Skip to main content

Profile Installation Failed error when activating iOS devices

This section helps troubleshoot the issue regarding the Bitdefender MDM enrollment profile failing to install on iOS devices during GravityZone Mobile Client activation.

When activating GravityZone Mobile Client on iOS devices, you are prompted to install a Bitdefender MDM Enrollment Profile. You must install this profile to allow the Bitdefender GravityZone MDM system to manage the iOS device remotely.

In particular situations, the "Profile Installation Failed" error message is displayed when trying to install the profile.

30232_1.png

If the error occurs on any new iOS device that you try to activate, it indicates a problem with the communication server appliance certificate or trust chain configured in Control Center (usually noticeable during initial deployment or after changing the certificate). If the error only affects a few devices, those devices probably have an MDM profile already installed or an incorrect time setting.

Refer to the following table for detailed information on troubleshooting the issue.

Possible cause

Solution

The communication server appliance SSL certificate is missing, expired, corrupted or misconfigured.

Check the communication server appliance certificate status in Control Center > Configuration > Certificates (company administrator privilege is required).

Make sure the certificate is not expired and the common name is correct. The common name must match the IP address or domain name used by mobile devices to reach the communication server appliance (as displayed in Control Center > Network > Mobile Device Details > Overview > Activation Details, without port number or https prefix). In many cases, the certificate is issued for the server's IP address, but the mobile devices are configured to connect using the server's domain name (or vice versa).

The device does not trust the communication server appliance certificate (the trust chain is misconfigured or missing).

Note

This is only applicable for self-signed certificates or for certificates issued using your internal PKI system. Certificates issued by a public Certificate Authority (CA), such as Thawte or Verisign, are automatically trusted.

Make sure you have correctly configured and uploaded the trust chain file in Control Center > Configuration > Certificates (company administrator privilege is required).

The device date & time setting is incorrect (the device time precedes certificate issuance time).

Check the date & time setting on the affected iOS device (Settings > General > Date & Time).

The device is already enrolled with a different token or to another MDM system.

Check for and remove the existing Mobile Device Management (MDM) profile on the affected iOS device (Settings > General > Profiles).

Overview

When activating GravityZone Mobile Client on iOS devices, you are prompted to install a Bitdefender MDM Enrollment Profile. Installation of this profile is required to allow the Bitdefender GravityZone MDM system to manage the iOS device remotely.

In particular situations, the "Profile Installation Failed" error message is displayed when trying to install the profile.

30232_1.png

Troubleshooting

If the error occurs on any new iOS device that you try to activate, it indicates a problem with the communication server appliance certificate or trust chain configured in Control Center (usually noticeable during initial deployment or after changing the certificate). If the error only affects a few devices, those devices probably have an MDM profile already installed or an incorrect time setting.

Refer to the following table for detailed information on troubleshooting the issue.

Possible cause

Solution

The communication server appliance SSL certificate is missing, expired, corrupted or misconfigured.

Check the communication server appliance certificate status in Control Center > Configuration > Certificates (company administrator privilege is required).

Make sure the certificate is not expired and the common name is correct. The common name must match the IP address or domain name used by mobile devices to reach the communication server appliance (as displayed in Control Center > Network > Mobile Device Details > Overview > Activation Details, without port number or https prefix). In many cases, the certificate is issued for the server's IP address, but the mobile devices are configured to connect using the server's domain name (or vice versa).

The device does not trust the communication server appliance certificate (the trust chain is misconfigured or missing).

Note

This is only applicable for self-signed certificates or for certificates issued using your internal PKI system. Certificates issued by a public Certificate Authority (CA), such as Thawte or Verisign, are automatically trusted.

Make sure you have correctly configured and uploaded the trust chain file in Control Center > Configuration > Certificates (company administrator privilege is required).

The device date & time setting is incorrect (the device time precedes certificate issuance time).

Check the date & time setting on the affected iOS device (Settings > General > Date & Time).

The device is already enrolled with a different token or to another MDM system.

Check for and remove the existing Mobile Device Management (MDM) profile on the affected iOS device (Settings > General > Profiles).

Note

If none of the above solutions work, try with a new Communication Server certificate.