Profile installation can't authenticate to the MDM server

Question

I'm using Meraki Systems Manager as a solution for mobile device management, and lately I've been getting this error message from System Preferences(Profiles) when trying to enroll a new macOS device into the system.

Profile installation failed.
Could not authenticate to the MDM server. The credentials within the enrollment profile may have expired.

This workflow was working fine for me as recently as a couple weeks ago, which is the last time I enrolled a device. What steps can I take to troubleshoot this or verify the error message?

• How can I confirm (or refute) that the credentials within the profile are expired?
• Is there some place I can find additional log entries with more details about the failure?
• Is there any other way to test authentication to the MDM server, other than repeatedly trying to install the same profile?

For what it's worth, this laptop is running macOS Mojave 10.14.5.

Answer 1

After a few round trips with Cisco support, it turned out the problem was specific to one particular laptop that had recently been repaired at the Apple Store.

The laptop had been joined to Meraki MDM prior to going in for repair. The main logic board was replaced at the Apple Store, and although the serial number stayed the same it must have changed some other hardware identifier. After coming back from repair, the laptop was reformatted but was unable to join Meraki MDM.

The solution was to Delete (Remove From Network) the laptop from the list of Devices in Meraki Systems Manager. After that, I had no trouble re-joining the laptop into Meraki MDM. This was a surprise, because normally it's not necessary to delete device entries, as they automatically merge based on serial number.