we have a few macs that cannot enroll MDM, when I check the jamf log from the mac, it said
Error installing the computer level mdm profile: profiles install for
file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and
user:'root' returned -915 (Unable to contact the SCEP server at
“https://jss.xxxcom:8443//CA/SCEP”.)
Problem installing MDM profile.
Problem detecting MDM profile after installation.
It turned out to be our root certificate issue, some users do not have our root cert in the “SYSTEM” folder in their keychain.
The fix is just to inject our root cert and rerun mdm enrollment. here is my script for that:
#/bin/sh
# Inject Root Certficate
# Ray Qiu
# Jan 30, 2017# Download Root Cert
cd /tmp
curl -LOk http://xxx.com/tools/new.cer# Inject New Cert
sudo security add-trusted-cert -d -r trustRoot -k “/Library/Keychains/System.keychain” “/tmp/new.cer”# Re enroll MDM
sudo jamf mdm# Remove Root Cert
rm /tmp/new.cer