This is an WARNING alert box.
This is an ERROR alert box.
This is an INFO alert box.
�
When a macOS device is enrolled in MDM, a SCEP enrollment certificate is set on the device. This certificate is stored in the macOS Keychain and is necessary for devices to communicate with MDM. If this certificate is deleted from Keychain, the device will stop responding to commands from MDM.
The SCEP certificate can be viewed on a Mac by navigating to System Preferences > Profiles and clicking the SimpleMDM profile. If the certificate has been deleted from the Mac's Keychain, the following message will be shown under the "SCEP Enrollment" section of the profile information:
If a Mac is actively enrolled in SimpleMDM but is no longer responding to commands and shows the error above in the SimpleMDM profile information under the Profiles section of System Preferences, it means that certificate was deleted somehow. To resolve this, the device must be re-enrolled.
Why does this error occur?
Some reasons that we have seen are:
- The device went through a migration (using Migration Assistant).
- The keychain on the device was cleared/deleted by the user.
- In some cases, after restoring a device from backup.
