Profile Installation Failed error when activating iOS devices
Bitdefender GravityZone provides full visibility into organizations' overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender's Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization.
This article helps troubleshoot the issue with the Bitdefender MDM enrollment profile failing to install on iOS devices during GravityZone Mobile Client activation.
When activating GravityZone Mobile Client on iOS devices, you are prompted to install a Bitdefender MDM Enrollment Profile. Installation of this profile is required to allow the Bitdefender GravityZone MDM system to manage the iOS device remotely.
In particular situations, the "Profile Installation Failed" error message is displayed when trying to install the profile.
If the error occurs on any new iOS device that you try to activate, it indicates a problem with the Communication Server certificate or trust chain configured in Control Center (usually noticeable during initial deployment or after changing the certificate). If the error only affects a few devices, those devices probably have an MDM profile already installed or an incorrect time setting.
Refer to the following table for detailed information on troubleshooting the issue.
|The Communication Server SSL certificate is missing, expired, corrupted or misconfigured.||
Check the Communication Server certificate status in Control Center > Configuration > Certificates (company administrator privilege is required).
Make sure the certificate is not expired and the common name is correct. The common name must match the IP address or domain name used by mobile devices to reach the Communication Server (as displayed in Control Center > Network > Mobile Device Details > Overview > Activation Details, without port number or https prefix). In many cases, the certificate is issued for the server's IP address, but the mobile devices are configured to connect using the server's domain name (or vice versa).
The device does not trust the Communication Server certificate (the trust chain is misconfigured or missing).
Note: This is only applicable for self-signed certificates or for certificates issued using your internal PKI system. Certificates issued by a public Certificate Authority (CA), such as Thawte or Verisign, are automatically trusted.
|Make sure you have correctly configured and uploaded the trust chain file in Control Center > Configuration > Certificates (company administrator privilege is required).|
|The device date & time setting is incorrect (the device time precedes certificate issuance time).||Check the date & time setting on the affected iOS device (Settings > General > Date & Time).|
|The device is already enrolled with a different token or to another MDM system.||Check for and remove the existing Mobile Device Management (MDM) profile on the affected iOS device (Settings > General > Profiles).|
Note: If none of the above solutions work, try with a new Communication Server certificate.