Known Issue: Installing iOS MDM profile after upgrading Core to v9.1
Issue:
After upgrading Core to version 9.1 new iOS enrolments fail when trying to install the MDM Profile.
To troubleshoot:
-
Checked to see that the MDM, iOS enrolment certificates were valid.
-
We were able to telnet from the core via 2195 and 2196
-
The whole path of upgrade is 8.0.0.0>8.0.0.2>8.5.0.0->9.1.0
-
We see the following error in Audit logs - SCEP Name: ’ System - iOS Enrollment SCEP’, Consumer Name: ’ System - iOS Enrollment SCEP’,
-
Checked to see that the System - iOS Enrollment SCEP was having Centralized - User Based certificate which was different than that of the default setting of Decentralized - Device based certificate.
-
Since this setting is locked to be edited by default, we created an Admin user with API roles and executed the following command to unlock the setting - curl -k -sS -u v-username:password -H “Content-Type: application/json” -XDELETE ‘https://mdmurl/api/v2/configuration/system/lock’
-
After this we modified the SCEP to Decentralized - Device based certificate and saved it.
-
We were able to register the device successfully then.
-
Locked the SCEP with the command - curl -k -sS -u v-username:password -H “Content-Type: application/json” -XPUT ‘https://mdmurl/api/v2/configuration/system/lock’
Please note MobileIron Support are not sure what upgrade path causes this issue but believe this is only a problem with Core v9.1, make sure you take a full tech log/db backup before upgrading just in case this issue occurs (this can then be sent to MobileIron to help them identify the fault and fix in future core versions. If you encounter this issue please log a case with MobileIron and provide the above detail for resolution.