Profile Installation Failed error when activating iOS devices
This section helps troubleshoot the issue regarding the Bitdefender MDM enrollment profile failing to install on iOS devices during GravityZone Mobile Client activation.
When activating GravityZone Mobile Client on iOS devices, you are prompted to install a Bitdefender MDM Enrollment Profile. You must install this profile to allow the Bitdefender GravityZone MDM system to manage the iOS device remotely.
In particular situations, the "Profile Installation Failed" error message is displayed when trying to install the profile.
If the error occurs on any new iOS device that you try to activate, it indicates a problem with the Communication Server certificate or trust chain configured in Control Center (usually noticeable during initial deployment or after changing the certificate). If the error only affects a few devices, those devices probably have an MDM profile already installed or an incorrect time setting.
Refer to the following table for detailed information on troubleshooting the issue.
Possible cause | Solution |
The Communication Server SSL certificate is missing, expired, corrupted or misconfigured. | Check the Communication Server certificate status in Control Center > Configuration > Certificates (company administrator privilege is required). Make sure the certificate is not expired and the common name is correct. The common name must match the IP address or domain name used by mobile devices to reach the Communication Server (as displayed in Control Center > Network > Mobile Device Details > Overview > Activation Details, without port number or https prefix). In many cases, the certificate is issued for the server's IP address, but the mobile devices are configured to connect using the server's domain name (or vice versa). |
The device does not trust the Communication Server certificate (the trust chain is misconfigured or missing). NoteThis is only applicable for self-signed certificates or for certificates issued using your internal PKI system. Certificates issued by a public Certificate Authority (CA), such as Thawte or Verisign, are automatically trusted. | Make sure you have correctly configured and uploaded the trust chain file in Control Center > Configuration > Certificates (company administrator privilege is required). |
The device date & time setting is incorrect (the device time precedes certificate issuance time). | Check the date & time setting on the affected iOS device (Settings > General > Date & Time). |
The device is already enrolled with a different token or to another MDM system. | Check for and remove the existing Mobile Device Management (MDM) profile on the affected iOS device (Settings > General > Profiles). |
Overview
When activating GravityZone Mobile Client on iOS devices, you are prompted to install a Bitdefender MDM Enrollment Profile. Installation of this profile is required to allow the Bitdefender GravityZone MDM system to manage the iOS device remotely.
In particular situations, the "Profile Installation Failed" error message is displayed when trying to install the profile.
Troubleshooting
If the error occurs on any new iOS device that you try to activate, it indicates a problem with the Communication Server certificate or trust chain configured in Control Center (usually noticeable during initial deployment or after changing the certificate). If the error only affects a few devices, those devices probably have an MDM profile already installed or an incorrect time setting.
Refer to the following table for detailed information on troubleshooting the issue.
Possible cause | Solution |
The Communication Server SSL certificate is missing, expired, corrupted or misconfigured. | Check the Communication Server certificate status in Control Center > Configuration > Certificates (company administrator privilege is required). Make sure the certificate is not expired and the common name is correct. The common name must match the IP address or domain name used by mobile devices to reach the Communication Server (as displayed in Control Center > Network > Mobile Device Details > Overview > Activation Details, without port number or https prefix). In many cases, the certificate is issued for the server's IP address, but the mobile devices are configured to connect using the server's domain name (or vice versa). |
The device does not trust the Communication Server certificate (the trust chain is misconfigured or missing). NoteThis is only applicable for self-signed certificates or for certificates issued using your internal PKI system. Certificates issued by a public Certificate Authority (CA), such as Thawte or Verisign, are automatically trusted. | Make sure you have correctly configured and uploaded the trust chain file in Control Center > Configuration > Certificates (company administrator privilege is required). |
The device date & time setting is incorrect (the device time precedes certificate issuance time). | Check the date & time setting on the affected iOS device (Settings > General > Date & Time). |
The device is already enrolled with a different token or to another MDM system. | Check for and remove the existing Mobile Device Management (MDM) profile on the affected iOS device (Settings > General > Profiles). |
Note
If none of the above solutions work, try with a new Communication Server certificate.