Enrollment of device is failing in Symantec Mobile Management.

Upon enrollment user is prompted for credentials and MDM installation begins.

Installation fails with "Network Error Occurred" message.

Error On the device shows "Network Error Occurred".

Following error can be found in the device logs:

Desc   : The profile MDM Enrollment could not be installed.

Sugg   : A network error has occurred.

US Desc: The profile MDM Enrollment could not be installed.

US Sugg: A network error has occurred.

Domain : MCProfileErrorDomain

Code   : 1009

Type   : MCFatalError

Params : (

"MDM Enrollment"

)

...Underlying error:

NSError:

Desc   : A network error has occurred.

Sugg   : The request timed out.

US Desc: A network error has occurred.

Domain : MCSCEPErrorDomain

Code   : 22005

Type   : MCFatalError

...Underlying error:

NSError:

Desc   : The request timed out.

Domain : NSURLErrorDomain

Code   : -1001

Type   : MCFatalError 

 SCEP server is not functioning properly or cannot be reached.

 SCEP server requires 2 certificates to be present on the server running NDES services.

• CEP Encryption Certificate
• Exchange Enrollment Agent

If any of those certificates expires, NDES services will not be able to run.

To renew CEP certificate do the following:

• Open MMC console and add certificates snap-in
• Browse to the CEP certificate located in Personal certificates container
• Right click and select All Task -> Advanced -> Renew
• Follow the workflow using the CEP encryption template

Due to Microsoft specification, Exchange Enrollment Agent certificate cannot be renewed using this procedure.

To renew Exchange Enrollment Agent certificate, follow Microsoft KB article 2712186.

Restart IIS or restart the server.

You should now be able to access SCEP server using the following link:

http://SCEP-Server-address/certsrv/mscep_admin

Applies To

Symantec Mobile Management 7.2 (all versions)

iOS (all versions)