Update Expired iOS MDM Profile

Question

Update Expired iOS MDM Profile

So, I configured the SCEP server to create an iOS authentication certificate, which is valid only for a short time. When it expires, the profile says: "This profile has expired. Update this profile for a newer version" and represents the "Update profile" button.

However, pressing this button simply tells me: “The profile cannot be updated. Contact your network administrator.” No attempt is made to contact the MDM service or the SCEP service, and no signs of MDM activity or errors are displayed in the log.

Starting up the device again works fine, so I don't suspect that calling the network administrator is actually a solution. So how do you update an outdated MDM profile?

+3

ios mdm

Mikkel løkke Jan 16 '13 at 10:03

source share

2 answers

, iOS 6.1.3, iOS 7 . 14 , MDM . " ", Apple , "". iOS 7 , . iOS 6.1.3 " . , ", - .

?

,

+1

Ratko Stibric 19 . '13 19:00

Victor Ronin · Accepted Answer · 2013-01-17T17:50:15+0000

I worked with MDM over a year ago. Therefore, I may be mistaken in some details.

Here is what I remember:

a) The device makes two SCEP calls for OTA MDM.

Look at this chart

The first SCEP call is made as part of the OTA certificate registration (step 2 in the diagram)

And the second SCEP call is made when the OTA delivers the MDM and SCEP payload profile (like phase 3 in the diagram).

One thing that is not obvious from your question, which from iOS identifies the certificate, is short life.

b) If your MDM identity has expired, you will stop receiving all MDM commands.

c) If you have lost the OTA ID, you will not be able to update any configurations that you have installed over the air (for example, MDM).

Apple Enterprise Developer, MDM. , OTA MDM, , .

, , OTA + MDM , ( , ).

BTW. , , ( - ).

, - , :

Update Expired iOS MDM Profile

More articles: