How to add a device to macOS Server?
I've just purchased macOS Server and am trying to add devices to its management. I've tried going to the "My Devices" page,
and downloading a configuration profile for MDM enrollment:
The configuration profile has the following contents:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>CAFingerprint</key>
<data>
Q0MzMkNBMzNGMjFGRTgyNUJFOTI5RTU3Qjc1NUIyMTU4
MDlFQTE1REZBQ0FCODkwQjc3ODJBRkVEQkRFMUJGRA==
</data>
<key>Challenge</key>
<string>eN23VUrSBk1GJWa5/y4ViIUGGkdr3gPqYwEU/l8VQAo=</string>
<key>Key Type</key>
<string>RSA</string>
<key>Key Usage</key>
<integer>0</integer>
<key>Keysize</key>
<integer>2048</integer>
<key>Name</key>
<string>Profile Manager Device Identity CA</string>
<key>Subject</key>
<array>
<array>
<array>
<string>CN</string>
<string>MDM Identity Certificate:728ad81d-a72f-467b-a9bb-ae74bff37fd4</string>
</array>
</array>
</array>
<key>URL</key>
<string>http://Kurts-MacBook-Pro-13:80/mdm/scep</string>
</dict>
<key>PayloadDescription</key>
<string>Configures SCEP</string>
<key>PayloadDisplayName</key>
<string>Device Credential Request</string>
<key>PayloadIdentifier</key>
<string>com.apple.mdmconfig.SCEP</string>
<key>PayloadOrganization</key>
<string>Kurt Peek</string>
<key>PayloadType</key>
<string>com.apple.security.scep</string>
<key>PayloadUUID</key>
<string>AECB99D7-9F26-4460-853B-C6D7DF366354</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>AccessRights</key>
<integer>8191</integer>
<key>CheckInURL</key>
<string>https://Kurts-MacBook-Pro-13/devicemanagement/api/device/mdm_checkin</string>
<key>CheckOutWhenRemoved</key>
<true/>
<key>IdentityCertificateUUID</key>
<string>AECB99D7-9F26-4460-853B-C6D7DF366354</string>
<key>PayloadDescription</key>
<string>Configures Mobile Device Management</string>
<key>PayloadDisplayName</key>
<string>Device Management</string>
<key>PayloadIdentifier</key>
<string>com.apple.mdmconfig.mdm</string>
<key>PayloadOrganization</key>
<string>Kurt Peek</string>
<key>PayloadType</key>
<string>com.apple.mdm</string>
<key>PayloadUUID</key>
<string>2AE2D020-2473-47DB-A773-EC00E76C1C66</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>ServerCapabilities</key>
<array>
<string>com.apple.mdm.per-user-connections</string>
</array>
<key>ServerURL</key>
<string>https://Kurts-MacBook-Pro-13/devicemanagement/api/device/mdm_connect</string>
<key>Topic</key>
<string>com.apple.mgmt.XServer.49f0f7d5-260f-49b5-b723-d40953cc7376</string>
</dict>
<dict>
<key>PayloadContent</key>
<data>
MIIDfTCCAmUCCBZNzg5s/HalMA0GCSqGSIb3DQEBCwUAMIGAMQsw
CQYDVQQGEwJVUzEdMBsGA1UECgwUS3VydHMtTWFjQm9vay1Qcm8t
MTMxKzApBgNVBAMMIlByb2ZpbGUgTWFuYWdlciBEZXZpY2UgSWRl
bnRpdHkgQ0ExJTAjBgkqhkiG9w0BCQEWFmhvc3RtYXN0ZXJAZXhh
bXBsZS5jb20wHhcNMTkxMjI5MTM0ODI2WhcNMjExMjI4MTM0ODI2
WjCBgDELMAkGA1UEBhMCVVMxHTAbBgNVBAoMFEt1cnRzLU1hY0Jv
b2stUHJvLTEzMSswKQYDVQQDDCJQcm9maWxlIE1hbmFnZXIgRGV2
aWNlIElkZW50aXR5IENBMSUwIwYJKoZIhvcNAQkBFhZob3N0bWFz
dGVyQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAvZHvIUgimKNdg14uOMCew0xILjUE8iTWxz+Aau8I
cLrgWpZaNl6oCQ6l7J+C7J0ZyRpXu4Eb7KxNyQX5MO/yd8a/TtoY
WcjhyUbx3c3ANEcW6vV0BtN9NGsv7oH7woeywNzRZ72VroUlZMMG
8GzF9gICj8crnm/qWuiewpbgPiXoRRTfuLUyuQXKei0hpFyFKmht
qn2z0BrrPCTe/L2vApUg4IPowDylVU31efFXYuGWzCX+lGWggEQU
WxQKyBZnslUmC7O+JdFSyqk7vbJsjKS2LziKhIQp9rCJElyy83sK
kbJ6c9j4yQtwRp09uJWx1MDOUHWe0MN+aEKlNFhEnQIDAQABMA0G
CSqGSIb3DQEBCwUAA4IBAQBiGEylUhMfxJkTPsaS3vwC5AKEqtCJ
xzoMttIaHxRl5Cs38s9B0gaUN0tw/1yGs15Py3Gl2eR1rxQ7YOPJ
9Py720cNNmYzxFx4LoxqBF7PTMwI23cNlbkoOkKbGLhEH7hTRN3b
JEYp1Z8615FifAMiBALT10nUY3fQlNH1gcHNbz4cna7Owm73DiKu
32hyyV9Qu8h6PAvHCdiVPtplay0RxgSrPrPe8QDAvjz13i9FUvZn
CkL/lhwZ4TxQ/FO7XmFZyftBcQYcvnXdLvOnqNOz976P1r5/uxoZ
bgw1t0twm7lBZFp8QJ7MM4PV4L+wRbcFHO+XWqfV8GLJ4JQo3isS
</data>
<key>PayloadDescription</key>
<string>Configures your device to trust the Profile Manager server Kurt Peek.</string>
<key>PayloadDisplayName</key>
<string>Trust Profile for Kurt Peek</string>
