Hi there,
Seems we have found a few devices with broken APNS cert that is not communicate with Meraki properly.
Problem is they have greyed out remove buttons, so we cant remove the profile to re-enroll the device.
Is there any solution to this?
Since the assumption is that we cannot change settings of this device to allow for password removal of profile.
Solved! Go to solution.
There is a solution to this that doesn't involve the wiping of the device
Assuming that you've got the correct APNS cert now installed in the Meraki Dashboard, and that you've got the correct ADE profile assigned to the device
Open Terminal on the device
Type:
sudo profiles renew -type enrollment
You'll be prompted for the currently logged in user's password
In the top right hand corner of the screen, you'll see:
Click Update
Now, open System Preferences, and navigate to Profiles
You'll now have the ability to Update the MDM profile, essentially re-enrolling the machine, and fixing your APNS cert issue at the same time
NOTE: This is a VERY powerful command, so, be careful!
There is a solution to this that doesn't involve the wiping of the device
Assuming that you've got the correct APNS cert now installed in the Meraki Dashboard, and that you've got the correct ADE profile assigned to the device
Open Terminal on the device
Type:
sudo profiles renew -type enrollment
You'll be prompted for the currently logged in user's password
In the top right hand corner of the screen, you'll see:
Click Update
Now, open System Preferences, and navigate to Profiles
You'll now have the ability to Update the MDM profile, essentially re-enrolling the machine, and fixing your APNS cert issue at the same time
NOTE: This is a VERY powerful command, so, be careful!
Interesting, is there also a similar approach for iOS devices?
Sadly not.
HOWEVER: You *should* be able to enroll over the top of an existing enrollment, BUT only if the MDM profile is identical. This should also cure any issues your device may have.
Looks like I'm not getting the prompt to update the cert after using the command. I've tried it on two different machines that has push cert in a non-compliant state.