The customer is receiving an error message on their iOS device informing them that the "Registration Authority's Response is Invalid." This stops the installation of a profile and enrolling new devices.
The error "Registration Authority's Response is Invalid" is displayed on the iOS device.
A Microsoft security update changed the minimum bit length an SSL certificate can be, making any certificate under 1024 bits invalid.
A. The following steps will need to be followed in order to update the SCEP identity certificate bit length to be compliant with the latest security updates.
B. If the SCEP server receives 500 errors upon applying the new identity certificate then you will need to perform the following actions.
C. If all of these options still continue having errors, consider uninstalling the Microsoft NDES role from the SCEP server, and reinstalling it with valid certificate settings.
Symantec Mobile Management 7.1 and higher
Windows Server 2008 R2