Hi,
We are currently experiencing an issue with an Expired DEP certificate and we are unable to re-enrol around 250 without factory resetting every IOS Device. We have tried re-enrolling using m.meraki.com however receive an error due to the expired DEP certificate already being installed, this appears to leave us with no other option than factory resetting all the devices to get them to re-enrol with DEP.
Really looking for any way to re-enrol these devices without the need to factory reset every handset if possible, this is going to be very time consuming and will cause allot of upset with our users. Failing this then does anyone have any suggestions on how we can make this process easier.
Note: the previous certificate was replaced around 7 months ago and we don't have a copy of this, we contacted apple to check if this can be recovered however they have advised it cannot.
Thanks
Solved! Go to solution.
Hi!
As far as i know, if there havent been any updates since my last try, the only option is to reset the ipads via Apple Configurator 2 (where you can bulk reset devices) and then run the setup assistant again, we had to put them in DFU (service) mode for this to work.
The thing is (if i remember correctly) that its during the assistant that a token gets created for the DEP and that is whats controlling the certificates and so on. This is not a limitation in Meraki MDM, but just how the DEP works. Please anyone correct me if im wrong but this was the case last summer when i had this exact problem.
If your users are comfortable with it they can actually start the process themselves via iTunes on their computers and re-enroll with their accounts, this makes the step with Apple Configurator unnecessary.
Hi!
As far as i know, if there havent been any updates since my last try, the only option is to reset the ipads via Apple Configurator 2 (where you can bulk reset devices) and then run the setup assistant again, we had to put them in DFU (service) mode for this to work.
The thing is (if i remember correctly) that its during the assistant that a token gets created for the DEP and that is whats controlling the certificates and so on. This is not a limitation in Meraki MDM, but just how the DEP works. Please anyone correct me if im wrong but this was the case last summer when i had this exact problem.
If your users are comfortable with it they can actually start the process themselves via iTunes on their computers and re-enroll with their accounts, this makes the step with Apple Configurator unnecessary.
DEP re-enrollment requires a factory reset of the devices.
This does not sound good.
Did you manage to renew the DEP certificate in the Meraki portal (I'm guessing not)?
If you load a new certificate instead of renewing you will be in a world of pain.
Unfortunately, you have to factory reset them. I highly recommend making a note on your calendar to remind you to renew the certificate before it expires. A renewal takes about 5 minutes.
As states above, a wipe and re-enroll is necessary. If preserving user data is necessary have the user make a backup on their current device and restore it on a different device. This will allow the device to go through prestage enrollment and they will receive the fresh MDM profile. Then make a backup and restore on their original iPad.
Thanks everyone for the responses, I just started with the company a few months ago so I'm not aware of the full story however I believe there were problems importing the renewal certificate so a new on had to be added.
Looks like a factory resetting for re-enrol is our only option so we will just have to get started, we will try to use apple configurator/itunes backup and swap to different handsets as suggested to help make the task easier.
Thanks for all your responses, much appreciated, calendar reminder set to renew next time.
It's not fun but has to be done. As stated before, make sure to set a reminder for renewal a week or so before the expiration date, invite a few colleagues in the reminder so that they can renew if you're on vacation. And, perhaps the most important part, just to make things easier (I was in your shoes, newly employed) DOCUMENTATION. Type down everything so that basically anyone can do it if need be. I started from scratch and had to figure everything out because the last guy had everything "in his head", no fun at all...
Good luck and send a message if you need too. /Chris