How to get around "This device is using an outdated APNS topic and needs to be re-enrolled"

Bruce_Sayers
Here to help

How to get around "This device is using an outdated APNS topic and needs to be re-enrolled"

Push cert: non-compliant
What is this?
This device is using an outdated APNS topic and needs to be re-enrolled. Unenroll the device, and then enroll it by following the instructions on the iOS deployment page.

 

The reason I have Meraki MDM is that I can manage a remote workforce from a central location.  I don't want my users knowing how to un-enroll a device and I don't want the device to have to come back to the office on a regular basis so that Meraki will do what Meraki is meant to do.

 

Why can't devices that are part of the DEP automatically update without human intervention.

 

Can anyone advise how I can regain control of the devices without having to roll out a training program or getting all devices back into the office?

 

 

 

 

8 REPLIES 8
Bruce_Sayers
Here to help

Further information:

Each of the iPads has the option to remove the Meraki Profile disabled so the devices cannot be un-enrolled.

 

When I try to enroll them with the new details I get the message "Profile Installation Failed.  The new MDM payload does not match the old payload"

 

I do NOT want to have to wipe / reload every one of the company's iOS devices.  Any thoughts?

 

You haven't let the certificate expire by chance?  Has it been about 12 months since they were first setup?

On the 30th of March I received this message:

 

Your iOS MDM APNS certificate will expire in 29 days. Once expired, devices cannot be enrolled and Systems Manager cannot contact clients until the certificate is renewed.

 

I renewed the certificate as per the instructions.

I have uploaded the original certificate created last year and Meraki seems happy as the certificate is now valid, but expires in 22 days.

 

 

 

 

Something went wrong with the certificate renewal then.

Exactly...  Which is why I am here trying to find a solution.

 

In the certificate management section for Apple it says the certificate expires in 2019.

Was a solution to this ever found?

I think this was the problem:

"I have uploaded the original certificate created last year and Meraki seems happy as the certificate is now valid, but expires in 22 days."

 

Every year you need to renew the certificate, uploading the original or a new one would invalidate the connection between the device/MDM Platform (Meraki Systems Manager). But if you re-loaded the original and the devices still were connected, you might have got lucky...

 

See: https://documentation.meraki.com/SM/Device_Enrollment/Apple_MDM_Push_Certificate#Renewing_an_Apple_M...

 

It may possibly be a Meraki SM bug that says it is valid for an additional year after uploading the original certificate, but this would be wrong. I am unsure if the certificate itself contains an expiry date...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels