Help

iPads not enrolling into JSS

Dan1987
New Contributor III

Posted on ‎04-17-2018 09:45 AM

Hey,

We have been trying to enroll several iPads into our Jamf server but keep getting the cancelled screen.
We have a proper domain name and ip address which is available for the clients.

Based on the wireshark, packet capturing the iPad can resolve the right domain name and tried to connect to JSS on the relevant ip address and port. There is a tcp handshake which is finished in a standard way in a few seconds and there is no indication of a network level issue.

When we try to apply configuration on the iPad, we get a HTTP load fail error in the logs through console.

We have contacted Jamf Pro chat and they have asked us to check ports etc.
Didnt fix the issue.

Any advice will be appreciated.

Labels:
0 Kudos
7 REPLIES 7

m_donovan
Contributor III

Posted on ‎04-17-2018 11:34 AM

Are you using a web enroll or Apple configurator?

Dan1987
New Contributor III

Posted on ‎04-18-2018 02:12 AM

we are using the remote manage on the device itself.
Jamf suggested to try the Apple Configurator but this didn't fix the issue unfortunately.

0 Kudos

m_donovan
Contributor III

Posted on ‎04-18-2018 03:58 AM

With Apple Configurator did you add the trust CA? Here is a video if not. A supervision profile is needed if using DEP devices with AC2.

0 Kudos

Dan1987
New Contributor III

Posted on ‎04-19-2018 08:20 AM

Hi,

Apple configurator 2 didn't work, even after following the video.
We would like to use PreStage enrollments though.

Basically what i have done is,
- Confirmed serial is assigned to our MDM server.
- telnet mdmenrollment.apple.com 443 - (From the server itself and it connected).
- telnet gateway.push.apple.com 2195 - (From the server itself and it connected).
- Checked DEP and it shows that our server is connected and has an IP address.
- I created a new PreStage enrollment and confirmed all settings from the manual (including scope).
- Accepted T&C on DEP.
- Confirmed that the server has the correct date / time (i read from some articles).

Is there anything else i could check or any advice recommended.

Thanks

Dan

0 Kudos

mark_buffington
Contributor II
Contributor II

Posted on ‎04-19-2018 08:36 AM

@Gregzy - You may also want to confirm your iPads can reach several other non-Apple hosts, presumably to verify trust of APNs traffic.

Apple published a new KB yesterday with more details of hosts that need be reachable by enrolling devices:

Get started using Apple School Manager or Device Enrollment Program with Mobile Device Management

albert.apple.com
iprofiles.apple.com
*.symcb.com
evintl-ocsp.verisign.com
evsecure-ocsp.verisign.com

miregan
Contributor II

Posted on ‎04-19-2018 09:08 AM

Are the devices assigned to your DEP instance within the JSS, under its scope?

0 Kudos

Dan1987
New Contributor III

Posted on ‎10-18-2018 12:56 AM

Thanks for your advice, I got this resolved.
It ended up being a blocked port.

0 Kudos