Post

Replies

Boosts

Views

Activity

Getting an "Unsupported InstallAction for this Product Key" error when using the new option InstallForceRestart
We are testing the new InstallAction option InstallForceRestart (https://developer.apple.com/documentation/devicemanagement/scheduleosupdatecommand/command/updatesitem) on macOS 11 devices per the documentation and we are getting an error that it is an unsupported action for this Product Key. If we use the InstallAction of Default instead with the same Product Key the update is fine. Plist with error is <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "..."> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>0b17230e-7096-4972-be30-1f23fb8c4d6d</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>12008</integer> <key>ErrorDomain</key> <string>MCMDMErrorDomain</string> <key>LocalizedDescription</key> <string>Unsupported InstallAction for this ProductKey</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>54354E4B-F56B-5D62-83C9-990342AD570B</string> <key>UpdateResults</key> <array> <dict> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>12008</integer> <key>ErrorDomain</key> <string>MCMDMErrorDomain</string> <key>LocalizedDescription</key> <string>Unsupported InstallAction for this ProductKey</string> </dict> </array> <key>InstallAction</key> <string>Error</string> <key>ProductKey</key> <string>MACOS11.1</string> <key>Status</key> <string>InstallFailed</string> </dict> </array> </dict> </plist> Anyone else seeing this error or have people been able to get the InstallForceRestart option to work?
2
0
2.7k
Jan ’21
VPN AlwaysOn and other changes in Xcode 12.2 Release Candidate build
From which version of devices the changes mentioned in https://developer.apple.com/documentation/devicemanagement/vpn/alwayson?changes=latest_major are present? Are they applicable to iOS and macOS platforms? Are they backward compatible? Would "VPN.AlwaysOn.AllowedCaptiveNetworkPlugin", "VPN.AlwaysOn.ServiceException" etc work on newer version of iOS and macOS devices?
0
0
272
Nov ’20
Is there more details what is considered "contains sensitive user information which is not permitted for user payloads" for shared IPad deployments
Is there more details what is considered "contains sensitive user information which is not permitted for user payloads" for shared IPad deployments on IOS 14? We've looked at the Apple docs and the fields that are sensitive user information do not appear to be explicitly called out. For example, our testing results show that the payloads Email CalDAV CardDAV Exchange Subscribed Calendar LDAP will result in a "contains sensitive user information which is not permitted for user payloads" error if the password attribute is included in the payload. Removing the password attribute and the payload is fine. Is this information documented somewhere explicitly? What are the other list of attributes that are considered sensitive user information?
2
0
431
Nov ’20
Any guidance on installing managed applications for macOS 11?
Any guidance on installing managed applications for macOS 11? We are not getting any luck. <?xml version="1.0"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "..."> <plist version="1.0">  <dict>    <key>CommandUUID</key>    <string>c81be0c8-a5a4-4162-898e-64e865dfd714</string>    <key>Command</key>    <dict>      <key>RequestType</key>      <string>InstallApplication</string>      <key>ManagementFlags</key>      <integer>0</integer>      <key>iTunesStoreID</key>      <integer>406056744</integer>      <key>ChangeManagementState</key> <string>Managed</string> <key>InstallAsManaged</key> <true/> <key>iosApp</key> <false/><key>Configuration</key>      <dict>    <key>configUuid</key>    <string>100000-1000-1000-1000-100000000000</string> </dict><key>Attributes</key>      <dict>    <key>Removable</key>    <true/> </dict>    </dict>  </dict> </plist> results in the error <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "..."