D88C4478C3E933[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Subject name: CN=pbcc-ROOTCA1-CA, DC=pbcc, DC=edu[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Issuer Name: CN=pbcc-ROOTCA1-CA, DC=pbcc, DC=edu[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: CA Chains 1 thumprint: 5C44A6725714F486F8ED4007924E9CB4785A3114[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Got root CA hash: 5C44A6725714F486F8ED4007924E9CB4785A3114[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: Got CA chain hash: D7E9B1CDCE8B2429F9D09A7563D88C4478C3E933[7, PID:9300][04/23/2013 10:49:42] :ConfigManager: CAStoreXML: <characteristic type="CA"> <characteristic type="System"> <characteristic type="D7E9B1CDCE8B2429F9D09A7563D88C4478C3E933"> <parm name="EncodedCertificate" value="MIIF5DCCBMygAwIBAgIKYSG6KgACAAAAHTANBgkqhkiG9w0BAQUFADBFMRMwEQYKCZImiZPyLGQBGRYDZWR1MRQwEgYKCZImiZPyLGQBGRYEcGJjYzEYMBYGA1UEAxMPcGJjYy1ST09UQ0ExLUNBMB4XDTEzMDMxNDE1MzgyMloXDTE3MDMxNDE1NDgyMlowRDETMBEGCgmSJomT8ixkARkWA2VkdTEUMBIGCgmSJomT8ixkARkWBHBiY2MxFzAVBgNVBAMTDnBiY2MtU1VCQ0ExLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pdtSRoF9gl2W4FI99IkDL/r4iMgn2xdcRnPLZPcVQIArFzcHpP6BmVzCH+hxoBpjBaGx+YyadUFL/tsPeI295iLDeTsTuor46DoAYbtXk3E8zJGlRwibcOo5A5eC/iQBnTb3t2Q7hASgGlvPAQN8vp7WuZIse5Lol2q4Cbg1GVmlU7ugJc7O7uzY9RVd5/OsIycVrojZxim9M6ajqj//4bhCyWxN8ihvXcyMyOVKbp3V3CN1GnBXygVKhd0tr11wP9yWvr1xHJWwQafmXf2POmiH8akggqESZPuhMkwfL+vrkP6n9djqEr/QFqhJ6At1z4sV/1KVKi2e4g777BzeQIDAQABo4IC1TCCAtEwEgYJKwYBBAGCNxUBBAUCAwIAAjAjBgkrBgEEAYI3FQIEFgQUN99ovbYOYKfVCb9N2iRHT7xIegEwHQYDVR0OBBYEFDdSWeI4OoePmd3fXHUmVFcaiqbRMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFK9fFvC8gPR/PAgv/ggQ6xKThP4FMIIBCQYDVR0fBIIBADCB/TCB+qCB96CB9IY4aHR0cDovL3d3dy5wYWxtYmVhY2hzdGF0ZS5lZHUvQ1JML3BiY2MtUk9PVENBMS1DQSgyKS5jcmyGgbdsZGFwOi8vL0NOPXBiY2MtUk9PVENBMS1DQSgyKSxDTj1ST09UQ0ExLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPVBCQ0MsREM9RURVLD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwggEOBggrBgEFBQcBAQSCAQAwgf0wTAYIKwYBBQUHMAKGQGh0dHA6Ly93d3cucGFsbWJlYWNoc3RhdGUuZWR1L0NSTC9ST09UQ0EyX3BiY2MtUk9PVENBMS1DQSgyKS5jcnQwgawGCCsGAQUFBzAChoGfbGRhcDovLy9DTj1wYmNjLVJPT1RDQTEtQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9UEJDQyxEQz1FRFUsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQAhZkA8Fd4g5pgr/4xiPY6dbtOVXBl5brveV/GggXsUACVK6WACCy2Mc4UXYQlVXE4EZw5py7/l8DI2j3BPBXjuM65UI+HQYazDuW5yjXybH/IgYYAgbSfypcDyfdeCHaXobiyuG2M4zUDrRSUAra4ILg/wzLBVhhoBF4i/SKD47sMSiIXCCnTjmtqQpQWlkruoOlLBe6KxoTeWFiJjPUPv9o38T+2Y4EBqC4ROEVPI1znrvpSKozy1iZ/l9PX/sCCIdcrnfS+qgY2WmoCynb/3zh9RL9p3F7OPqF8ybVWl2Qwh1BAFEoxc5/lbGSJPQuPYnFSnJEWDcDqqJoKHJseZ" /> </characteristic> </characteristic> </characteristic>[7, PID:9300][04/23/2013 10:49:42] :Impersonating caller: PBCC_ADMIN1\munroep-2[7, PID:9300][04/23/2013 10:49:42] :Revert back to self: NT AUTHORITY\NETWORK SERVICE[7, PID:9300][04/23/2013 10:49:42] :FaultCode is: MessageFormat and reason is: ArgumentException: Value cannot be null.Parameter name: name I am also including the log from the MAC the CCMClient.log <![LOG[ System Center Configuration Manager Client for Mac OS X CCMClient Daemon Version: 5.00.7804.1202 Copyright Microsoft Corporation ]LOG]!><time="11:12:09.293+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="OMADMClient.mm:45"> <![LOG[RunClient]LOG]!><time="11:12:09.397+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="CCMClientProcessor.mm:225"> <![LOG[CFLocalServer: Starting up (pid: 59). ]LOG]!><time="11:12:09.397+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="CCMClientProcessor.mm:125"> <![LOG[Failed to Fetch last Install message. Nothing to cleanup]LOG]!><time="11:12:09.431+004" date="04-23-2013" component="Default" context="" type="1" thread="2954985472" file="InstallServiceThread.mm:44"> <![LOG[RunThread() ]LOG]!><time="11:12:09.433+004" date="04-23-2013" component="Default" context="" type="1" thread="2956050432" file="OMADMServiceThread.mm:254"> <![LOG[PreferencesService RunThread()]LOG]!><time="11:12:09.433+004" date="04-23-2013" component="Default" context="" type="1" thread="2957115392" file="PreferencesThread.mm:42"> <![LOG[No Preferences found for Key - 'SwJobCleanupInterval', Domain - 'com.microsoft.ccmclient'.]LOG]!