<key>PayloadIdentifier</key>
<string>com.apple.scep.certificate</string>
<key>PayloadOrganization</key>
<string>Kurt Peek</string>
<key>PayloadType</key>
<string>com.apple.security.root</string>
<key>PayloadUUID</key>
<string>52AA91DB-7A74-4BE4-B712-1F0791DA5FE9</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>PayloadContent</key>
<data>
MIIDhzCCAm+gAwIBAgIEbt1oJTANBgkqhkiG9w0BAQsFADBzMTkw
NwYDVQQDDDBLdXJ0IFBlZWsgU2VydmVyIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5IFJvb3QgQ0ExEjAQBgNVBAoMCUt1cnQgUGVlazEi
MCAGCSqGSIb3DQEJARYTa3VydC5wZWVrQGdtYWlsLmNvbTAeFw0x
OTEyMjkxMzU0MjlaFw0yNDEyMjcxMzU0MjlaMHMxOTA3BgNVBAMM
MEt1cnQgUGVlayBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkgUm9vdCBDQTESMBAGA1UECgwJS3VydCBQZWVrMSIwIAYJKoZI
hvcNAQkBFhNrdXJ0LnBlZWtAZ21haWwuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnEL8Ybh5Nj1uDs6OwMvK/Xr
VQ+X8Of/8CeTxGoKjWTQdTLoWd9R5JqMVEZcSSmQL6h36MWvkquL
O3Dt9jflhn+sx94ONj8j8bnGMDiWUrc0OIv2phfSNRRdxWjPQ8TL
O5Ye/NVoM8lWRY5RtAkh4qvh8icW8f4/IbAllWptpcOIs7854YuW
o4uHcADb6ChTAKswQGn+wof2r0qtSCG0M1ZuA4QUHf1owwpq6yQ8
i0i0OYV7Xi9y1/JAg4E3M4AdZYjpMLQCvp8EgyN2pbqXe+PnD0pm
ZKeEJOcV+ew6xUnbG8QmnYOenTWlsDG8pOcu4GJW9z956Z7V6ITB
nIu1HQIDAQABoyMwITAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMSDPJDVMzyKkRpdd
2yVVn6+S1Cy88FPO7LVJo5vdpOX8G/3QIKECSsMrPkjJtXoUcUeA
9W5JZWeco5hsX0zFUt2O/spCa7HkG8H4luQWupueT479R7ww5ogC
LvqMZXokq4yZc+e5Lu9XsS09IUtfa/Aa0x3ugtV6xeiHsD1YrL/V
hjXZfkiQ3fUmUXrY0ndHpEqa7uEEPIOFfdVuZ7NYd8OuK6aDR+hs
865ZaDPmSuNvraKgxccwFJEYrOkLjkOsapkYweBdGTARbvMFapYN
+SuTLOdzNzHXRs50Ds+csS0H8VRIKTg7+GmQNcfcly5Di4NrdVLM
WDcr9JYJq8MjEA==
</data>
<key>PayloadDescription</key>
<string>Configures your device to trust the Profile Manager server Kurt Peek.</string>
<key>PayloadDisplayName</key>
<string>Trust Profile for Kurt Peek</string>
<key>PayloadIdentifier</key>
<string>com.apple.root.certificate</string>
<key>PayloadOrganization</key>
<string>Kurt Peek</string>
<key>PayloadType</key>
<string>com.apple.security.root</string>
<key>PayloadUUID</key>
<string>B0716D15-5A7D-48D1-912C-E8BB7412DD9B</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>Allows the server to manage your device.</string>
<key>PayloadDisplayName</key>
<string>Remote Management</string>
<key>PayloadIdentifier</key>
<string>com.apple.config.Kurts-MacBook-Pro-13.mdm</string>
<key>PayloadOrganization</key>
<string>Kurt Peek</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>D4562B5A-1B37-45D8-84FF-BE27611A8893</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
However, if I Airdrop this mdm_profile.mobileconfig to another device and try to open it, I get an error message "Unable to contact the SCEP server":
Am I supposed to install macOS Server on every device I want to manage? (I would have thought that it sufficed to install it on one 'admin' device).
Solution 1:
You’ll want to get ready for some setup and reading of the docs: https://support.apple.com/guide/profile-manager/intro-to-profile-manager-pm9cz84lqi/mac
Your first hurdle is your DNS on the enrolling device can’t find the dns name of the server - Kurts-macbook-pro-13. If you set up the IP address or make a dns name that resolves, you will be able to complete enrollment on the second device. Or add .local like you did in the web browser if you are only managing local devices.
You can find the local DNS name of any Mac by going to System Preferences > Sharing. And right at the top under the field with "Computer Name" it will give you the local network DNS name of that computer. It is likely that if you add a ".local" to the end of the server's name when you set up the enrollment profile, other Macs on your local network should be able to find it. EG: kurts-macbook-pro-13.local
You are correct, you have one server that manages all the devices. Server can be installed on several Macs to manage the main device, but as long as all Macs to be enrolled are on the same network that should be unnecessary..