I just ran into this today on two new machines. I was seeing a 403 Forbidden error in Console when OS X was trying to request the provisioning profile during installation; then I'd get an ErrorCode:1 in the UI. I tried requesting the URL that appeared in the logs and ended up getting the log-in page for the self-service portal. On a whim, I tried enabling authentication for enrollment (which, oddly enough, defaults to disabled on a fresh SM setup). You can find the setting under Systems Manager -> Configure -> General ("/manage/configure/system_settings") in your dashboard. After I did that, I tried downloading the enrollment profile again, got prompted for Meraki dashboard credentials, provided them, and then the profile that I downloaded installed fine. Before trying the new MDM profile file, I tried the one I had downloaded from before I enabled authentication and it failed, but the one I downloaded after authenticating succeeded. I'm wondering if maybe SM has a bug where if you do not have authentication enabled when you download the MDM profile, it fails to authenticate properly. Perhaps the profile has a stale set of authentication credentials (resulting in the 403) but if you download one after authenticating it has refreshed credentials? Or something like that. Just conjecture; all I know is that things worked when I enabled authentication for enrollment.
... View more