search

AppBlade / TestHub

OTA deployment of IPAs released on GitHub [WIP]
GNU General Public License v3.0
34 stars 4 forks source link

The SCEP server returned an invalid response #6

Closed chrsvl closed 7 years ago

chrsvl commented 10 years ago

Hi,

I tried to use you great code to enroll my iPhone in MDM. It works great till the POST "/scep?operation=PKIOperation", at which point the iPhone raises the error "The SCEP server returned an invalid response". I wanted to know more about that so I gave a look at the device's logs:

Aug 1 09:00:42 TheVilain Preferences[11159] : BTM: attaching to BTServer Aug 1 09:00:46 TheVilain profiled[11158] : (Note ) MC: Checking for MDM installation... Aug 1 09:00:46 TheVilain profiled[11158] : (Note ) MC: ...finished checking for MDM installation. Aug 1 09:00:54 TheVilain wifid[15] : WiFi:[428569254.463576]: WiFiLocaleManagerCheckLocale: locale has been valid since 428569213.178916, for 41.28 secs Aug 1 09:00:54 TheVilain kernel[0] : 493937.610838 wlan.A[80756] AppleBCMWLANProximityInterface::setSYNC_ENABLED(): set AWDL->OFF Aug 1 09:00:54 TheVilain kernel[0] : 493937.610908 wlan.A[80757] AppleBCMWLANProximityInterface::doSetSyncState(): Setting fAWDLOffTimer Aug 1 09:00:55 TheVilain profiled[11158] : (Note ) MC: Enrolling in OTA Profile service... Aug 1 09:00:56 TheVilain securityd[8501] : SecDbItemInsertOrReplace INSERT failed: The operation couldn’t be completed. (com.apple.utilities.sqlite3 error 19 - reset: [19] columns ctyp, issr, slnr, agrp, sync are not unique sql: INSERT INTO cert(rowid,cdat,mdat,ctyp,cenc,labl,alis,subj,issr,slnr,skid,pkhh,data,agrp,pdmn,sync,tomb,sha1)VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)) Aug 1 09:00:56 TheVilain securityd[8501] : securityd_xpc_dictionary_handler profiled[11158] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,5359E7E8,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20140801070056.363791Z,DE2E9186) Aug 1 09:00:56 TheVilain profiled[11158] : SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,5359E7E8,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20140801070056.363791Z,DE2E9186)) Aug 1 09:00:56 TheVilain profiled[11158] : (Note ) MC: Attempting to retrieve issued certificate... Aug 1 09:00:56 TheVilain profiled[11158] : (Note ) MC: Could not retrieve issued certificate: NSError: Desc : Le serveur SCEP a renvoyé une réponse non valide. US Desc: The SCEP server returned an invalid response. Domain : MCSCEPErrorDomain Code : 22013 Type : MCFatalError Aug 1 09:00:56 TheVilain profiled[11158] : (Error) MC: Cannot retrieve SCEP identity: NSError: Desc : Le serveur SCEP a renvoyé une réponse non valide. US Desc: The SCEP server returned an invalid response. Domain : MCSCEPErrorDomain Code : 22013 Type : MCFatalError Aug 1 09:00:56 TheVilain profiled[11158] : (Error) MC: Failure occurred while retrieving profile during OTA Profile Enrollment: NSError: Desc : Le serveur SCEP a renvoyé une réponse non valide. US Desc: The SCEP server returned an invalid response. Domain : MCSCEPErrorDomain Code : 22013 Type : MCFatalError Aug 1 09:00:56 TheVilain profiled[11158] : (Error) MC: Installation failed. Error: NSError: Desc : Échec d’installation du profil Sugg : Le serveur SCEP a renvoyé une réponse non valide. US Desc: Profile Installation Failed US Sugg: The SCEP server returned an invalid response. Domain : MCInstallationErrorDomain Code : 4001 Type : MCFatalError ...Underlying error: NSError: Desc : Le serveur SCEP a renvoyé une réponse non valide. US Desc: The SCEP server returned an invalid response. Domain : MCSCEPErrorDomain Code : 22013 Type : MCFatalError Extra info: { isPrimary = 1; }

For the sake of time saving, I generated my own certificates (CA, SLL and RA) thanks to http://www.perturb.org/display/754_Apache_self_signed_certificate_HOWTO.html Do you have any idea what's going on?

Thanks in advance, Chris

jeremybdk commented 10 years ago

I am also running into that same issue... Did anyone used this app to successfully enroll a phone ?

Thanks a lot,

jamesdaniels commented 10 years ago

I'll take a peak at this, probably just missing something the newer OS wants. I have working enrollment code in a another project, sorry I haven't had the time to work on this much lately.

jeremybdk commented 10 years ago

Thanks for your answer ! I followed Chris' link for the certificate so it might be the issue but not sure .... Anyway thanks for your fast answer and support ! At least your code is clear enough to understand but I can't see what's missing or what's causing the error ...

chrsvl commented 10 years ago

@jamesdaniels thanks a lot, it would really help because I'm completely stuck. I've been trying to study Apple's code on OS X Server but I cannot find the solution.

jeremybdk commented 10 years ago

Hello James, Did you had time to take a look at your code ?

Thanks a lot,

Jeremy

chrsvl commented 7 years ago

I ended up using https://github.com/micromdm/scep. Although it's written in Go, it works like a charm.