Hi;

i install SCCM 2012 SP1 on my system and working no problem. But my problem is Mac Client.

i install the mac client agent in macclient.dmg flie which is downloaded from Microsoft Download Center. and then i tried to steps which is writing in thecnet site. http://technet.microsoft.com/en-us/library/jj591553.aspx . but when i to sudo ./CMEnroll -s <enrollment_proxy_server_name> -ignorecertchainvalidation -u <'user name'> [-p <password>] command it gave me error.

the error is :

Server connection failed. HTTP responce code is 500 and reason is Internal Server.

bytheway i installed and configured my MP,DP and Enrollment point like writing in technet site...

and my EnrollmentService.Log is:

[7, PID:6932][01/17/2013 15:02:55] :WindowsIdentity is created for domain: domain user: sccm2007user
[7, PID:6932][01/17/2013 15:02:55] :validated user credentials
[7, PID:6932][01/17/2013 15:02:55] :Handling RequestSecurityToken
[7, PID:6932][01/17/2013 15:02:55] :claim identity name: DOMAIN\SCCM2007User
[7, PID:6932][01/17/2013 15:02:55] :EnrollmentServiceProfile: GetDBCAs retrieved Template information: 
[7, PID:6932][01/17/2013 15:02:55] :Template: ConfigMgrMacClientCertificate
[7, PID:6932][01/17/2013 15:02:55] :CA: System.Collections.Generic.List`1[System.String]
[7, PID:6932][01/17/2013 15:02:55] :The CA eca3401.domain.entp.tgc is in forest entp.tgc
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: RefreshCache: Enrollment Profile 16777217 requires update
[7, PID:6932][01/17/2013 15:02:55] :Impersonating caller: DOMAIN\SCCM2007User
[7, PID:6932][01/17/2013 15:02:55] :Revert back to self: NT AUTHORITY\NETWORK SERVICE
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: Sending CA Success Status - ENROLLSRVMSG_CA_SUCCESS
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: CA Chains count: 2
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: Subject name: CN=DOMAIN Enterprise CA 1, DC=domain, DC=entp, DC=tgc
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: Issuer Name: CN=domain Root CA
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: CA Chains 2 thumprint: EBEB8D4C7D095A21131B3E52CB67F0DE798B2F59
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: Subject name: CN=Domain Root CA
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: Issuer Name: CN=Domain Root CA
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: CA Chains 1 thumprint: CAF1C7E2F475F749BB7A0754F3FA0D4455D56B50
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: Got root CA hash: CAF1C7E2F475F749BB7A0754F3FA0D4455D56B50
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: Got CA chain hash: EBEB8D4C7D095A21131B3E52CB67F0DE798B2F59
[7, PID:6932][01/17/2013 15:02:55] :ConfigManager: CAStoreXML:
                    <characteristic type="CA">
                        <characteristic type="System">
                           
            <characteristic type="EBEB8D4C7D095A21131B3E52CB67F0DE798B2F59">
                <parm name="EncodedCertificate" value="MIIFuzCCBKOgAwIBAgIKYQsvVwAAAAAACzANBgkqhkiG9w0BAQUFADAbMRkwFwYDVQQDExBUdXJrY2VsbCBSb290IENBMB4XDTA0MDEwNzA5MjE1NVoXDTE0MDEwNzA5MzE1NVowaDETMBEGCgmSJomT8ixkARkWA3RnYzEUMBIGCgmSJomT8ixkARkWBGVudHAxGDAWBgoJkiaJk/IsZAEZFgh0dXJrY2VsbDEhMB8GA1UEAxMYVHVya2NlbGwgRW50ZXJwcmlzZSBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3j7o+fkl1mvnGj5FHc7fUs4cEoWtYlGq1WUMfkK9OhCtn9C6B+RfAnhL5yZOPPe7qZKY4TP7edWTJHcBLUq+kYQDZUpGCZIShcfxsBayfTJqF3UsqIhOnPgZdDBM0T3z7rieQFpwBl9eMmDCY5Mu8ERON4LGXAJCS1nKkvm2edn8cDLzNUCSEsml50cCvlU0g2H8nna8jSy42DyDIrYnHGdj1HSPuLoXcu+IJ9PrmPZOY93P0wQYYJui9JQmK6Q02TbbPD4oVqiBOTolNedRwo+lEIW0SAP2FqjX9kukXax7T7X0dGBy+E4qLiTAkw8w6kdDdLiT0BYMXZwSpyvJQIDAQABo4ICsjCCAq4wDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7tXAYpN5DepaHedxJte96OapwFIwCwYDVR0PBAQDAgGGMBAGCSsGAQQBgjcVAQQDAgEAMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMB8GA1UdIwQYMBaAFDrM1W2MUuwZjHY/1G6h6exbwhbBMIIBCQYDVR0fBIIBADCB/TCB+qCB96CB9IaBuGxkYXA6Ly8vQ049VHVya2NlbGwlMjBSb290JTIwQ0EsQ049cmNhMzQwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1lbnRwLERDPXRnYz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGN2h0dHA6Ly9jcmwudHVya2NlbGwuY29tLnRyL3BraS9UdXJrY2VsbCUyMFJvb3QlMjBDQS5jcmwwggESBggrBgEFBQcBAQSCAQQwggEAMIGwBggrBgEFBQcwAoaBo2xkYXA6Ly8vQ049VHVya2NlbGwlMjBSb290JTIwQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9ZW50cCxEQz10Z2M/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwSwYIKwYBBQUHMAKGP2h0dHA6Ly9jcmwudHVya2NlbGwuY29tLnRyL3BraS9yY2EzNDAxX1R1cmtjZWxsJTIwUm9vdCUyMENBLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAwSTnT39mEFXLIKX+JOikcNk4HmOyqg/1FgnSBa64KmRpY6mQm7Rct9ERkWFfkjybu1k+w3qJJ8ZOFTUX1jJqh5UKFg4IlfDmr54U1ZHpIG6xqnAlVuIZoqbyAicDhihV7LJIrPN9KnqnBR/tZifZ/+AmR1+NXuJp7PHYqPVaEHgSjPj/e4Fu6U8dZPGG9fwkk1SewdmCb1H90CXRtEJEDj4eocOSdGl1QOSMVYF6AJYXpXOLM1sbG0aKlHhhguMz5PenOkSWxeosStkS6tOtSYaJdgIWdg1cNHYKIbKcNc1Kr/X3jFfSQP6wyYtCf12dOilqy2ODBDAoRh/7x/eXaA==" />
            </characteristic>
           
