on 06-03-2014 6:10 PM
Found this snippet, maybe helpful:
SOLUTION:
Network Device Enrollment Services installation may need to be refreshed. This can be done by going to Server Manager > Roles > Active Directory Certificate Services and Remote the Role Services fore Network Device Enrollment Services and then re-add it following a Reboot.
Following the reinstall of Network Device Enrollment Services, it may be required to check the following:
HKLM\Software\Microsoft\Cryptography\MSCEP\EnforcePassword\EnforcePassword DWORD = 0
The default entry for this key is "1", and must be changed to "0" for the Afaria iPhone provisioning process.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello
I have been trying to work this out for a few days now….I am not getting anywhere with it. I have re-created all certificates, re-configured, re-installed SP4, and still the same error.
Setup:
NO Relay server
All components are on the same server: Afaria, CA, SQL server database etc.
I have created SSL certificate for https binding.
When I try to enrol an ios device (7 or 6) I see the following:
Generating Key
Enroling Certificate
Then I get the following:
In the iPhone Configuration Utility:
Jun 10 08:06:37 M514050 securityd[82] <Error>: SecDbItemInsertOrReplace INSERT failed: The operation couldnt be completed. (com.apple.utilities.sqlite3 error 19 - reset: [19] columns ctyp, issr, slnr, agrp, sync are not unique sql: INSERT INTO cert(rowid,cdat,mdat,ctyp,cenc,labl,alis,subj,issr,slnr,skid,pkhh,data,agrp,pdmn,sync,tomb,sha1)VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?))
Jun 10 08:06:37 M514050 securityd[82] <Error>: securityd_xpc_dictionary_handler profiled[944] add The operation couldnt be completed. (OSStatus error -25299 - duplicate item O,cert,B9694BEC,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,skid,pkhh,v_Data,20140610070637.604202Z,17429675)
Jun 10 08:06:37 M514050 profiled[944] <Error>: SecOSStatusWith error:[-25299] The operation couldnt be completed. (OSStatus error -25299 - Remote error : The operation couldnt be completed. (OSStatus error -25299 - duplicate item O,cert,B9694BEC,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,skid,pkhh,v_Data,20140610070637.604202Z,17429675))
Jun 10 08:06:37 M514050 profiled[944] <Notice>: (Note ) MC: Attempting to retrieve issued certificate...
Jun 10 08:06:37 M514050 profiled[944] <Notice>: (Note ) MC: Could not retrieve issued certificate: NSError:
Desc : The SCEP server returned an invalid response.
US Desc: The SCEP server returned an invalid response.
Domain : MCSCEPErrorDomain
Code : 22013
Type : MCFatalError
Jun 10 08:06:37 M514050 profiled[944] <Notice>: (Error) MC: Cannot retrieve SCEP identity: NSError:
Desc : The SCEP server returned an invalid response.
US Desc: The SCEP server returned an invalid response.
Domain : MCSCEPErrorDomain
Code : 22013
Type : MCFatalError
Jun 10 08:06:37 M514050 profiled[944] <Notice>: (Error) MC: Failure occurred while retrieving profile during OTA Profile Enrollment: NSError:
Desc : The SCEP server returned an invalid response.
US Desc: The SCEP server returned an invalid response.
Domain : MCSCEPErrorDomain
Code : 22013
Type : MCFatalError
Jun 10 08:06:37 M514050 profiled[944] <Notice>: (Error) MC: Installation failed. Error: NSError:
Desc : Profile Installation Failed
Sugg : The SCEP server returned an invalid response.
US Desc: Profile Installation Failed
US Sugg: The SCEP server returned an invalid response.
Domain : MCInstallationErrorDomain
Code : 4001
Type : MCFatalError
...Underlying error:
NSError:
Desc : The SCEP server returned an invalid response.
US Desc: The SCEP server returned an invalid response.
Domain : MCSCEPErrorDomain
Code : 22013
Type : MCFatalError
Extra info:
{
isPrimary = 1;
}
Also, I can see the following in the log on the server, all returned with 200 OK
2014-06-10 07:06:33 POST /aips2/aipService.svc/BootstrapEnrollment GUID=2488a65a-0178-4185-936c-12766d4dc0ed 80 - Profile/1.0 200 0 0 2112
2014-06-10 07:06:36 GET /certsrv/mscep/mscep.dll operation=GetCACert&message=itelliServer 80 - profiled/1.0+CFNetwork/672.1.14+Darwin/14.0.0 200 0 0 111
2014-06-10 07:06:36 GET /aips2/aipService.svc/scep id=SE5KQUtKRkVMSUVERUdCTkpCRk9NQ0lQSk9HS0NLR0tESkpNQ0RLR1BLRFBKTkVISExKQkhHRkVPTEdIQklPR0pMSEZGRk9QTktDRVBKTE1GTEpQSEhNS09FUENMS0hGRU9CRERKQUJBSEJIR0RNS0JIQ0JKUEdOTE5HS0tLRExKRkFCRU9PS0xLRkRJSk9QTERMT0JNS05IQUxHTkZOTlBHQktLSUlFTUJGTE9ET0lNTE1BR1BDQ0lOTEhNRklERkJEREdMREFNQkVQTUxMQUFBQ0RDSEVLQ0pISVBKTExPTEJQQkdIQUhDSkZOTkdMS0ZDR0hFTFBNRVBNSkRGQ05HT1BGTklHTExOSUVKRU1PQ1BLQktIQk5GUFBOR0FPTUxGS0VQTEhGUERQR0pPSUJITk1QQkNMfA==?operation=GetCACert&message=itelliServer 80 - profiled/1.0+CFNetwork/672.1.14+Darwin/14.0.0 200 0 0 339
Does anyone have any ideas on this? Are there any tools out there that will tell me what is wrong with the scep response? I can download the scep response as a file, but not sure what to do with it.
Thanks
Andrew
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andrew,
Hopefully this is thread is going to be helpful:
Also it's quite possible has something to do with certificate itself.
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.