iOS Enrollment Error: Profile Failed to Install - A network error has occurred

book

Article ID: 156864

calendar_today

Updated On:

Products

Mobile Management

Issue/Introduction

When trying to enroll iOS devices to a Symantec Mobile Management server, an error on the iOS device appears that a network error has occurred.

Further inspection, using the iPhone Configuration Utility or Xcode console logs, shows that the device does not trust the server:

-- 11:43:20 unknown profiled[417] <Notice>: (Error) MC: Cannot retrieve SCEP identity: NSError:
Desc   : A network error has occurred.
Sugg   : The certificate for this server is invalid. You might be connecting to a server that is pretending to be scep.domain.com which could put your confidential information at risk.

Cause

In the Configuration Editor for the SCEP profile, the SCEP URL is configured to use HTTPS, e.g. https://scep.domain.com/certsrv/mscep/mscep.dll.   The IIS certificate bound to the SCEP server is not issued by a public CA certificate provider that the Apple device trusts.  The Apple device will not trust the SCEP server SSL certificate.

 

Resolution

For the SCEP URL to use HTTPS, it must be configured using a certificate Apple devices trust by default.   A public CA, such as Symantec, can issue a trusted certificate.  Change the certificate on the SCEP server to a trusted one, or change the SCEP URL to use http only.

 

 

Applies To

Symantec Mobile Management

Using a SCEP server with a secure (https) URL, not signed by a trusted certificate provider.