> <plist version="1.0"> <dict>        <key>CommandUUID</key>        <string>0c4d2406-1c4e-4ebf-800b-ea372225f911</string>        <key>ErrorChain</key>        <array>               <dict>                       <key>ErrorCode</key>                       <integer>97</integer>                       <key>ErrorDomain</key>                       <string>MDMClientError</string>                       <key>LocalizedDescription</key>                       <string><![CDATA[PurchaseMethod must be 1 <MDMClientError:97>]]></string>               </dict>        </array>        <key>RejectionReason</key>        <string>PurchaseMethodNotSupported</string>        <key>Status</key>        <string>Error</string>        <key>UDID</key>        <string>564D79B5-29E6-DAEC-8E5B-2D921352D787</string> </dict> </plist> We tried removing the InstallAsManaged, but we get the same PurchaseMethodNotSupported error. None of the existing PurchaseMethod values make sense https://developer.apple.com/documentation/devicemanagement/installapplicationcommand/command/options 0 is for IOS 1 is for VPP My understanding was that the whole purpose of the new managed application support for macOS 11 was that EMMs now had the ability to install applications as managed for macOS 11 without using VPP.
1
0
584
Nov ’20
iOS 14.2 device throws errors for Encrypted DNS Payload
We are seeing errors on the IOS 14.2 device when pushing an Encrypted DNS Payload. Specifically Enable Demand Rules: and set Network: Evaluate Connection (for both Domain Action: Never Connect & Domain Action: Connect If Needed options) The error is <?xml version="1.0" encoding="UTF-8"?> ... <plist version="1.0"> <array> <dict> <key>ErrorCode</key> <integer>4001</integer> <key>ErrorDomain</key> <string>MCInstallationErrorDomain</string> <key>LocalizedDescription</key> <string>Profile Installation Failed</string> <key>USEnglishDescription</key> <string>Profile Installation Failed</string> </dict> <dict> <key>ErrorCode</key> <integer>4001</integer> <key>ErrorDomain</key> <string>MCInstallationErrorDomain</string> <key>LocalizedDescription</key> <string>Profile Failed to Install</string> <key>USEnglishDescription</key> <string>Profile Failed to Install</string> </dict> <dict> <key>ErrorCode</key> <integer>1009</integer> <key>ErrorDomain</key> <string>MCProfileErrorDomain</string> <key>LocalizedDescription</key> <string>The profile "h1dns" could not be installed.</string> <key>USEnglishDescription</key> <string>The profile "h1dns" could not be installed.</string> </dict> <dict> <key>ErrorCode</key> <integer>57000</integer> <key>ErrorDomain</key> <string>MCDNSSettingsErrorDomain</string> <key>LocalizedDescription</key> <string>The DNS settings service encountered an internal error.</string> <key>USEnglishDescription</key> <string>The DNS settings service encountered an internal error.</string> </dict> </array> </plist> The plist that we are sending is <?xml version="1.0" encoding="UTF-8"> <!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"..."> <plist version="1.0"> <array> <dict> <key>DNSSettings</key> <dict> <key>DNSProtocol</key> <string>HTTPS</string> <key>ServerAddresses</key> <array> <string>1.1.1.1</string> </array> <key>ServerURL</key> <string><Somehost/dns-query</string> </dict> <key>OnDemandRules</key> <array> <dict> <key>Action</key> <string>EvaluateConnection</string> <key>ActionParameters</key> <dict> <key>DomainAction</key> <string>NeverConnect</string> <key>Domains</key> <array> <string>news.google.com</string> </array> </dict> <key>InterfaceTypeMatch</key> <string>Ethernet</string> </dict> <dict> <key>Action</key> <string>EvaluateConnection</string> <key>ActionParameters</key> <dict> <key>DomainAction</key> <string>ConnectIfNeeded</string> <key>Domains</key> <array> <string>mail.yahoo.com</string> </array> </dict> <key>InterfaceTypeMatch</key> <string>WiFi</string> </dict> </array> <key>ProhibitDisablement</key> <false/> <key>PayloadDescription</key> <string>The payload for configuring encrypted DNS settings.</string> <key>PayloadDisplayName</key> <string>DNS_ENCRYPTED</string> <key>PayloadIdentifier</key> <string>mi.dnssettings.44011.0</string> <key>PayloadOrganization</key> <string>com.mobileiron</string> <key>PayloadType</key> <string>com.apple.dnsSettings.managed</string> <key>PayloadUUID</key> <string>3173360096376915336</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> </plist>
2
0
952
Nov ’20
Can multiple DNS Encryption payloads be sent to a shared IPad device?
The current docs for https://developer.apple.com/documentation/devicemanagement/dnssettings state that the encrypted DNS setting is supported on the device channel for shared IPad Device Channel iOS, macOS, Shared iPad but under Allow Multiple Payloads iOS, macOS shared IPad is not listed. BUT if you go to the Shared IPad Payload list https://support.apple.com/en-gb/guide/mdm/mdm05daf6e79/web DNS Settings is listed as device, combined, and multiple. Device Combined Multiple Which doc is correct?
