search

Intune profile Installation Failed the SCEP server returned an invalid response

1 Jahrs vor
Kommentare: 0
Ansichten: 177

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Show

Question:

Question: Profile Installation Failed - The SCEP server returned an invalid response

Hi all, I need a little help please.

I had devices enrolled on profile manager with a profile installed. However I did a dumb move and deleted the profiles manually via settings. Once the profiles where removed I then tried to apply the same profile via our MDM server thinking I didn't have to remove the devices in the profile manager first. Now after the blueprint and profiles are loaded onto the devices via the MDM, I try to enroll them and get "Profile Installation Failed - The SCEP server returned an invalid response". I know this has something to do with not removing the devices via profile manager first. I think the profile manager still thinks the devices are managed. Just wondering if there's a work around for this so I can get the devices managed again.

Hope this made sense 🙂

Thanks in advance for you time and help!

Russ

Posted on Apr 5, 2017 9:39 AM

User profile for user: Rustypeepers

Question: Profile Installation Failed - The SCEP server returned an invalid response

Description:

When attempting to install a Profile on an iOS device the process fails while attempting to enroll the certificate with the message "The SCEP Server returned an invalid response."

Solution:

CAUSE:

The Certification Authority (CA) used for web enrollment is not properly configured.
If the "Maximum query string" size for the CertSrv virtual directories Request Filtering is to small this message will occur.

SOLUTION:

On the CA Server open Internet Information Services (IIS) Manager,
click on the CertSrv virtual directory
Double click the Request Filtering icon in the IIS section in the center pane.
Click "Edit Feature Settings" in the right pane.
Change the value of the "Maximum query string" to 65536 .
Stop and restart IIS.
If the CA MDM Relay Server is being used to proxy the connections to the CA Server you must also set the above setting on the Relay Server virtual directory in IIS on the Relay Server system.
On the CA MDM Relay Server system open Internet Information Services (IIS) Manager, click on the ias_relay_server virtual directory (assumes the default name is being used for the virtual directory)
Double click the Request Filtering icon in the IIS section in the center pane.
Click "Edit Feature Settings" in the right pane.
Change the value of the "Maximum query string" to 65536 .
Stop the Relay Server service (or just rshost.exe if not installed as a windows service).
Stop and restart IIS on the Relay Server.
Stop and restart IIS on the CA Server
Stop and Restart the Active Directory Certificate Service on the CA Server.

MORE INFORMATION:

By default, IIS 7/7.5 security is too restrictive to permit these Apple devices to enroll via SCEP.
With the out-of-the-box settings enrollment
will fail with the following error in the Application event log:
Log Name: Application
Source: Microsoft-Windows-NetworkDeviceEnrollmentService
Date: {DATE}
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: {COMPUTERNAME}
Description:
The Network Device Enrollment Service received an http message without the
"Operation" tag, or with an invalid "Operation" tag.
The IIS logs will show the following line when the iPad device attempts to send its certificate enrollment to the NDES server:

2010-11-04 12:43:38 xx.xx.xx.xx GET /certsrv/mscep/mscep.dll operation=PKIOperation&message=MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJGSIb3DQEHAaCAJIAEggSTMIAG%0 . . . {Shortened for the blog} . . .

EMPlcwhmd8c1XAAAAAAAAA%3D%3D%0A 80 - 10.188.117.101 Settings/1.0+CFNetwork/467.12+Darwin/10.3.1 404 15 0 812

This is a 404.15 (Request Filtering: Denied because query string too long) error and it means that the amount of data being sent in the HTTP URL is larger than what is allowed by default. In the scenario above, the iPad was sending a string over 2700 characters, but the default size allowed by the request filtering is 1024. This is so in order to mitigate against buffer overrun attacks.

To change the value you will use the following IIS appcmd.exe command:
%systemroot%\system32\inetsrv\appcmd.exe set config /section:system.webServer/security/requestFiltering /requestLimits.maxQueryString:"65536" /commit:apphost

Symptom

The iOS enrollment fails with the iOS device reporting the following error message:

"Profile Installation Failed

The SCEP server returned an invalid response."

