InstallMedia errors with Internal Error <MDMClientError:-567>

Hi MDM folks,

We're getting reports - and were able to reproduce - that installing books fails on macOS these days ; InstallMedia command errors with Internal Error MDMClientError:-567.

Steps to repro:

  1. Enroll a mac (tested with Mac Book Air M1 running macOS 12.1) to your favorite MDM
  2. login to iCloud
  3. Go to Apple School Manager (or Business), get VPP location, get a book for the location.
  4. Have a VPP (from the location) user registered, send notification to the device to have it associated (respond to notification, accept T&Cs).
  5. Use VPP API to associate a license from this location for the user created in 4. Wait 3 minutes to be sure.
  6. Run InstallMedia command with the itunes id.

Getting now:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Command</key>
    <dict>
        <key>MediaType</key>
        <string>Book</string>
        <key>RequestType</key>
        <string>InstallMedia</string>
        <key>iTunesStoreID</key>
        <integer>1055374716</integer>
    </dict>
    <key>CommandUUID</key>
    <string>41d2986d-c105-d283-5b4d-6b35a3539208</string>
</dict>
</plist>

is answered with:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>CommandUUID</key>
    <string>41d2986d-c105-d283-5b4d-6b35a3539208</string>
    <key>ErrorChain</key>
    <array>
        <dict>
            <key>ErrorCode</key>
            <integer>-567</integer>
            <key>ErrorDomain</key>
            <string>MDMClientError</string>
            <key>LocalizedDescription</key>
            <string>Internal Error &lt;MDMClientError:-567&gt;</string>
        </dict>
    </array>
    <key>NotOnConsole</key>
    <false/>
    <key>Status</key>
    <string>Error</string>
    <key>UDID</key>
    <string>682A2614-DCB7-5AC6-829B-674A101A9EDA</string>
    <key>UserID</key>
    <string>0AF0BD86-C327-472D-80EC-9BFF31633087</string>
    <key>UserLongName</key>
    <string>admin</string>
    <key>UserShortName</key>
    <string>admin</string>
</dict>
</plist>

Looking at device logs after installing ManagedClient Log profiles :

[ERROR] [ErrorChain.0] (InstallMedia) [MDMClientError:-567] Internal Error <MDMClientError:-567>>

CSSM Exception: -2147415780 CSSMERR_CSP_INVALID_KEYATTR_MASK

CSSM Exception: -2147415780 CSSMERR_CSP_INVALID_KEYATTR_MASK

cert[0]: MissingIntermediate =(leaf)[force]> 0

Trust evaluate failure: [leaf MissingIntermediate]

[501:MDMAgent:HTTPUtil:<0x3236>] >>>>> Sending HTTP request (PUT) [Error(InstallMedia):80c5de4b-9f47-eacf-1f2f-caab1ec34fe8] >>>>>

I'll try with 12.2 Beta, but sounds like something's wrong with 12.1 and book assignment. Any hint ?

Thanks (and all the best for 2022!).

Up vote post of sysedit Down vote post of sysedit
632 views
Posted by
sysedit
Reply
Add a Comment

Replies

Can you please file feedback with a sysdiagnose attached so we can take a look.

Posted by
Systems Engineer
Up vote reply of Systems Engineer Down vote reply of Systems Engineer
Add a Comment