1
0
303
Oct ’20
Single Sign On Extension Payload is not valid for the user channel on macOS 10.15 devices
We are seeing ... <dict> <key>CommandUUID</key> <string>43abc5e2-60a8-4fef-8375-0c3bc530573b</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>1</integer> <key>ErrorDomain</key> <string>SingleSignOn</string> <key>LocalizedDescription</key> <string>The profile is a user profile but contains a “Single Sign On Extension” payload which is only valid in device profiles.</string> </dict> </array> <key>NotOnConsole</key> <false/> <key>Status</key> <string>Error</string> <key>UDID</key> <string>3297AA46-0711-5788-8161-FB41629845AF</string> ... pushing a Single Sign On Extension Payload on the user channel for macOS 10.15 devices. The same payload works on the user channel works for macOS 11. We have created a Feedback ticket https://feedbackassistant.apple.com/feedback/8799075
1
0
334
Oct ’20
Why is the default value for PromptUserToAllowBootstrapTokenForAuthentication false?
Per the https://developer.apple.com/documentation/devicemanagement/settingscommand/command/settings/mdmoptions/mdmoptions?changes=latest_minor SettingsCommand.Command.Settings.MDMOptions.MDMOptions the PromptUserToAllowBootstrapTokenForAuthentication default value is false. Can you elaborate why the default value is false? From our testing on macOS 11 it would appear when the value is false, only the primary account is able to logon to the device because only the primary account can decrypt the encrypted volume. Any optional admin accounts that are created are unable to decrypt the value so consequently the optional admin account cannot logon. This seems like a big change in macOS 11 that should be called out. We also noticed that any local users that were created while logged in as the primary account appear to inherit some permission that allows these local users to decrypt the volume and login.
0
0
429
Sep ’20
Setting SettingsCommand.Command.Settings.TimeZone is not changing the TimeZone on the device
When sending the setting to change the time zone, the plist is Acknowledged, but the device is not changing. I tried setting the following values: America/Moncton America/New_York Europe/Dublin Europe/London In all cases the plist was acknowledged. These are values are part of the IANA timezone database. There are two issues: When "Set Automatically" is enabled on the Date & Time settings screen, the TimeZone is not displayed and there is just a spinning icon. When "Set Automatically" is disabled on the Date & Time settings screen, the Timezone displays but as the original timezone of the device, not of the time zone sent to the device through the SettingsCommand. The device has the following: Software Version: 14.0 (18A5301v) Model Name: iPhone Xs Model Number: A1920 What is the desired outcome from setting the timezone? I had expected to see the timezone change on the device and the current time to match the time zone that was set. Is this not yet functional? Also, if I send a bogus timezone, it is still acknowledged. I would have expected it to get rejected. Will it reject invalid timezones?
1
0
467
Sep ’20
What is the purpose of the tri-state BootstrapTokenAllowedForAuthentication value?
What is the purpose of the tri-state BootstrapTokenAllowedForAuthentication value in the SecurityInfo response? allowed, disallowed, not supported are the possible values https://developer.apple.com/documentation/devicemanagement/securityinforesponse/securityinfo?changes=latest_beta During WWDC2020 and when the key was a boolean it seem to be that the key was to indicate if a bootstrap token existed on the device, but that doesn't seem to be the case now with the allowed, disallowed, not supported values.
1
0
484
Aug ’20
What is Items suppose to control in the InstalledApplicationListCommand
What is Items suppose to control in the InstalledApplicationListCommand? Items [string] Possible values: AdHocCodeSigned, AppStoreVendable, BetaApp, BundleSize, DeviceBasedVPP, DynamicSize, ExternalVersionIdentifier, HasUpdateAvailable, Identifier, Installing, IsValidated, Name, ShortVersion, Version The results are the same response https://developer.apple.com/documentation/devicemanagement/installedapplicationlistresponse/installedapplicationlistitem regardless of what strings in included in the Items string of the request.
1
0
460
Aug ’20