05-24-2018 12:15 AM
Hi,
We are setting up Single-SSID BYOD on Cisco ISE 2.4 and facing issues during the provisioning of Apple Devices. The error shown when trying to install the profile services is: "Profile Installation Failed. The SCEP server returned an invalid response."
Any ideas?
Thanks,
Marc
Solved! Go to Solution.
05-24-2018 07:03 AM
It’s likely not working because you don’t have a valid certificate for your ISE nodes
Apple devices will fail to go through the BYOD flow unless it’s communicating with ISE node that has a trusted certificate
https://www.google.com/search?q=isebyod10.3&oq=isebyod10.3&aqs=chrome..69i57j69i64.3071j0j7&sourceid=chrome&ie=UTF-8
05-24-2018 07:03 AM
It’s likely not working because you don’t have a valid certificate for your ISE nodes
Apple devices will fail to go through the BYOD flow unless it’s communicating with ISE node that has a trusted certificate
https://www.google.com/search?q=isebyod10.3&oq=isebyod10.3&aqs=chrome..69i57j69i64.3071j0j7&sourceid=chrome&ie=UTF-8
05-24-2018 08:39 AM
Hi Jason,
Does that mean, that the Internal CA of ISE is not working with Apple devices? Respectively the user has to manually trust the root certificate?
For EAP, Admin and Portals I'm using a official signed certificate by a trusted CA (SwissSign).
Regards,
Marc
05-24-2018 08:49 AM
Its supported as you can see in the links I sent you.
After you installed the well-known cert did you regenerate the internal CA cert otherwise it won’t present correctly to the client.
Recommend you reach out to tac for any further troubleshooting as well
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide