Registration authority's response is invalid

book

Article ID: 157151

calendar_today

Updated On:

Products

Mobile Management

Issue/Introduction

The customer is receiving an error message on their iOS device informing them that the "Registration Authority's Response is Invalid." This stops the installation of a profile and enrolling new devices.

The error "Registration Authority's Response is Invalid" is displayed on the iOS device.

Cause

A Microsoft security update changed the minimum bit length an SSL certificate can be, making any certificate under 1024 bits invalid.

Resolution

A. The following steps will need to be followed in order to update the SCEP identity certificate bit length to be compliant with the latest security updates.

  1. Replace the SCEP identity certificate using a bit length hash below 1024 for encryption with either a 1024 or 2048 bit length hash for encryption.
  2. Update the settings in the Symantec Management Console to reflect this SCEP certificate change.
  3. Reset the 3 Symantec Mobile Management Services in services.msc on the Mobile Management Server.

 

B. If the SCEP server receives 500 errors upon applying the new identity certificate then you will need to perform the following actions.

  1. Reset the CA.
  2. Reset the SCEP Server.

 

C. If all of these options still continue having errors, consider uninstalling the Microsoft NDES role from the SCEP server, and reinstalling it with valid certificate settings.


Applies To

Symantec Mobile Management 7.1 and higher
Windows Server 2008 R2