MDM enrolling issue -25294

Question

Hyunbo OP

Created Mar ’22

Replies 2

Boosts 0

Views 1.7k

Participants 1

Hello everyone. I'm not sure I am allowed to post this here but this looks only place to put this for me.

Recently I had difficulties to install profile from MDM service. So I tried to un-enroll and re-enroll to MDM service and I get this error "<NSOSStatusErrorDomain:-25294>"

Text : "Profile installation failed." Text : "Could not install profile ‘MDM Profile (com.kandji.profile.mdmprofile:d6640274-1316-4eb3-9285-209b8a0b1964)’ due to unknown error. <NSOSStatusErrorDomain:-25294>" Text : "Okay"

I've searched about the error and only I can get is
https://developer.apple.com/search/?q=-25294 which I think it does not cover my symptom. And https://developer.apple.com/search/?q=NSOSStatusErrorDomain this search tells me it is "Carbon" error which means nothing to me.😭

Other MacBooks on the MDM service is working perfectly. I can un-enroll, re-enroll without a problem. Using Monterey 12.0.1. Using same network. Using same MDM service.

Since I'm suspecting it is due to error installing mobileconfig from MDM, I'd like to know at least where to look for profile installation debugging logs.

When I do, I'll look for pending profile installation and what caused it.

Modifying custom profile for this Macbook Pro M1 was all pending with error message something like "Device is busy" including removing profile, installing profile. I was trying to remediate the issue by un-enrolling and re-enrolling. Unfortunately I did not screen shot the error message.

Anyone bright about mobileconfig profile installation, please help me to have any clue regarding "<NSOSStatusErrorDomain:-25294>"

To clarify, I'm not a skilled person.

🥲

Boost

Answer 1

Mar ’22

I've recreated the error while streaming log. Digging into logs, surprisingly it was what I searched, Carbon error as well as errKCNoSuchKeychain = -25294.

I've also streamed log on sucessfully enrolling Intel chip MacBook Pro, and the difference I've found is that "/var/db/DetachedSignatures" does exist on working machine while the error throwing machine does not.

I'm searching against this and could this be related to Error -25294 - https://developer.apple.com/forums/thread/675290?answerId=701801022#701801022 ?

This MacBook Pro M1 had been able to enroll, unenroll until recently. While testing changing password using FileVault Recovery Key, chaging other user's password, creating user home path like '/private/var[username]'(without backslash after "var".), installing same uuid payload but not as a whole profile, etc. This is a test machine and I definitely did not done anything besides MDM testing which includes web browsing, xml editing, so I don't think there is a third party intervention.

0

Answer 2

Hyunbo OP

Mar ’22

I bought MacBook Air M1 and the profile activity failing occured on that machine too so I got the screen shot regarding "device is busy"

Unfortunately, this device was locked to the MDM so I could not get to enrolling moment to reproduce "<NSOSStatusErrorDomain:-25294>", but I do suspect profile installation pending is the same reason since MacBook Pro M1 had the same symptom which was why I tried to re-enroll and stuck at "<NSOSStatusErrorDomain:-25294>" to see if it remediates in the first place.

I've tried creating another administrator user and enrolling but same result. Maybe I need to delete my whole Keychain and start over.

My Keychain app seems working fine on the GUI by the way. I only do install certificate for VPN or Content Filtering and make it trust via profile or manually via Keychain. I do have some password saved on the Keychain though.

0