SCEP server returned an invalid response - SCEP Transaction: 405 Method Not Allowed
We are testing a SCEP configuration and the MDM gives the error message: "SCEP server returned an invalid response".
If you look into the logs of the device that the profile is getting installed on. The log "mdmprofilelog0" you get to see the failure code 405 Method Not Allowed.
[ 30-01-2024 14:34:14.578 ] [ 275 ] [INFO] SCEP Client: Keypair generated
[ 30-01-2024 14:34:14.736 ] [ 275 ] [INFO] SCEP Client: Enrollment passcode added
[ 30-01-2024 14:34:14.738 ] [ 275 ] [INFO] SCEP Client: Subject Alternative name added
[ 30-01-2024 14:34:14.743 ] [ 275 ] [INFO] SCEP Client: Key usage added
[ 30-01-2024 14:34:14.749 ] [ 275 ] [INFO] SCEP Client: Certificate signing request generated
[ 30-01-2024 14:34:14.760 ] [ 275 ] [INFO] SCEP Client: Generating self-signed certificate
[ 30-01-2024 14:34:14.767 ] [ 275 ] [INFO] SCEP Client: Self-signed generated successfully
[ 30-01-2024 14:34:14.772 ] [ 275 ] [INFO] SCEP Client: Adding custom ssl context
[ 30-01-2024 14:34:14.778 ] [ 275 ] [INFO] SCEP Client: SSL context created successfully
[ 30-01-2024 14:34:14.784 ] [ 275 ] [INFO] SCEP Client: Initiating communication with the SCEP server
[ 30-01-2024 14:34:14.961 ] [ 275 ] [SEVERE] SCEP Client: Error occurred during SCEP transaction
[ 30-01-2024 14:34:14.967 ] [ 275 ] [SEVERE] org.jscep.transaction.TransactionException: org.jscep.transport.TransportException: 405 Method Not Allowed
at org.jscep.client.Client.a(SourceFile:577)
at com.manageengine.mdm.framework.certificate.ScepClient.a(SourceFile:603)
at com.manageengine.mdm.framework.profile.scep.ScepPayloadRequestHandler.k(SourceFile:129)
at com.manageengine.mdm.framework.profile.ProfileRequestHandler.p(SourceFile:385)
at com.manageengine.mdm.samsung.profile.SamsungProfileRequestHandler.e(SourceFile:20)
at com.manageengine.mdm.samsung.core.SamsungDefaultProcessRequestHandler.e(SourceFile:122)
at com.manageengine.mdm.framework.core.MDMAdapter.a(SourceFile:11)
at com.manageengine.mdm.framework.core.MDMAdapter.g(SourceFile:275)
at com.manageengine.mdm.framework.service.MDMIntentService.onHandleIntent(SourceFile:777)
at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:78)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loopOnce(Looper.java:226)
at android.os.Looper.loop(Looper.java:313)
at android.os.HandlerThread.run(HandlerThread.java:67)
Caused by: org.jscep.transport.TransportException: 405 Method Not Allowed
at org.jscep.transport.UrlConnectionPostTransport.a(SourceFile:181)
at org.jscep.client.Client.a(SourceFile:348)
... 13 more
[ 30-01-2024 14:34:14.973 ] [ 275 ] [WARNING] ScepPayloadRequestHandler: Certificate request failed
[ 30-01-2024 14:34:14.980 ] [ 275 ] [SEVERE] ScepPayloadRequestHandler: Exception
[ 30-01-2024 14:34:14.987 ] [ 275 ] [SEVERE] org.jscep.transaction.TransactionException: org.jscep.transport.TransportException: 405 Method Not Allowed
at org.jscep.client.Client.a(SourceFile:577)
at com.manageengine.mdm.framework.certificate.ScepClient.a(SourceFile:603)
at com.manageengine.mdm.framework.profile.scep.ScepPayloadRequestHandler.k(SourceFile:129)
at com.manageengine.mdm.framework.profile.ProfileRequestHandler.p(SourceFile:385)
at com.manageengine.mdm.samsung.profile.SamsungProfileRequestHandler.e(SourceFile:20)
at com.manageengine.mdm.samsung.core.SamsungDefaultProcessRequestHandler.e(SourceFile:122)
at com.manageengine.mdm.framework.core.MDMAdapter.a(SourceFile:11)
at com.manageengine.mdm.framework.core.MDMAdapter.g(SourceFile:275)
at com.manageengine.mdm.framework.service.MDMIntentService.onHandleIntent(SourceFile:777)
at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:78)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loopOnce(Looper.java:226)
at android.os.Looper.loop(Looper.java:313)
at android.os.HandlerThread.run(HandlerThread.java:67)
Caused by: org.jscep.transport.TransportException: 405 Method Not Allowed
at org.jscep.transport.UrlConnectionPostTransport.a(SourceFile:181)
at org.jscep.client.Client.a(SourceFile:348)
... 13 more
The CA doesn't show any failed request. So we can't pinpoint the error.