Read more...

Environment

SAP Afaria 7

Product

SAP Afaria 7.0

Keywords

KBA , MOB-AFA , Afaria , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.

How do I fix SCEP server returned an invalid response?

The SCEP server returned an invalid response." During XenMobile DEP Enrollment..
Check if the MDM SSL certificate is publicly trusted by iOS. ... .
Full wipe the iOS device or try another unopened iOS DEP device out of box..
Check if a non-DEP iOS enrollment works on the same WiFi network..

What does it mean when the SCEP server returned an invalid response?

What does the error mean? This error can occur when a SCEP (Simple Certificate Enrollment Protocol) connection is interrupted when DEP enrolling.

What does Profile installation failed mean?

A connection to the server could not be established." This problem can happen if an older version of Norton Family profile is installed on your device. To fix this problem, remove and reinstall the Norton Family profile on your iOS device.

How do I setup a SCEP server?

Windows ( SCEP server).
Configure IP address and hostname..
Install Windows Certificate Services..
Manage the SCEP server..
Configure the IP address and HTTPS server..
Import the SCEP server CA certificate..
Create a new key pair and submit the request to the server..

intune profile installation failed scep server returned invalid response

zusammenhängende Posts

Airwatch Profile installation failed A connection to the server could not be established
Airwatch Profile installation failed A connection to the server could not be established

GPG key retrieval failed: (Errno 14 curl 60 the certificate issuers Certificate has expired)
GPG key retrieval failed: (Errno 14 curl 60 the certificate issuers Certificate has expired)

1628 skript basierte installation konnte nicht abgeschlossen werden windows 10
1628 skript basierte installation konnte nicht abgeschlossen werden windows 10

DirectX function GetDeviceRemovedReason failed with DXGI_ERROR_DEVICE_HUNG FIFA 22
DirectX function GetDeviceRemovedReason failed with DXGI_ERROR_DEVICE_HUNG FIFA 22

Battlefield 1 DirectX function GetDeviceRemovedReason failed with DXGI_ERROR_DEVICE_HUNG
Battlefield 1 DirectX function GetDeviceRemovedReason failed with DXGI_ERROR_DEVICE_HUNG

Microsoft office 2010 cannot verify the license for this application. a repair attempt failed
Microsoft office 2010 cannot verify the license for this application. a repair attempt failed

Another Java installation is in progress you must complete that installation before
Another Java installation is in progress you must complete that installation before

Error 1500 Another installation is in progress you must complete that installation before continuing
Error 1500 Another installation is in progress you must complete that installation before continuing

Live server Failed to load resource: the server responded with a status of 404 (Not Found)
Live server Failed to load resource: the server responded with a status of 404 (Not Found)

Failed to load resource: the server responded with a status of 404 (not found web api)
Failed to load resource: the server responded with a status of 404 (not found web api)

Werbung

NEUESTEN NACHRICHTEN

Kann man nur schwanger werden wenn man den eisprung hat
1 Jahrs vor . durch AmpleBonus
Was kostet windows 10 nach einem jahr
1 Jahrs vor . durch Anti-SovietCompleteness
Was passiert wenn ein Elektron aus der Hülle entfernt wird?
1 Jahrs vor . durch DefiniteConflagration
What is the relationship between unethical politicking and impression management quizlet?
1 Jahrs vor . durch HiddenSloth
For a person to be recognized as having a high degree of political skill, he or she must have the
1 Jahrs vor . durch IncipientMonument
Was bedeuted o7
1 Jahrs vor . durch UninformedMurderer
Wie erstelle ich einen Broadcast WhatsApp?
1 Jahrs vor . durch StructuredCriminality
Führerschein C1 171 Was darf ich fahren
1 Jahrs vor . durch DazedPlaying
Rezept rote beete carpaccio mit ziegenkäse
1 Jahrs vor . durch NastyStairway
When delivering a speech you should display visual aids only when discussing them?
1 Jahrs vor . durch TaxingUniversity

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjakoptzhhiittr
Urheberrechte © © 2024 paraquee Inc.