The SCEP server returned an invalid response
Closed this issue · 6 comments
Hi,
I tried to use you great code to enroll my iPhone in MDM. It works great till the POST "/scep?operation=PKIOperation", at which point the iPhone raises the error "The SCEP server returned an invalid response". I wanted to know more about that so I gave a look at the device's logs:
Aug 1 09:00:42 TheVilain Preferences[11159] : BTM: attaching to BTServer
Aug 1 09:00:46 TheVilain profiled[11158] : (Note ) MC: Checking for MDM installation...
Aug 1 09:00:46 TheVilain profiled[11158] : (Note ) MC: ...finished checking for MDM installation.
Aug 1 09:00:54 TheVilain wifid[15] : WiFi:[428569254.463576]: WiFiLocaleManagerCheckLocale: locale has been valid since 428569213.178916, for 41.28 secs
Aug 1 09:00:54 TheVilain kernel[0] : 493937.610838 wlan.A[80756] AppleBCMWLANProximityInterface::setSYNC_ENABLED(): set AWDL->OFF
Aug 1 09:00:54 TheVilain kernel[0] : 493937.610908 wlan.A[80757] AppleBCMWLANProximityInterface::doSetSyncState(): Setting fAWDLOffTimer
Aug 1 09:00:55 TheVilain profiled[11158] : (Note ) MC: Enrolling in OTA Profile service...
Aug 1 09:00:56 TheVilain securityd[8501] : SecDbItemInsertOrReplace INSERT failed: The operation couldn’t be completed. (com.apple.utilities.sqlite3 error 19 - reset: [19] columns ctyp, issr, slnr, agrp, sync are not unique sql: INSERT INTO cert(rowid,cdat,mdat,ctyp,cenc,labl,alis,subj,issr,slnr,skid,pkhh,data,agrp,pdmn,sync,tomb,sha1)VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?))
Aug 1 09:00:56 TheVilain securityd[8501] : securityd_xpc_dictionary_handler profiled[11158] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,5359E7E8,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20140801070056.363791Z,DE2E9186)
Aug 1 09:00:56 TheVilain profiled[11158] : SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,5359E7E8,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20140801070056.363791Z,DE2E9186))
Aug 1 09:00:56 TheVilain profiled[11158] : (Note ) MC: Attempting to retrieve issued certificate...
Aug 1 09:00:56 TheVilain profiled[11158] : (Note ) MC: Could not retrieve issued certificate: NSError:
Desc : Le serveur SCEP a renvoyé une réponse non valide.
US Desc: The SCEP server returned an invalid response.
Domain : MCSCEPErrorDomain
Code : 22013
Type : MCFatalError
Aug 1 09:00:56 TheVilain profiled[11158] : (Error) MC: Cannot retrieve SCEP identity: NSError:
Desc : Le serveur SCEP a renvoyé une réponse non valide.
US Desc: The SCEP server returned an invalid response.
Domain : MCSCEPErrorDomain
Code : 22013
Type : MCFatalError
Aug 1 09:00:56 TheVilain profiled[11158] : (Error) MC: Failure occurred while retrieving profile during OTA Profile Enrollment: NSError:
Desc : Le serveur SCEP a renvoyé une réponse non valide.
US Desc: The SCEP server returned an invalid response.
Domain : MCSCEPErrorDomain
Code : 22013
Type : MCFatalError
Aug 1 09:00:56 TheVilain profiled[11158] : (Error) MC: Installation failed. Error: NSError:
Desc : Échec d’installation du profil
Sugg : Le serveur SCEP a renvoyé une réponse non valide.
US Desc: Profile Installation Failed
US Sugg: The SCEP server returned an invalid response.
Domain : MCInstallationErrorDomain
Code : 4001
Type : MCFatalError
...Underlying error:
NSError:
Desc : Le serveur SCEP a renvoyé une réponse non valide.
US Desc: The SCEP server returned an invalid response.
Domain : MCSCEPErrorDomain
Code : 22013
Type : MCFatalError
Extra info:
{
isPrimary = 1;
}
For the sake of time saving, I generated my own certificates (CA, SLL and RA) thanks to http://www.perturb.org/display/754_Apache_self_signed_certificate_HOWTO.html
Do you have any idea what's going on?
Thanks in advance,
Chris
I am also running into that same issue... Did anyone used this app to successfully enroll a phone ?
Thanks a lot,
I'll take a peak at this, probably just missing something the newer OS wants. I have working enrollment code in a another project, sorry I haven't had the time to work on this much lately.
Thanks for your answer ! I followed Chris' link for the certificate so it might be the issue but not sure ....
Anyway thanks for your fast answer and support ! At least your code is clear enough to understand but I can't see what's missing or what's causing the error ...
@jamesdaniels thanks a lot, it would really help because I'm completely stuck. I've been trying to study Apple's code on OS X Server but I cannot find the solution.
Hello James,
Did you had time to take a look at your code ?
Thanks a lot,
Jeremy
I ended up using https://github.com/micromdm/scep. Although it's written in Go, it works like a charm.