If you look into the logs of the device that the profile is getting installed on. The log "mdmprofilelog0" you get to see the failure code 405 Method Not Allowed.
[ 30-01-2024 14:34:14.578 ] [ 275 ] [INFO] SCEP Client: Keypair generated
[ 30-01-2024 14:34:14.736 ] [ 275 ] [INFO] SCEP Client: Enrollment passcode added
[ 30-01-2024 14:34:14.738 ] [ 275 ] [INFO] SCEP Client: Subject Alternative name added
[ 30-01-2024 14:34:14.743 ] [ 275 ] [INFO] SCEP Client: Key usage added
[ 30-01-2024 14:34:14.749 ] [ 275 ] [INFO] SCEP Client: Certificate signing request generated
[ 30-01-2024 14:34:14.760 ] [ 275 ] [INFO] SCEP Client: Generating self-signed certificate
[ 30-01-2024 14:34:14.767 ] [ 275 ] [INFO] SCEP Client: Self-signed generated successfully
[ 30-01-2024 14:34:14.772 ] [ 275 ] [INFO] SCEP Client: Adding custom ssl context
[ 30-01-2024 14:34:14.778 ] [ 275 ] [INFO] SCEP Client: SSL context created successfully
[ 30-01-2024 14:34:14.784 ] [ 275 ] [INFO] SCEP Client: Initiating communication with the SCEP server
[ 30-01-2024 14:34:14.961 ] [ 275 ] [SEVERE] SCEP Client: Error occurred during SCEP transaction
[ 30-01-2024 14:34:14.967 ] [ 275 ] [SEVERE] org.jscep.transaction.TransactionException: org.jscep.transport.TransportException: 405 Method Not Allowed
at org.jscep.client.Client.a(SourceFile:577)
at com.manageengine.mdm.framework.certificate.ScepClient.a(SourceFile:603)
at com.manageengine.mdm.framework.profile.scep.ScepPayloadRequestHandler.k(SourceFile:129)
at com.manageengine.mdm.framework.profile.ProfileRequestHandler.p(SourceFile:385)
at com.manageengine.mdm.samsung.profile.SamsungProfileRequestHandler.e(SourceFile:20)
at com.manageengine.mdm.samsung.core.SamsungDefaultProcessRequestHandler.e(SourceFile:122)
at com.manageengine.mdm.framework.core.MDMAdapter.a(SourceFile:11)
at com.manageengine.mdm.framework.core.MDMAdapter.g(SourceFile:275)
at com.manageengine.mdm.framework.service.MDMIntentService.onHandleIntent(SourceFile:777)
at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:78)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loopOnce(Looper.java:226)
at android.os.Looper.loop(Looper.java:313)
at android.os.HandlerThread.run(HandlerThread.java:67)
Caused by: org.jscep.transport.TransportException: 405 Method Not Allowed
at org.jscep.transport.UrlConnectionPostTransport.a(SourceFile:181)
at org.jscep.client.Client.a(SourceFile:348)
... 13 more
[ 30-01-2024 14:34:14.973 ] [ 275 ] [WARNING] ScepPayloadRequestHandler: Certificate request failed
[ 30-01-2024 14:34:14.980 ] [ 275 ] [SEVERE] ScepPayloadRequestHandler: Exception
[ 30-01-2024 14:34:14.987 ] [ 275 ] [SEVERE] org.jscep.transaction.TransactionException: org.jscep.transport.TransportException: 405 Method Not Allowed
at org.jscep.client.Client.a(SourceFile:577)
at com.manageengine.mdm.framework.certificate.ScepClient.a(SourceFile:603)
at com.manageengine.mdm.framework.profile.scep.ScepPayloadRequestHandler.k(SourceFile:129)
at com.manageengine.mdm.framework.profile.ProfileRequestHandler.p(SourceFile:385)
at com.manageengine.mdm.samsung.profile.SamsungProfileRequestHandler.e(SourceFile:20)
at com.manageengine.mdm.samsung.core.SamsungDefaultProcessRequestHandler.e(SourceFile:122)
at com.manageengine.mdm.framework.core.MDMAdapter.a(SourceFile:11)
at com.manageengine.mdm.framework.core.MDMAdapter.g(SourceFile:275)
at com.manageengine.mdm.framework.service.MDMIntentService.onHandleIntent(SourceFile:777)
at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:78)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loopOnce(Looper.java:226)
at android.os.Looper.loop(Looper.java:313)
at android.os.HandlerThread.run(HandlerThread.java:67)
Caused by: org.jscep.transport.TransportException: 405 Method Not Allowed
at org.jscep.transport.UrlConnectionPostTransport.a(SourceFile:181)
at org.jscep.client.Client.a(SourceFile:348)
... 13 more
The CA doesn't show any failed request. So we can't pinpoint the error.
The test device is able to connect to the mscep page.