HexCon is coming to NYC. Catch the early-bird price before the time's up! Book me a spot

Unable to push SCEP configSolved

Participant
Discussion
3 years ago

Hi, we tried to push SCEP config to our iOS devices but we are receiving some error message like “Failed to apply the action to the device. The Registration Authority’s response is invalid”. The information entered in the policy is correct. Please advise.

Replies (3)

Marked SolutionPending Review
Participant
3 years ago
Marked SolutionPending Review

@deema adding on what @zachGoodman said you should check the TLS certificate requirements. They have also added certificate validity changes, made it to have a maximum of 398 days validity – https://support.apple.com/en-us/HT211025

Marked SolutionPending Review
Hexnode Expert
3 years ago
Marked SolutionPending Review

Hello @Deema, sorry to hear you had to face the issue. The problem you are facing could be either caused by the version of the iOS on your endpoint or the certificate used to authenticate the connection.

To check if the issue is connected to the iOS version, you can test the same configuration on iOS 13 or lower devices. We are aware of an issue that occurs in iOS 14 that is related to the domain name resolution of the SCEP server. This is in line with the changes introduced in iOS 14 by Apple.

To check if the issue is connected to the certificated used to authenticate the connection, validate the minimum requirements for trusted certificates in iOS from Apple’s support page.

Regards,
Zach Goodman
Hexnode UEM

Marked SolutionPending Review
Participant
3 years ago
Marked SolutionPending Review

We also monitored the web server logs on the NDES server and didn’t even see the request come through even though it says the operation failed with the above message in the Action history logs.
Is there something additional to do which we are missing out?