12 Replies Latest reply: Oct 25, 2013 1:09 AM by it-support winn
HerreganAdmin Level 1 Level 1 (0 points)

I have successfully setup a Lion Server, I think, and I am starting to test profiles for iPads.  I have created the profile and enrolled my first device.  I have added the enrolled device to the device group.  It appears to send out the profile, but in the the Active Tasks tab everything shows sending or in progess.  It has been over an hour since I have done this and done of the activites are completing.  Any ideas?  Do I have something setup wrong?  I am not sure want to check for.  Here is exactly what is showing in the Active Task window:

 

Push Settings > 1 of 1 in progress

Update Info: New Device > Sending

Push Settings > 1 of 1 in progress

Update Info: New Device > Sending


Mac mini
  • 1. Re: Profile Manager - Tasks not completing
    Dillynn Level 1 Level 1 (0 points)

    Hi,

     

    I have the same issue. I setup the server and tested a few devices with no problem. This morning I booted the server and found the following:

     

    - I can Install the self signed Certificate trusted by my server.

    - I can Enroll my device.

    - Once my device has been enrolled and I refresh the device manager page my device does not show at all.           Where this used to happen instantly.

    - Under Tasks have 2 items busy sending. Once again something that used to show up but complete instantly.

     

    I have a existing device that was added before the server boot. This device still works and responds to updated and push settings.

  • 2. Re: Profile Manager - Tasks not completing
    Dillynn Level 1 Level 1 (0 points)

    Managed to resolve this. Once I connected to a Internet connection outside of my organization it worked and all tasks were applied successfully.

     

    Think APNS was not able to get to the device. This is why all devices need a direct internet connetion. Having any kind of proxy or firewall makes things very difficult.

     

    Hope this helps.

  • 3. Re: Profile Manager - Tasks not completing
    HerreganAdmin Level 1 Level 1 (0 points)

    Thanks, I will give that a try.

  • 4. Re: Profile Manager - Tasks not completing
    mklos1 Level 1 Level 1 (0 points)

    Sounds like you need to have some ports opened in your firewall...

     

    Ports 1640, 2195, 2196, and 5223 need to be opened or else it simply will not work if you're behind a firewall.

  • 5. Re: Profile Manager - Tasks not completing
    imazeno Level 1 Level 1 (0 points)

    Does anybody know exactly which of these ports need to be opened from LAN towards internet (and to which servers) in order for enrollment and profile push to work?  Also do the ports need to be opened only for server, or for the clients as well?

    I only need it to work inside the office, and we're behind a http proxy.  I'm not able to enroll any devices, no error, they just don't register with profile manager.

    When I use a test server with a direct internet connection it works just fine, even though I didn't map any ports from the ourside in.

  • 6. Re: Profile Manager - Tasks not completing
    t1mmclaren Level 1 Level 1 (0 points)

    HerreganAdmin, I am having similar issues, however I find that changes to device groups complete correctly but user groups do not. However if I log onto the machine with that user on it the task finaly completes. Can you confirm this behaviour?

  • 7. Re: Profile Manager - Tasks not completing
    HerreganAdmin Level 1 Level 1 (0 points)

    Mine issue was all groups. It was solved with port changes from our main server. Sorry I cannot confirm the behavior you are having issues with.

  • 8. Re: Profile Manager - Tasks not completing
    iToaster Level 3 Level 3 (670 points)

    Ports 1640, 2195, 2196, 5223, 443 have to be open

    group "settings for everyone" is not push it's download

  • 9. Re: Profile Manager - Tasks not completing
    iToaster Level 3 Level 3 (670 points)

    if you have to connect outside of your organization something must be blocking the profile manager

    I have it working both internally (behind NAT) and externally

  • 10. Re: Profile Manager - Tasks not completing
    KayNeine Level 1 Level 1 (0 points)

    For enterprise firewalls & proxies where one has to define each PPS as inbound or outbound (i.e. who initiates the connection), all these answers are close. 

     

    Can anyone fill in the blanks -- outbound or inbound?

     

    2195

    TCP

    Used by Profile Manager to send push notifications (to iPads)

     

    2196

    TCP

    Used by Profile Manager to send push notifications (to iPads) or… and/or to reach Apple’s feedback service

     

    5223

    TCP

    Used to maintain a persistent connection to Apple Push Notification service (APNs) and receive push notifications

     

    80

    TCP

    Provide webpages to public

     

     

    Inbound

    443

    TCP

    Provides access to the web interface for Profile Manager admin; provide webpages to public

     

     

    Inbound

    1640

    TCP

    Enrollment access to the Certificate Authority

     

  • 11. Re: Profile Manager - Tasks not completing
    DeanSecAdmin Level 1 Level 1 (0 points)

    I would also like to know if any of these ports need out bound access as well.  I have a client that has all of these ports open for inbound but are still unable to push profiles while inside their network....not sure if that is firewall rules but we're grasping at straws at this point

  • 12. Re: Profile Manager - Tasks not completing
    it-support winn Level 1 Level 1 (0 points)

    We have the exact same problem, with random iPhones, 4's 4S', 5's...

    Have yet to find a solution and/or an answer from Apple.

    We have like 5 out of ~100 phones that are impossible to enroll.

    Please advise.

    Oh, and we've checked all ports, that's not the issue.