                       </characteristic>
                   </characteristic>
[7, PID:6932][01/17/2013 15:02:55] :Impersonating caller: DOMAIN\SCCM2007User
[7, PID:6932][01/17/2013 15:02:56] :Revert back to self: NT AUTHORITY\NETWORK SERVICE
[7, PID:6932][01/17/2013 15:02:56] :EnrollmentRequestController: entering State: Start
[7, PID:6932][01/17/2013 15:02:56] :EnrollmentRequestController: exiting state: Start, Result: Succeed
[7, PID:6932][01/17/2013 15:02:56] :EnrollmentRequestController: entering State: AuthenticationApproved
[7, PID:6932][01/17/2013 15:02:56] :EnrollmentRequestController: exiting state: AuthenticationApproved, Result: Failover
[7, PID:6932][01/17/2013 15:02:56] :EnrollmentRequestController: entering State: CertNotInADAccount
[7, PID:6932][01/17/2013 15:02:56] :Impersonating caller: DOMAIN\SCCM2007User
[7, PID:6932][01/17/2013 15:02:57] :Revert back to self: NT AUTHORITY\NETWORK SERVICE
[7, PID:6932][01/17/2013 15:02:57] :CALayer: Sending CA failure status - ENROLLSRVMSG_CA_FAILURE
[7, PID:6932][01/17/2013 15:02:57] :CALayer: SubmitRequest CA: eca3401.domain.entp.tgc\Domain Enterprise CA 1 Errormessage: Error Parsing Request  Invalid algorithm specified. 0x80090008 (-2146893816) 2 ErrorCode: 2
[7, PID:6932][01/17/2013 15:02:57] :Only one CA is specified in profile. Failed to enroll with the specified CA: eca3401.domain.entp.tgc\Domain Enterprise CA 1
[7, PID:6932][01/17/2013 15:02:57] :EnrollmentRequestController: Enrollment exception Error Code:FailedToIssueCert Message: Submitting cert request and issuing cert failed
[7, PID:6932][01/17/2013 15:02:57] :Microsoft.ConfigurationManagement.Enrollment.EnrollmentServerException: Submitting cert request and issuing cert failed
   at Microsoft.ConfigurationManagement.Enrollment.CALayer.SubmitRequest(EnrollmentRequestState enrollRequest)
   at Microsoft.ConfigurationManagement.Enrollment.EnrollmentRequestController.Execute()
   at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.ProcessRequestSecurityToken(RequestSecurityTokenType request, WindowsIdentity caller, ActionEnum action)
   at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.EnrollDevice(Message messageRequest)
   at Microsoft.ConfigurationManagement.Enrollment.DeviceEnrollmentService.RequestSecurityToken(Message messageRequest)
[7, PID:6932][01/17/2013 15:02:57] :FaultCode is: CertificateRequest and reason is: Failed certificate operations FailedToIssueCert

any idea???

Any update on this?

yes. i guess problem was from my CA. Cause my CA is on Server 2003. i'll try upgrade to Windows Server 2008 R2 and try to enroll again..

I'm running into this issue and i'm using a 2003 CA. I didn't have this problem on my lab which is 2008 CA. Did you ever get it working? Did upgrading to 2008 CA fix it?

