search

micromdm / micromdm

Mobile Device Management server
https://micromdm.io
MIT License
2.2k stars 350 forks source link

Apply dep-profiles with error #838

Closed hiepnh0 closed 1 year ago

hiepnh0 commented 2 years ago

What version of micromdm are you using?

mdmctl version v1.9.0

What micromdm command did you run?

mdmctl apply dep-profiles -f dep-profile.json -filter='*'

What did you expect to see?

Defined DEP Profile with UUID .....

What did you see instead?

define dep profile: define profile: unexpected dep response. status=500 DEP API Error: Internal Server Error

server.json:

{
  "active": "mdmhiteknova",
  "servers": {
    "mdmhiteknova": {
      "api_token": "secret",
      "server_url": "https://testpod-NUC7i3BNH.local",
      "skip_verify": true
    }
  }
}

dep-profile.json: is output of this command: mdmctl apply dep-profiles -template

korylprince commented 2 years ago

You need to also check the MicroMDM logs to see if any additional information is available about the error.

Just to be clear, you have an active Apple Business Manager or Apple School Manager account? You've agreed to all available agreements on that account? You've set up an MDM in ABM/ASM and downloaded a DEP token? You've uploaded that token to MicroMDM?

jessepeterson commented 2 years ago

Also note that the DEP profile can be odd depending on which fields you have — Apple doesn't give great feedback if you have, say, conflicting fields in the profile. Can you share the DEP profile supplied in the mdmctl command, the contents of dep-profile.json?

hiepnh0 commented 2 years ago

@korylprince i have an ABM account. i've set up an MDM in ABM, uploaded the DEPPublicKey.pem, downloaded the DEP token(.p7m) and apply to MicroMDM. Check account: ./mdmctl get dep-account

OrgName                     OrgPhone   OrgEmail                 ServerName
My org Name               *******789    ****@*****.com        My MDM Server

@jessepeterson Here is the dep-profile.json:

{
  "profile_name": "(Required) Human readable name",
  "url": "https://mymdm.example.org/mdm/enroll",
  "allow_pairing": true,
  "auto_advance_setup": false,
  "await_device_configured": false,
  "configuration_web_url": "https://mymdm.example.org/?redirect=enroll",
  "department": "(Optional) support@example.com",
  "is_supervised": false,
  "is_multi_user": false,
  "is_mandatory": false,
  "is_mdm_removable": true,
  "language": "(Optional) en",
  "org_magic": "(Optional)",
  "region": "(Optional) US",
  "support_phone_number": "(Optional) +1 408 555 1010",
  "support_email_address": "(Optional) support@example.com",
  "anchor_certs": [],
  "supervising_host_certs": [],
  "skip_setup_items": ["AppleID", "Android"]
}

i've change the "url" value to "https://testpod-NUC7i3BNH.local" but the error still occurs

hiepnh0 commented 2 years ago

Debug logs: In micromdm terminal:

---BEGIN Request---
PUT /v1/dep/profiles HTTP/1.1
Host: testpod-NUC7i3BNH.local
Transfer-Encoding: chunked
Accept-Encoding: gzip
Authorization: Basic bWljcm9tZG06c2VjcmV0
Content-Type: application/json; charset=utf-8
User-Agent: Go-http-client/1.1

1f1
{"profile_name":"(Required) Human readable name","url":"https://mymdm.example.org/mdm/enroll","allow_pairing":true,"is_mdm_removable":true,"support_phone_number":"(Optional) +1 408 555 1010","support_email_address":"(Optional) support@example.com","org_magic":"(Optional)","skip_setup_items":["AppleID","Android"],"department":"(Optional) support@example.com","devices":null,"language":"(Optional) en","region":"(Optional) US","configuration_web_url":"https://mymdm.example.org/?redirect=enroll"}

0

---END Request---
---BEGIN Response---
HTTP/1.1 500 Internal Server Error
Connection: close
Content-Type: application/json; charset=utf-8

{
  "error": "define profile: unexpected dep response. status=500 DEP API Error: Internal Server Error"
}

---END Response---
transport=http method=PUT status=200 proto=HTTP/1.1 host=127.0.0.1 user_agent=Go-http-client/1.1 path=/v1/dep/profiles

In mdmctl terminal: $ ./mdmctl apply dep-profiles -f dep-profile.json -filter='*'

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x7891de]

goroutine 1 [running]:
main.(*applyCommand).applyDEPProfile(0xc00015bf20, {0xc0000ba150, 0x3, 0x3})
    /Users/negacctbal/Documents/Source/micromdm-goenv/src/github.com/micromdm/micromdm.origin/cmd/mdmctl/apply_dep_profile.go:101 +0x67e
main.(*applyCommand).Run(0xc00015bf20, {0xc0000ba140, 0x4, 0x4})
    /Users/negacctbal/Documents/Source/micromdm-goenv/src/github.com/micromdm/micromdm.origin/cmd/mdmctl/apply.go:78 +0x3f6
main.main()
    /Users/negacctbal/Documents/Source/micromdm-goenv/src/github.com/micromdm/micromdm.origin/cmd/mdmctl/mdmdctl.go:49 +0x358
hiepnh0 commented 2 years ago

836 I am trying to create a mdm server for iOS devices, @korylprince give this wiki page to me. The error occurs when i apply the dep profile to microMDM server.

petarov commented 2 years ago

@hiepnh0 Have you tried removing the (Required) and (Optional) strings from the profile JSON payload? "(Optional) en" would definitely be wrong for the language field. Take a look at the Apple docs.

hiepnh0 commented 2 years ago

@petarov Thanks for your support. I removed all the (Required) and (Optional) strings and it worked !

$ ./mdmctl apply dep-profiles -f dep-profile.json -filter='*'
Defined DEP Profile with UUID .....

But the issue #836 is still not resolved.

petarov commented 2 years ago

@hiepnh0 Alright. So, as mentioned in that issue, your device needs to explicitly trust your MicroMDM's self-signed certificate. You need to include the testpod- nuc7i3bnh.local public key in the anchor_certs field. How? This is already well explained in the DEP anchor certificate section. Check it out.