Currently Being ModeratedMay 7, 2012 1:53 AM (in response to HerreganAdmin)
I have the same issue. I setup the server and tested a few devices with no problem. This morning I booted the server and found the following:
- I can Install the self signed Certificate trusted by my server.
- I can Enroll my device.
- Once my device has been enrolled and I refresh the device manager page my device does not show at all. Where this used to happen instantly.
- Under Tasks have 2 items busy sending. Once again something that used to show up but complete instantly.
I have a existing device that was added before the server boot. This device still works and responds to updated and push settings.
Currently Being ModeratedMay 7, 2012 2:23 AM (in response to HerreganAdmin)
Managed to resolve this. Once I connected to a Internet connection outside of my organization it worked and all tasks were applied successfully.
Think APNS was not able to get to the device. This is why all devices need a direct internet connetion. Having any kind of proxy or firewall makes things very difficult.
Hope this helps.
Currently Being ModeratedMay 9, 2012 8:34 AM (in response to Dillynn)
Sounds like you need to have some ports opened in your firewall...
Ports 1640, 2195, 2196, and 5223 need to be opened or else it simply will not work if you're behind a firewall.
Currently Being ModeratedMay 23, 2012 5:03 AM (in response to mklos1)
Does anybody know exactly which of these ports need to be opened from LAN towards internet (and to which servers) in order for enrollment and profile push to work? Also do the ports need to be opened only for server, or for the clients as well?
I only need it to work inside the office, and we're behind a http proxy. I'm not able to enroll any devices, no error, they just don't register with profile manager.
When I use a test server with a direct internet connection it works just fine, even though I didn't map any ports from the ourside in.
Currently Being ModeratedAug 1, 2012 4:39 PM (in response to HerreganAdmin)
HerreganAdmin, I am having similar issues, however I find that changes to device groups complete correctly but user groups do not. However if I log onto the machine with that user on it the task finaly completes. Can you confirm this behaviour?
Currently Being ModeratedAug 23, 2012 9:16 AM (in response to mklos1)
For enterprise firewalls & proxies where one has to define each PPS as inbound or outbound (i.e. who initiates the connection), all these answers are close.
Can anyone fill in the blanks -- outbound or inbound?
Used by Profile Manager to send push notifications (to iPads)
Used by Profile Manager to send push notifications (to iPads) or… and/or to reach Apple’s feedback service
Used to maintain a persistent connection to Apple Push Notification service (APNs) and receive push notifications
Provide webpages to public
Provides access to the web interface for Profile Manager admin; provide webpages to public
Enrollment access to the Certificate Authority
Currently Being ModeratedAug 23, 2012 12:53 PM (in response to KayNeine)
I would also like to know if any of these ports need out bound access as well. I have a client that has all of these ports open for inbound but are still unable to push profiles while inside their network....not sure if that is firewall rules but we're grasping at straws at this point
Currently Being ModeratedOct 25, 2013 1:09 AM (in response to HerreganAdmin)
We have the exact same problem, with random iPhones, 4's 4S', 5's...
Have yet to find a solution and/or an answer from Apple.
We have like 5 out of ~100 phones that are impossible to enroll.
Oh, and we've checked all ports, that's not the issue.