Profile installation failed. Could not authenticate to the MDM server. The credentials within the enrollment profile may have expired

2 users found this article helpful

Applies to:
- Parallels Device Management
Last Review: Mar 8, 2021
Available Translations:
Get updates Download

Symptoms

MDM profile can't be installed with error Profile installation failed. Could not authenticate to the MDM server. The credentials within the enrollment profile may have expired:

pma_agent.log has entry [MdmEnroller] /MacAgentUtils <...> Error: Timed out

IIS logs show that requests for the profile failed with error 403 16:

Cause

IIS denies connections if there any non-self-signed certificates in Trusted Root Certification Authorities Store: https://support.microsoft.com/en-us/topic/lync-server-2013-front-end-service-cannot-start-in-windows-server-2012-63373fac-9d7e-9790-64e3-5ae07ed177fd

Resolution

You may use this PowerShell script to determine the certificates causing the issue:

Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject}

Please move all certificates shown by the script to any other store like Intermediate Certification Authorities in certlm.msc

Was this article helpful?

Tell us how we can improve it.