iPads ? Mac's ? or iPhones?
So, I've now got a shiny Mac OS X 'server' here, and am trying to get a client to enroll with it.
I've set up Profile Manager with a self signed certificate, and then log in to MyDevices on the client and install the Trust Profile so the machine will trust that self-signed cert.
I then click Enroll and it goes through the motions, asking for permission to install, continue and install. And then nothing.
The Enroll button remains, and the device does not appear in the Devices list in Profile Manager.
What am I doing wrong?
iPads ? Mac's ? or iPhones?
iMacs running 10.7.4.
I thought I might've messed something up, so I restored back to default and tried again.
On the client, I'm getting a pile of 'applepushserviced: Certificate not yet generated' errors, followed by 'mdmclient: *** ERROR *** [Agent:501] MDM server https://server.domain.forest.net/dev...device/connect returned error: 403 (forbidden)'
The iMac is showing up under 'Devices' for that individual user, but not under 'Devices' in the Library section in Profile Manager. Also, the Enroll button doesn't change to the info page when its done.
Have you got a proxy enabled? If so try disabling it then attempt to enrol. I have had issues where you need a proxy pac file to use exceptions for your mac server.
We do have a proxy enabled, but disabling it will mean it has no internet connection at all then.
EDIT: Nope, no go.
Any thoughts on what I should do to get around this issue?
Last edited by localzuk; 9th July 2012 at 11:15 AM.
Being in Bristol have you opened up the MDM ports?
Port TCP 443 (https)
Port TCP 1640 (SCEP)
Port TCP 5223 (APNS)
Port TCP 2195 (APNS)
Port TCP 2196 (APNS)
I opened these ports and it all started to work for my test.
You mean with BCC? We can't really open 443, as the iMacs can be on any IP range in our school!
We don't have any internal rules on the network blocking any ports.
Or do you mean these ports need to be accessible to the apple server? ie. TCP outbound ports for that single machine?
Last edited by localzuk; 9th July 2012 at 11:55 AM.
I now have the latter 4 ports open to the following IP addresses:
network-object host 126.96.36.199
network-object host 188.8.131.52
network-object host 184.108.40.206
network-object host 220.127.116.11
Still getting the above error message... Do I also need to open 443 to albert.apple.com like it lists in another error message?
Last edited by localzuk; 9th July 2012 at 02:33 PM.
Those ports just need to be opened up for the mac server.
Woo! Well, after a night's sleep, and getting port 443 opened to albert.apple.com. Finally, it was add that site as a proxy exception on the server and give it a reboot and voila. Its working!
Happy days Glad its working.
There are currently 1 users browsing this thread. (0 members and 1 guests)