Remove Profiles of Devices with broken APNS Cert

SOLVED
_aDiedericks
Getting noticed

Remove Profiles of Devices with broken APNS Cert

Hi there,

 

Seems we have found a few devices with broken APNS cert that is not communicate with Meraki properly.

Problem is they have greyed out remove buttons, so we cant remove the profile to re-enroll the device. 

Is there any solution to this?

Since the assumption is that we cannot change settings of this device to allow for password removal of profile.

 

Screenshot 2022-09-22 at 10.49.32.png

1 ACCEPTED SOLUTION
PaulF
Meraki Employee
Meraki Employee

There is a solution to this that doesn't involve the wiping of the device

 

Assuming that you've got the correct APNS cert now installed in the Meraki Dashboard, and that you've got the correct ADE profile assigned to the device

 

Open Terminal on the device

 

Type:

 

sudo profiles renew -type enrollment

 

You'll be prompted for the currently logged in user's password

 

In the top right hand corner of the screen, you'll see:

 

PaulF_0-1663838180713.jpeg

 

Click Update

 

Now, open System Preferences, and navigate to Profiles

 

PaulF_1-1663838222748.jpeg

 

You'll now have the ability to Update  the MDM profile, essentially re-enrolling the machine, and fixing your APNS cert issue at the same time

 

NOTE: This is a VERY powerful command, so, be careful!

 

 

View solution in original post

4 REPLIES 4
PaulF
Meraki Employee
Meraki Employee

There is a solution to this that doesn't involve the wiping of the device

 

Assuming that you've got the correct APNS cert now installed in the Meraki Dashboard, and that you've got the correct ADE profile assigned to the device

 

Open Terminal on the device

 

Type:

 

sudo profiles renew -type enrollment

 

You'll be prompted for the currently logged in user's password

 

In the top right hand corner of the screen, you'll see:

 

PaulF_0-1663838180713.jpeg

 

Click Update

 

Now, open System Preferences, and navigate to Profiles

 

PaulF_1-1663838222748.jpeg

 

You'll now have the ability to Update  the MDM profile, essentially re-enrolling the machine, and fixing your APNS cert issue at the same time

 

NOTE: This is a VERY powerful command, so, be careful!

 

 

beks88
A model citizen

Interesting, is there also a similar approach for iOS devices?

PaulF
Meraki Employee
Meraki Employee

Sadly not.

 

HOWEVER: You *should* be able to enroll over the top of an existing enrollment, BUT only if the MDM profile is identical. This should also cure any issues your device may have.

Looks like I'm not getting the prompt to update the cert after using the command. I've tried it on two different machines that has push cert in a non-compliant state. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels