The MAC device is a device that has been manually added to the Apple Business Manager.
DEP profiles are normally installed in both iOS and iPadOS.
Profile descript error occurs only when attempting DEP of MacOS.
(If you look at the picture, a decryption error occurs in the remote device registration step.)
I asked Apple's customer center about this problem,
and it is said that it is caused by the lack of a key called "automatic registration on the MDM server"
The key cannot be found in the Apple official document related to the profile below.
https://developer.apple.com/documentation/devicemanagement/mdm/
Information received during DEP enroll of Macmini using Apple silicon.
{
'LANGUAGE': 'en_US',
'PRODUCT': 'Macmini 9,1',
'SERIAL': 'CXXXXXXXXXXV',
'UDID': '0XXXXX27-XXXX-XXXX-XXXX-XZXXXXXXXXX',
'VERSION': '21C52'
}
Information received during DEP enroll of iPAD
{
'LANGUAGE': 'en_US',
'PRODUCT': 'iPad5,4',
'SERIAL': 'DXXXXXXXXXXQ',
'UDID': '9aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX6d',
'VERSION': '19C63'
}
Profile to be transmitted to the device (same as MacOS, iOS, IPadOS)
{
'AccessRights': 8191,
'CheckInURL': 'https://apm.xxxxx.com/checkin',
'CheckOutWhenRemoved': True,
'IdentityCertificateUUID': '00000000-0000-0000-0000-000000000000',
'PayloadDescription': 'MDM Profile',
'PayloadDisplayName': 'MDM',
'PayloadIdentifier': 'com.xxxxx.xxxxxxx.mdm',
'PayloadOrganization': 'MDM provider',
'PayloadType': 'com.apple.mdm',
'PayloadUUID': '00000000-0000-0000-0000-000000000000',
'PayloadVersion': 1,
'PromptUserToAllowBootstrapTokenForAuthentication': True,
'ServerCapabilities': ['com.apple.mdm.per-user-connections','com.apple.mdm.bootstraptoken'],
'ServerURL': 'https://apm.xxxxx.com/server',
'SignMessage': False,
'Topic': 'com.apple.mgmt.External.206bfa63-f76a-4381-9e50-6f74241d14d9'
}
Because it uses the same profile structure, it is not understood that iOS/iPadOS operates normally and errors occur only in MacOS.
If there is anything that can help me, please let me know.
Thank you.
Post not yet marked as solved
MacOS ver. Monterey 12.1
https://developer.apple.com/documentation/devicemanagement/mdm
A device management profile is transmitted to the device with reference to the above link.
Both iOS and iPadOS devices operate normally in general enroll and DEP enroll.
In MacOS, Enroll operates normally in Userchannels.
This time, I purchased a MacMini device equipped with Apple Silicon and tried to test DEP registration, but an error occurs as follows.
"unable to decrypt encrypted profile"
Should Mac's DEP registration use a different payload profile method?
Let me know if you know something to refer to.
thank you.
Post not yet marked as solved
"[2022/11/22 14:18:51] I #send_push_by_MDMNotificationERRor - nowstr:An exception occurred: EOF occurred in violation of protocol (_ssl.c:581)"
The above error occurs when sending MDM notification.
Has the security level of the communication protocol of the Apple mdm server been changed?
We have no changes.
This error occurred from 2022-11-22.
Please reply.
Thank you.
Post not yet marked as solved
Hello Developer Forums!
How long can mdm commands such as 'EraseDevice' and 'ClearPasscode' be kept if the device is offline?
Is there a period of time that I can receive the command when the device comes back online?
Please answer if you know.
Thank you.
Post not yet marked as solved
When sending a profile to a devices
"https://developer.apple.com/documentation/devicemanagement/defineprofileresponse/devices"
According to the above document, "DefineProfileResponse.devices" return value is string type.
string - A device serial number.
This time, there were cases where remote management program registration failed on many new DEP devices.
(After setting the wifi on the iPad, the DEP registration screen does not appear and proceeds to normal activation.)
Looking at the response value while investigating the above case,
"devices":{"FXXXXXXXXXXXD":"FAILED","MXXXXXXXXX":"FAILED","FXXXXXXXXXD":"FAILED"}
It was returned in the form of an object, not a string, and contains the FAILED key value.
The device that successfully registered DEP is:
"devices:{"FXXXXXXXXXXXL":"SUCCESS":DXXXXXXXXXXXQ":"SUCCESS"}
received with SUCCESS key
I don't know if the specifications of the API have changed. Also, if you know the meaning of FAILED and SUCCESS, please help me.
Please reply.
Thank you.
Post not yet marked as solved
If we send a command to install the VPP, we've got an error ASDErrorDomain:507 (Account does not own requested app).
There is no difference in the app's metadata, but it occurs intermittently.
This errors do not occur in iOS/iPadOS, but only in MacOS.
Did anyone observe that issue?
Post not yet marked as solved
The following errors occur when sending the Remove Profile command from MacOs Big Sur, Monterey.
If I look at the profile list installed at the terminal window, it will be confirmed by that identifier name.
<key>ErrorCode</key>
<integer>89</integer>
<key>ErrorDomain</key>
<string>MDMClientError</string>
<key>LocalizedDescription</key>
<string>Profile with identifier 'identifier name' not found. <MDMClientError:89></string>
Is it an Apple mdm error?
There are many same errors in other companies' MDM solutions.
Did anyone observe that issue?
Post not yet marked as solved
I am manually Adding a Macmini with Apple silicon to "Apple Business Manager" using "Apple Configurator".
MacOS version is Monterey 12.1
I referred to the link below. (How to make DEP device)
https://support.apple.com/en-au/guide/apple-configurator/welcome/ios
The following error message occurs when registering for remote device management after setting up Wi-Fi.
"unable to decrypt encrypted profile"
It is a profile that applies normally to IOS and IPad devices.
What is the problem?
Is mac different from Ipad, iphone in terms of profile(payload) encryption?
Mac devices are also normally enrolled with User-Channel
It is a problem that occurs only in devices that maked normal device to DEP devices.
No related information can be found in Apple's MDM specification.
If you know the information on this issue, I will wait for your answer.
Post not yet marked as solved
I registered MacOS 12.0.1 to my MDM server and installed MDM profiles successfully
and when I send a lock command to the device it is not locking the device .
The error message is as follows.
(iOS, iPadOS devices operate normally.)
CommandUUID
"CommandUUID"
ErrorChain
ErrorCode
71
ErrorDomain
MDMClientError
LocalizedDescription
Command received for: <User: 501>; but restricted to: MDMClientError:71
NotOnConsole
Status
Error
UDID
"UDID"
UserID
"UserID"
UserLongName
mdmremote
UserShortName
mdmremote
I would appreciate it if you could let me know what to refer to.
Post not yet marked as solved
When registering a device in a mobile device management (MDM) solution, it is registered as a user channel/device channel.
To enroll "MacOS device" in the Device Channel way,
Is it possible only if the DEP terminal or CPU is Apple silicon?
Did anyone observe that issue?
Post not yet marked as solved
We are developing an MDM system for MacOS.
Some protocols (e.g., DeviceLock) only operate in device channels.
Does a device channel mean enroll with DEP?
Can't I just install the profile?
If I send 'Devicelock' command after installing the profile, I will get an error that you sent it to the user channel.
Can you provide information to refer to?
It is an issue that did not occur in IOS.
Please reply.
DaveKoh.