Ryan

Most likely this is due to not configuring the default client settings to support Mac client enrollment. Follow Step 7 at How to Install Clients on Mac Computers in Configuration Manager. Be advised you cannot utilize custom client settings, you MUST modify the default client settings.

I was getting the http 500 error as well when attempting enrollment, and completing the client settings changes resolved it for me.

Once you successfully configure, your Mac clients should successfully enroll!

• Proposed as answer by Troy Whittaker [ITS] Friday, February 22, 2013 8:36 PM
• Edited by Troy Whittaker [ITS] Friday, February 22, 2013 8:37 PM

I just checked what you posted and I have that configured properly on my server and still no change in behavior.

I'm about to close my case with Microsoft. The technician was able to reproduce the same error by setting up a ConfigMgr 2012 Enviornment with a 2003 CA. Their recommendation was to upgarde the CA to 2008 since Win2k3 R2 is out of "Mainstream support". For future reference if using a 2003 CA you will experience the following errors 

Enrollmentservices.log (Found on Enrollment Proxy Point Server)

CALayer: Sending CA failure status - ENROLLSRVMSG_CA_FAILURE

CALayer: SubmitRequest CA:servername\username Errormessage: Error Parsing Request Invalid algorithm specified. 0x800900008 (-21446893816) 2 ErrorCode:2

On the CA under Failed Requests

Request Status Code = Invalid Algorithm Specified Error

Request Disposition Message = Error Parsing Request

On the MAC itself

Server connection failed. HTTP Response code is 500 and reason is Internal Server ErrorComputerName



Unfortunately, I'm running a 2008 R2 CA.  :-(

Did you restart the Mac client after installing and attempting enrollment?

Yes.

By the way i solved my problem.. i installed Windows 2008 R2 subordinate CA and i got certificated from that... After that i enrolled and installed agent..

i just started testing this in my lab i see the following error; this is in my staging environment, what was the end result, if i look up on MSDN errorcode: 2, that's an indication the file is not found, but the cert is loaded.

[8, PID:4904][05/01/2013 17:18:08] :CALayer: SubmitRequest CA: s-ord1dc.s-rackspace.corp\s-rackspace-S-ORD1DC-CA Errormessage: Denied by Policy Module 2 ErrorCode: 2

[8, PID:4904][05/01/2013 17:18:08] :EnrollmentRequestController: Enrollment exception Error Code:FailedToIssueCert Message: Submitting cert request and issuing cert failed

Hi Guys,

I am working on Mac enrollment(10.7) and facing issue during enrollment. Below is the error message when we try to run the enrollment command on Mac :

Server connection failed. HTTP Response code is 500 and reason is Internal Server Error"

Below are Log info:

Enrollsrv.log : No error message is highlighted.

Enrollweb.log:No error message is highlighted.

Enrollservice.log:

[7, PID:7304][10/28/2013 16:40:03] :ConfigManager: ChainStatus error: RevocationStatusUnknown,The revocation function was unable to check revocation for the certificate.

;OfflineRevocation,The revocation function was unable to check revocation because the revocation server was offline.

   at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.SplitCACertChain(String base64cert)
   at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.setCAChain(EnrollmentServiceProfile profile, WindowsIdentity requester)
   at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.RefreshCache(Int32 enrollmentProfileId, EnrollmentRecordType type, String template, WindowsIdentity requester)
   at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.ProcessRequestSecurityToken(RequestSecurityTokenType request, WindowsIdentity caller, ActionEnum action)
   at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.EnrollDevice(Message messageRequest)
   at Microsoft.ConfigurationManagement.Enrollment.DeviceEnrollmentService.RequestSecurityToken(Message messageRequest)
[7, PID:7304][10/28/2013 16:40:03] :FaultCode is: EnrollmentServer and reason is: EnrollmentServerException InitializeFailed

[13, PID:7304][10/28/2013 17:11:01] :EnrollmentService application stop ...
[3, PID:956][10/28/2013 17:45:37] :EnrollmentService application start ...
[3, PID:956][10/28/2013 18:06:38] :EnrollmentService application stop ...
[3, PID:4700][10/28/2013 18:45:39] :EnrollmentService application start ...
[7, PID:4700][10/28/2013 19:06:40] :EnrollmentService application stop ...
[3, PID:5872][10/28/2013 19:45:42] :EnrollmentService application start ...
[13, PID:5872][10/28/2013 20:06:42] :EnrollmentService application stop ...

Can someone shed info on resolution of the above issue?

Also, is there any means by which we can troubleshoot the Mac enrollment issue step by step? Also what entries needs to be checked in all logs for successful enrollment?

Thanks

Neeraj

What CMDline you used during MAC client enrollment?

Was that "sudo .\cmenroll -s <fqdn of enrollment server> -ignorecertchainvalidation -u '<domain\username>' ?