MDM config profile unable to install

0
votes

I'm trying to make a prototype of an IOS MDM server to show my client some functionalities at work. I just started and I'm trying to create the configuration profile after alot of searching and reading about MDM, I've hit a wall (probably result being tired at the end of the day).

When I download it from my server at the ipad using safari I get the error:

Safari could not install a profile due to an unknown error.

When i try to install it on my macbook I get the error:

The payload 'com.mytests.mdm.mdm' is missing the required key 'IdentityCertificateUUID'.`

This is parte of my current configuration profile generate using iPCU (i removed somethings values marked with [], like for example the urls)

<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
    <dict>
        <key>AccessRights</key>
        <integer>8179</integer>
        <key>CheckInURL</key>
        <string> [my url] </string>
        <key>CheckOutWhenRemoved</key>
        <true/>
        <key>PayloadDescription</key>
        <string>Configures Mobile Device Management</string>
        <key>PayloadDisplayName</key>
        <string>Mobile Device Management</string>
        <key>PayloadIdentifier</key>
        <string>com.mytests.mdm</string>
        <key>PayloadOrganization</key>
        <string> [my organisation] </string>
        <key>PayloadType</key>
        <string>com.apple.mdm</string>
        <key>PayloadUUID</key>
        <string> [my payload] </string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>ServerURL</key>
        <string> [my url] </string>
        <key>SignMessage</key>
        <false/>
        <key>Topic</key>
        <string>com.novabase.mdm.pushcert</string>
        <key>UseDevelopmentAPNS</key>
        <true/>
    </dict>
</array>
<key>PayloadDescription</key>
<string>Profile description.</string>
<key>PayloadDisplayName</key>
<string>MDM test</string>
<key>PayloadIdentifier</key>
<string>com.mytests.mdm</string>
<key>PayloadOrganization</key>
<string> [my organisation] </string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>8357C602-E971-4EA4-AD5F-ACBABB8D0FBD</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

Any ideia how to create the missing key/value using the iPCU or what is missing here. Also at the moment the server is not fully working it just sends the profile and waits for a call to the check in url (but i don't receive any so i suppose that the problem is not in the server implementation yet).

Thank you for any help, this is driving me crazy.

1
iosmdm

1 Answers

2
votes

For MDM profile you need to have at least two payloads:

  • MDM Payload (you have it)
  • Identity Payload (you are missing it).

Identity payload may be one of two things:

  • PKCS#12 identity (meaning certificate and private key packaged as PKCS#12)
  • SCEP (meaning, information about your SCEP server and additional data to request a certificate from it).

You can go to iPCU and add "Credentails" and choose PKCS#12 file from your disk or you can add "SCEP".

In the MDM payload (Mobile Device Management under iPCU) you will need to choose created payload from the dropdown called "Identity". Generally speaking, the bug which you say is iOS complaining that your MDM payload don't point to any identity payload.

Let me know, if you have any additional questions.