You are trying to push a profile to a iOS device and you get an error message "MDM Profile cannot be installed" on the managed device.
You might get this error message, due to one of the following reasons:
You need to repeat the enrollment process, after the issue has been resolved.
Check whether the Third Party Certificate is configured properly in the MDM server. In case of intermediate certificate, ensure that the intermediate chain is configured properly. Refer Third Party Certificate Troubleshooting for detailed information.
If you're using third-party certificates in MDM Server, ensure the same is configured in the Secure Gateway as well.
Ensure NAT has been configured properly as the FQDN must be accessible outside the corporate network. Use the full address as received in the mail, instead of the IP, to ensure that the NAT is reachable. Also, ensure the requisite HTTPS ports and other requisite ports are not blocked by firewall/proxy.
This error occurs when the date/time settings in the device and/or server is not in sync with the time settings specified in the certificate. Ensure the date/time settings are correct in both the device and server. If the server has incorrect time, re-configure the NAT again.
Applies to: iOS Enrollment, Device Enrollment, Managing Mobile Devices
Keywords: Enrollment failure, Mobile Device Management, Managing iOS Devices