Apple have released beta 1 for iOS 12.3, the .3 release is generally a release that contains new management functionality.
Currently there is no documentation around new functionality from Apple, this topic will be updated once more information is available.
Do you have any updates about MDM features in 12.3?
Release date was announced? I cannot find it.
iOS 12.3 is up to beta 3 now but does not look like there are any enterprise that have been built into iOS 12.3 as of yet
iOS 12.3 has been released today. Looks like there is no enterprise content this time in a .3 release
Resolved Issues in iOS 12.3
- Fixed a problem that could cause the Phone app to stop responding.
- Using Apple Configurator to "Erase All Content & Settings" works more reliably.
- Users can send MMS messages when a Global Proxy is configured.
- The Schoolwork app works more reliably on Shared iPad.
- The ScheduleOSUpdate command works more reliably on devices that are locked with a passcode.
Hello
We see some errors today when trying to install a profile.
Domain : MCInstallationErrorDomain
Code : 4001
Type : MCFatalError
US Sugg: The UUID for the profile “Application Management Profile” is not unique.
If they refere to PayloadUUID it is always different. Do you see the same issue?
There seems to be one change in the configuration profile reference docs.
Removed allowSiriServerLogging from the Restrictions PayloadIn my opinion the error comes exactly because there’s already a payload with that PayloadUUID installed. Did you try removing this profile and reinstalling it?
Yes. I even reset the iphone and I have the same issue.
It happens if the profile fail to install once. It seems the phone never erase the profile completely. When you try to reinstall it you will see a message The UUID for the profile “Application Management Profile” is not unique.
I had to completely wipe the device (erase settings and data) to be able to enroll again and don’t see the message.
This is a pain.
I see. Do you not generate a new PayloadUUID on every profile install operation? I think it should be unique per installation operation and not just per profile.
We do generate a unique PayloadUUID. I am wondering if Apple does properly cleaning the failing profile.
When we install the profile, at the last step of install we see a system pop-up saying “Couldn’t communicate with a helper application”. We close the setting window by swapping. We are then able to install applications and list managed applications even if their not profile listed in iOS settings.
First we are not able to understand “Couldn’t communicate with a helper application”, second it seems their is a dirty profile that we cannot see and delete in iOS settings.
Errors we see in console log when doing the install of the profile:
default 14:59:46.784522 +0200 Preferences Install profile data, interactive error. Error: NSError:
Desc : Couldn’t communicate with a helper application.
Sugg : Try your operation again. If that fails, quit and relaunch the application and try again.
Domain : NSCocoaErrorDomain
Code : 4097
Extra info:
{
NSDebugDescription = "connection to service named com.apple.managedconfiguration.profiled";
}
Then something that is probalby related.
default 14:59:46.789071 +0200 profiled *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSDictionaryM setObject:forKey:]: object cannot be nil (key: CertSubject)'
*** First throw call stack:
(0x1a047127c 0x19f64b9f8 0x1a03eace8 0x1a035fb18 0x1a33cd6a4 0x1a33f0954 0x1a33bc6d8 0x1a3429fc0 0x1a3429f64 0x1009db2fc 0x1009deca4 0x100973ac8 0x19feb0a38 0x19feb17d4 0x19fe5a450 0x19fe5ae3c 0x19fe634a8 0x1a0091114 0x1a0093cd4)
What is the content/purpose of this profile?
Is it management, configuration or provisioning?
They are configuration profiles (PayloadType = Configuration) to install an app then MDM.
I opened a bug report on Apple
Thanks for your help.
Not sure what you mean by configuration profiles to install an app?
Afaik remote application installs require InstallApplication command issued to them there is no reference in configuration profile for app installation. InstallApplication directs the device to either pull an app from App Store or download a Manifest file (https://help.apple.com/deployment/ios/#/apda0e3426d7) that has instructions on the app installation (in-house apps).
If you’re devices are MDM enrolled you can issue commands “ProfileList” and “ProvisioningProfileList” to retrieve a list of profiles installed and their UUID’s
How are you installing the profiles (via a webserver/apple configurator)? Which MDM solution are you using?
That payload was only released in iOS 12.2 wonder why it was removed so soon
Sorry I was not clear. It is just a configuration then after app are pushed via InstallApplication command.
You are completely correct for InstallApplication this is what we do.
Good idea for the “ProfileList” and “ProvisioningProfileList”.
I am working for Appaloosa and we are installing profiles via webserver.
Something has been changed in iOS 12.3 and also iOS 12.4 and documentation hasn’t been modified.
The subject in SCEP payload is now mandatory (from https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf).
If it is not present:
default 14:59:46.789071 +0200 profiled *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSDictionaryM setObject:forKey:]: object cannot be nil (key: CertSubject)'
*** First throw call stack:
(0x1a047127c 0x19f64b9f8 0x1a03eace8 0x1a035fb18 0x1a33cd6a4 0x1a33f0954 0x1a33bc6d8 0x1a3429fc0 0x1a3429f64 0x1009db2fc 0x1009deca4 0x100973ac8 0x19feb0a38 0x19feb17d4 0x19fe5a450 0x19fe5ae3c 0x19fe634a8 0x1a0091114 0x1a0093cd4)
And you phone raise a popup “Couldn’t communicate with a helper application”
You can try installing MDM diagnostics profile and collecting diagnostics data to see if you can get better detailed information about the error
https://developer.apple.com/bug-reporting/profiles-and-logs/?platform=ios
