Apple

How to resolve three common problems that affect the Profile Manager service

Jesus Vigo reviews three common issues that affect the Profile Manger service found in OS X Server and provides solutions to get the service online and communicating again.

Profile Manager

In keeping with the spirit of recent troubleshooting articles, I've decided to extend it to OS X Server-related issues as well. And one of the most highly used services is OS X Server's Profile Manager for managing iOS and OS X devices and their respective settings.

Profile Manager is a service that helps to provide standardization for the computers used in an enterprise. It helps establish a baseline for standardization and also doubles as a MDM suite for deploying software to mobile devices over a LAN or WAN.

While generally solid and well designed, like many of Apple's products, Profile Manager does have its moments. Some of the more symptomatic issues that affect Profile Manager services at one time or another are covered below, along with some helpful solutions on how to bounce back from these setbacks.

1. Administration page does not open or default Apple OS X Server services page opens

Symptoms: Attempting to access the Profile Manager administration website does not load the page or loads the default Apple OS X Server services page instead.

Causes: OS X Server utilizes the built-in web services from within the same directory. If using more than one web service, such as Profile Manager and Wiki server, there does exist the potential that one page will open when referencing the other (for example, launching the Profile Manager page loads the Wiki server page).

This is typically caused by some form of data corruption in the database storing the information for the individual pages, sometimes even resulting in the default services web page loading with none of the links to the individual service pages working quite right.

Solution: A problem such as this one has several possible steps, due to the number of variables involved — plus you wouldn't want to fix one service only to kill another, so caution must be taken always.

The first solution is to verify that any addresses used to access the Profile Manager service are entered correctly. Remember that Profile Manager uses SSL for encryption, so accessing the page requires https://. Also, if any port numbers are assigned to the site, be sure to include those as well, since the service may not respond otherwise.

If the addresses check out, the next step — and typically the largest cause of connectivity issues — is to check DNS., which is required to resolve hostnames to IP addresses. Without this service running properly, chances are slim to none that any of the OS X Server-based services will be accessible anywhere, and this goes doubly for Profile Manager.

A final step to remediate the problem is to check the profilemanager.log file located at /Library/Logs/ProfileManager, as errors relating to the administration page specifically are written to this log and may shed some light on any trouble(s) preventing the page from loading properly.

2. Can't deploy apps or push settings to enrolled devices

Symptoms: OS X and/or iOS devices enrolled in Profile Manager do not receive configured apps or settings.

Causes: There are also a few reasons for clients not receiving pushed profiles — most notably that the devices are not enrolled in Profile Manager properly. Additional issues may arise from OS X Server, OS X, iOS client devices, or Apple's Push Notification Server (APNS) themselves.

Solution: By far the easiest solution to check is the enrollment status. All client devices must enroll via Profile Manager's Device Management portal. Particularly, two profiles must be installed in a specific order. First, the Trust profile, which allows the client device to accept management settings from PM. Second, the Enrollment profile must be installed, which enrolls the device for management by that specific PM server. Once installation of the profiles is completed, enrollment may be confirmed by logging onto the administration page and viewing the list of devices.

In the event that profiles are installed but the devices are still not appearing within the Profile Manager database, there may possibly be an issue communicating in either direction with APNS. To confirm this, launch Terminal from your OS X client machine and enter the following commands individually, pressing [Enter] after each line:

sudo defaults write /Library/Preferences/com.apple.apsd APSWriteLogs -bool TRUE

sudo defaults write /Library/Preferences/com.apple.apsd APSLogLevel -int 7

sudo killall apsd

The commands will enable APNS debug logging, which will detect any communication issues between the APNS and the client device. Logging information may be reviewed by accessing the Console (/Applications/Utilities/Console.app), and it will help you identify any trouble, particularly with network ports that may be unblocked from your network's firewall.

3. Migration error or reset back to default state

Symptoms: Profile Manager database is corrupt, data is not correct, or it failed to update.

Causes: While this may sometimes occur even with a clean or first-time install, it's more commonly found when upgrading from one version of OS X Server to another, as data can become corrupt during the process.

Solution: Unfortunately, the best (and perhaps only real) solution is to have created a backup prior to making any changes or upgrades on production equipment — especially servers. If a backup of the database exists, the simplest solution to this issue is to reset the database by issuing the command below.

WARNING: THIS WILL ERASE THE EXISTING PROFILE MANAGER DATABASE AND ALL THE DATA CONTAINED THEREIN.

To reset the Profile Manager database, enter the following command into Terminal on the affected OS X Server:

sudo /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeDB.sh

Once the data has been cleared, Profile Manager's data will be reset back to its default state, and any data that was backed up previously may be imported and remigrated, creating a new database container.

If resetting Profile Manager data didn't resolve the issue, you can try resetting Profile Manager and clearing out all data associated with Profile Manager on the server.

WARNING: THIS WILL ERASE THE EXISTING PROFILE MANAGER DATABASE AND ALL THE DATA CONTAINED THEREIN.

To reset Profile Manager and clear out all data associated with Profile Manager on the server, enter the following commands into Terminal:

sudo serveradmin stop devicemgr

sudo serverctl disable service=com.apple.DeviceManagement.devicemgrd

sudo serverctl disable service=com.apple.DeviceManagement.postgres

sudo mv /Library/Server/ProfileManager/Config/ServiceData/Data/PostgreSQL ~/.Trash

sudo mv /Library/Server/ProfileManager/Config/ServiceData/Data/backup ~/.Trash

sudo /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup/

CommonExtras/80-devicemgrcommon.sh

Each command should be executed once and in succession in order to carry out the process of purging all existing Profile Manager data and resetting the service completely. After this has been done, launch Server.app, click on the Profile Manager pane, and the Profile Manager service will be turned off. Turn it back on and configure as needed to restart the service, and this will hopefully clear up any previous issues affecting Profile Manager from working properly.

This is not an exhaustive list of issues or solutions to Profile Manager-related issues, but it is a sampling of some pretty bothersome and common issues that can occur at any particular time due to a variety of reasons. What other problems and solution have you discovered when working with Profile Manager? Share your experience in the discussion thread below.

About Jesus Vigo

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from seve...

Editor's Picks

Free Newsletters, In your Inbox