Apple DEP enrollment fails: "No valid MDM installation found" and "Device registration with DEP failed"

Question

Apple DEP enrollment fails: "No valid MDM installation found" and "Device registration with DEP failed"

I'm implementing an MDM server and I'm trying to enroll a supervised iOS device through Apple DEP (Automated Device Enrollment).

The device is correctly listed in Apple Business Manager and assigned to my MDM server.

Here’s what I’ve done so far:

Created the DEP token (I'm able to list devices using DEP API)
Generated the APNs push certificate using the Apple Push Certificates Portal
Extracted the Topic from the certificate and placed it in the MDM enrollment profile
The device calls my /enroll endpoint
After that, the device logs multiple errors and the enrollment never completes

These are the logs shown on the device:


errore 17:47:47.116441+0100 mdmd No valid MDM installation found. 
MDM will not listen to push messages. Error: (null)

errore 17:47:47.425765+0100 mdmd MDMDEPPushTokenManager: 
Push token is not available.

errore 17:47:49.690339+0100 mdmd MDMDEPPushTokenManager: Failed to upload push token 
with reponse: (null), error: Error Domain=DEPCloudConfigErrorDomain Code=33024 
"La registrazione del dispositivo *** DEP non è riuscita." 
UserInfo={NSUnderlyingError=0xb03041e90 {Error Domain=MCCloudConfigurationErrorDomain 
Code=34000 "The device failed to request configuration from the cloud." 
UserInfo={NSLocalizedDescription=The device failed to request configuration 
from the cloud., CloudConfigurationErrorType=CloudConfigurationFatalError}}, 
USEnglishDescription=Device registration with DEP failed., 
NSLocalizedRecoverySuggestion=The device failed to request configuration 
from the cloud., DEPErrorType=DEPFatalError, 
NSLocalizedDescription=La registrazione del dispositivo *** DEP non è riuscita.}

errore 17:49:49.008349+0100 mdmd MDMDEPPushTokenManager: Failed to upload push token 
with reponse: (null), error: Error Domain=DEPCloudConfigErrorDomain Code=33024 ...

So far I can’t understand why the push token never becomes available and why the device says:


No valid MDM installation found. MDM will not listen to push messages.

Has anyone seen these exact error messages during DEP enrollment, or knows what usually causes this failure?

Posted on Dec 2, 2025 11:55 AM

Reply

Answer 1

Top-ranking reply

azaksalmarzur28

Level 2

432 points

Dec 2, 2025 10:15 PM in response to paolomossini_S1

The "Topic" Mismatch (Most Likely)

You mentioned extracting the Topic from the certificate. This is the most common place for errors.

The Rule: The Topic field in your MDM Enrollment Profile must match the User ID (UID) field of your APNs certificate's Subject, not the Common Name (CN).
The Trap: Many developers accidentally use the bundle ID (e.g., com.apple.mgmt.External...) as the topic. While that looks like a topic, the device actually validates against the certificate's UID.
Fix:

1. Open your APNs certificate (.pem or .cer) in a certificate viewer or via OpenSSL: openssl x509 -in your_cert.pem -noout -text
2. Look for the Subject line.
3. Find the UID value (e.g., com.apple.mgmt.External.12345678-ABCD...).
4. Ensure your enrollment profile's Topic key uses exactly this string.

Reply

Answer 2

Dec 3, 2025 5:47 AM in response to paolomossini_S1

P.S. Trying to install the enrollment profile manually using Apple Configurator, the device doesn't reject the profile and calls my /scep endpoint.

So, in this case an additional step is performed compared to automatic enrollment.

Reply

Answer 3

Dec 3, 2025 12:20 AM in response to azaksalmarzur28

I can confirm that I'am using the User ID (UID) present in the subject line of the certificate (.pem) downloaded from Apple Push Certificates Portal.

My enrollment profile's topic looks like this:

<key>Topic</key><string>com.apple.mgmt.External.bb9a5671-xxxx-xxxx-xxxx-xxxxxxxxxxxx</string>

Reply