><time="11:12:09.437+004" date="04-23-2013" component="Default" context="" type="1" thread="2954985472" file="OSXUtilities.mm:456"> <![LOG[No Preferences found for Key - 'MP', Domain - 'com.microsoft.ccmclient'.]LOG]!><time="11:12:09.442+004" date="04-23-2013" component="Default" context="" type="1" thread="2956050432" file="OSXUtilities.mm:456"> <![LOG[Error: No Server selected for MP connection. Perhaps the client is not enrolled correctly . ]LOG]!><time="11:12:09.442+004" date="04-23-2013" component="Default" context="" type="3" thread="2956050432" file="OMADMServiceThread.mm:116"> <![LOG[OMA : Sending Notification to UI : <CCMClientNotification><Sender>Service</Sender><Name></Name><Id></Id><Type>CCM_OMA</Type><State>Error</State><Data>-2147467259</Data><Description></Description><RebootRequired></RebootRequired><Time></Time></CCMClientNotification>]LOG]!><time="11:12:09.442+004" date="04-23-2013" component="Default" context="" type="1" thread="2956050432" file="OMADMService.mm:271"> <![LOG[CCMClient - Broadcasting Msg to UI : <CCMClientNotification><Sender>Service</Sender><Name></Name><Id></Id><Type>CCM_OMA</Type><State>Error</State><Data>-2147467259</Data><Description></Description><RebootRequired></RebootRequired><Time></Time></CCMClientNotification>]LOG]!><time="11:12:09.443+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="NotificationProcessor.mm:65"> <![LOG[002386C0: Listen ]LOG]!><time="11:14:31.594+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="SocketServer.mm:645"> <![LOG[ClientGotSpace: Client 002386C0 lifted write-side flow control. ]LOG]!><time="11:14:31.594+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="SocketServer.mm:557"> <![LOG[002386C0: Client Sent : "<CCMClientNotification><Sender>Agent</Sender><Name>munroep-2</Name><Id>1772840664</Id><Type>CCM_User</Type><State>Initiate</State><Data>UserLogin</Data><Description>1743903037</Description><RebootRequired></RebootRequired><Time></Time></CCMClientNotification>" ]LOG]!><time="11:14:31.660+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="SocketServer.mm:748"> <![LOG[CCMClient - ProcessUIMessage. Msg : <CCMClientNotification><Sender>Agent</Sender><Name>munroep-2</Name><Id>1772840664</Id><Type>CCM_User</Type><State>Initiate</State><Data>UserLogin</Data><Description>1743903037</Description><RebootRequired></RebootRequired><Time></Time></CCMClientNotification>]LOG]!><time="11:14:31.660+004" date="04-23-2013" component="Default" context="" type="1" thread="2894170664" file="NotificationProcessor.mm:31"> <![LOG[OMADMService - ProcessNotification() ]LOG]!><time="11:14:31.661+004" date="04-23-2013" component="Default" context="" type="1" thread="2956050432" file="OMADMServiceThread.mm:315"> <![LOG[PreferencesService - ProcessNotification() ]LOG]!><time="11:14:31.661+004" date="04-23-2013" component="Default" context="" type="1" thread="2957115392" file="PreferencesThread.mm:63"> <![LOG[Failed to Fetch last Install message. Nothing to send back to user agent]LOG]!><time="11:14:31.661+004" date="04-23-2013" component="Default" context="" type="1" thread="2954985472" file="InstallServiceThread.mm:225"> Quote Share this post Link to post Share on other sites More sharing options...
tbox31 Posted April 26, 2013 Report post Posted April 26, 2013 turns out firewall between the sccm server and CA was causing this to fail. once we opened it up, enrollment succeeded. Quote Share this post Link to post Share on other sites More sharing options...
PaulDASYSADMIN Posted April 26, 2013 Report post Posted April 26, 2013 Can you please be a little bit more detail please. I am having the same exact issue and same exact log. Any special ports you open up? Quote Share this post Link to post Share on other sites More sharing options...
PaulDASYSADMIN Posted April 26, 2013 Report post Posted April 26, 2013 I finally got the issue resolved it also turned out to be a firewall issue. Quote Share this post Link to post Share on other sites More sharing options...