SCEP config profile worked on 2 Macs, I made an edit, now it won't install on 1 of those Macs.

rseide
Contributor

I have a SCEP Config Profile set up on our JSS which is on 9.82. I have a prod Mac and a test Mac that are identical (MacBook Pro (Retina, 15-inch, Early 2013) on 10.10.5) and only those 2 Macs are scoped to this config profile. AFAIK, both have the same policies and other configuration profiles.

The config profile installed on both Macs fine. I was able to get a valid certificate installed. I made a simple change to the config profile (I changed the parameters for the field where you can put a variable for the CN. Originally I had CN=$COMPUTERNAME but that was inserting some characters in the computer name on the cert so I removed the $ and i changed it to CN=COMPUTERNAME but that didn't work (this is a separate issue)).

On my prod Mac, I could see the change being pushed down to it on the configuration profile in Profiles in System Preferences. The profile remained installed along with the cert it received.

On my dev Mac , the configuration profile got removed along with the certificate that got installed.

Now, when I try to scope my dev Mac to that configuration profile again, it refuses to install. I keep getting an NSOSStatusErrorDomain:-25293 when it attempts to install that profile again.

I added CN=$COMPUTERNAME back to the configuration profile and my prod Mac once again received the change with no problem. But, it continues to fail on the test Mac with the same NSO error from above. I even un-scoped my test Mac and re-scoped it and it continues to fail.

I don't manage our SCEP server but I can tell you we are not running an on-prem Microsoft CA. We are getting a cert from the Gov't Printing Office (GPO). I know there's nothing wrong with the GPO cert because it successfully installed originally on my test Mac and it installed on my prod Mac.

I cannot find anything on NSOSStatusErrorDomain:-25293. I have contacted JAMF about this late this evening and I'm waiting a response.

If any of this is confusing or if you need more info, please let me know.

2 REPLIES 2

tbarney
New Contributor

rseide,

I have successfully deployed a SCEP profile to over 100 systems, but I have one that continues to fail with the same status, <NSOSStatusErrorDomain:-25293>

Were you able to find a solution ?

chrisleduc
New Contributor II

Hi Guys

Sorry*, to dig this thread out of its grave*? Did you ever manage to sort this out?
I suspect an issue with the certificate or credentials, but I can't pinpoint it.

 

*Sorry by Justin Bieber was the Billboard Top Song of the Year when this thread was created. Time flies!