Resolve issues with Profile Manager in macOS Server

Learn how to find and fix issues if Profile Manager doesn't work the way you expect.

If you can't access the administration page

Profile Manager's basic setup is in Server app. You must use Safari to access Profile Manager's /mydevices webpage and the administration webpage.

Only server administrators can access your administration page. The URL format for your administration page is:

  • https://your_server's_fully_qualified_domain_name/profilemanager

    • Example:

To enroll an iPhone, iPad, iPod touch, or a Mac, go to:

  • https://your_server's_fully_qualified_domain_name/mydevices

    • Example:

If you can't access the administration page with a web browser other than Safari, try with Safari. If you can't access it with Safari, check your DNS server. DNS settings are important when you're managing a Profile Manager deployment. If Profile Manager doesn't open, make sure your server points to a reliable DNS server.

If you can't push profiles or apps to clients

If you experience issues when you push profiles or apps to client systems, check the system log file in Console. If it reports that your server can't reach Apple's APNs servers, check your network's configuration. Make sure that all needed ports are open.

For more information, turn on APNS debug logging with these Terminal commands:

sudo defaults write /Library/Preferences/ APSWriteLogs -bool TRUE

sudo defaults write /Library/Preferences/ APSLogLevel -int 7

sudo killall apsd

You can view the logs in the Console app by filtering on the and subsystems.

After your APNS transactions are logged, use these Terminal commands to turn off debug logging:

sudo defaults write /Library/Preferences/ APSWriteLogs -bool FALSE

sudo defaults delete /Library/Preferences/ APSLogLevel

sudo killall apsd

If you get other issues with Profile Manager

Profile Manager logs can help you fix issues with Profile Manager. You can find a symbolic link named "devicemgr" at /var/log. This file points to /Library/Logs/ProfileManager, where you can find these logs:


  • Files in this directory provide CSV formatted logging of requests and responses from the corresponding service logs, such as all the commands sent to a device or all the actions initiated by a particular user. Each file has a header to describe the data logged in each column.


  • Provides the status of querying and syncing Open Directory and Active Directory users and groups.

  • Reports errors that occur from queries executed by devicemgrd.

  • Displays entries related to sending push notifications.

  • Displays entries related to DEP and VPP transactions.


  • Logs the status of web-based user authentication attempts.


  • Logs interactions between Profile Manager and the devices it manages.


  • Logs high-level HTTP data for the requests and responses of Profile Manager services.


  • Logs requests and errors from the /mydevices user portal.


  • Logs requests and errors for the SCEP service (used during device enrollment)


  • Logs requests and errors while using the /profilemanager web admin.


  • Logs information related to MDM related user authentication from macOS network users.


  • Displays the status of starting and stopping the managed ruby processes that support the Profile Manager webpage (/profilemanager and /mydevices). This log is sometimes empty.


  • Shows the status and details of migration from a previous version.


  • Displays the status of starting and stopping the individual php-fpm helper processes.


  • Issues with PHP are logged to this file.


  • Logs any queries with Profile Manager's PostgreSQL database that result in an error.

  • This also logs commands that change the database schema.


  • Logs the starting and stopping of the Profile Manager service.

This log can provide helpful information related to the web server:

  • /var/log/apache2/service_proxy_error.log

The following terminal command can provide you with additional information:

sudo log show --info --debug --predicate "(eventMessage contains[cd] 'devicemgr') or (category contains[cd] 'HTTPServer')"

About transaction "failures"

Some of these logs might list transaction "failures" or retries. Most of these entries are expected and don't indicate an issue. These logged events are conflicts between attempts to modify the underlying PostgreSQL database at the same time. These kinds of failures retry until they succeed.

You can identify transaction conflicts when you see any of these notes in your log files:

  • Canceled on conflict out to pivot

  • could not serialize access due to concurrent update

  • @@@ Retry #X

  • @@@ Retry X

Check the apspd CFPrefs file

Navigate to /Library/Preferences/ApplePushServiceProvider, select, then choose File > Get Info. If the file is larger than 5KB, remove it and restart the apspd process with the following Terminal command:

sudo killall apspd

Use verbose logging to find more info

More information on how to fix an issue is sometimes available if you increase the log level. To gather the information you need, reproduce the issue after you increase the logging level.

When you're finished, revert to the original logging level. If you leave the logging level at a higher setting, it decreases the available space on your startup drive.

Turn on verbose logging

To increase the level of logging, use this Terminal command:

sudo debugDeviceMgr 4

This automatically restarts Profile Manager Service.

Turn off verbose logging

To revert the logging level back to its original setting, use this Terminal command:

sudo debugDeviceMgr 1

This automatically restarts Profile Manager Service.

Learn more

Published Date: