Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4729: Troubleshooting cloud enrollment issues on Mac systems

Centrify Identity Service, App Edition ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:22 AM

Applies to: Centrify Identity Service and Centrify DirectControl version 5.2.0 and higher on Mac OS X
 
Question:
 
What troubleshooting steps can be performed if a Mac has problems enrolling into the Centrify Cloud?
 
 
Answer:

There are several things to be aware of when using Cloud enrollment with Mac systems:
  • Virtual machines are NOT supported with Mac Cloud enrollments. A physical Mac device is required to work with the Apple Push Notification Service (APNS). The Centrify Cloud will prevent VMs from being recognized as Mac devices.
     
    See the following KB for more information on APNS:
    KB-2978: How to obtain an Apple APNS certificate
     
  • If using the Mac in a combo-join configuration (both joined to AD and enrolled into the Cloud). 
    Make sure the Mac is joined into AD with the on-premise Mac agent BEFORE doing the web enrollment.
     
    The container where the Mac computer is located should be the same as the one Proxy is set up to use. If this is not set up correctly, the profile installation portion of enrollment will fail. See the online help for more information on combo-join:
     
  • It is recommended to set the hostname, computername, and localhostname of the Mac machine are all the same. Otherwise duplicate objects may be created in AD. The scutil command can be used to get and set these values:
    • scutil --get HostName
    • scutil --get LocalHostName
    • scutil --get ComputerName
    • scutil --set HostName macname
    • scutil --set LocalHostName macname
    • scutil --set ComputerName macname
       
  • Make sure the user doing the enrolling has permission to create a device object in the OU where the Mac object will be created in Active Directory.


For additional non-Mac-specific troubleshooting tips, see the following KB:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.