Centrify Identity Service and Centrify DirectControl version 5.2.0 and higher on Mac OS X
What troubleshooting steps can be performed if a Mac has problems enrolling into the Centrify Cloud?
There are several things to be aware of when using Cloud enrollment with Mac systems:
- Virtual machines are NOT supported with Mac Cloud enrollments. A physical Mac device is required to work with the Apple Push Notification Service (APNS). The Centrify Cloud will prevent VMs from being recognized as Mac devices.
- If using the Mac in a combo-join configuration (both joined to AD and enrolled into the Cloud).
Make sure the Mac is joined into AD with the on-premise Mac agent BEFORE doing the web enrollment.
The container where the Mac computer is located should be the same as the one Proxy is set up to use. If this is not set up correctly, the profile installation portion of enrollment will fail. See the online help for more information on combo-join:
- It is recommended to set the hostname, computername, and localhostname of the Mac machine are all the same. Otherwise duplicate objects may be created in AD. The scutil command can be used to get and set these values:
- scutil --get HostName
- scutil --get LocalHostName
- scutil --get ComputerName
- scutil --set HostName macname
- scutil --set LocalHostName macname
- scutil --set ComputerName macname
- Make sure the user doing the enrolling has permission to create a device object in the OU where the Mac object will be created in Active Directory.
For additional non-Mac-specific troubleshooting tips, see the following KB: