3 Replies Latest reply: Feb 11, 2013 8:58 AM by UptimeJeff
PVSDTech Level 1 Level 1 (0 points)

Hi all,


I am an admitted newbie to the Mac world. That said, I am in the process of setting up an OsX 10.8 server to handle the MDM for our iPad deployment. This is in a school district that runs all Windows in Active Directory.


I attempted to do the setup with no luck. So, I tried to reset the server back to the defaults and found that the settings I had made previously were still there.


What I need to know is how should I go about getting back to essentially scratch with this setup? Once I have that, what is the correct setup process to get me to where I can enroll the iPads to do the wireless MDM? We do not need to have access to the server from any other devices. No other services are needed like email, file shares etc. We have several sites on many different subnets but all on the same network.


A few specifics I do need to know is which network configuration would be preferred for our type of network? I'm thinking Private since everything will be handled internally. Also, regarding the certificates, is an SSL certificate required? And last, I read that there are some TCP ports that need to be opened. Is this required if we are running strictly internal with this?


Sorry for rambling on and my inexperience. I appreciate any help anyone can give.



MacBook Pro, OS X Server
  • 1. Re: Configuring Mountain Lion Server for iOS MDM
    iToaster Level 3 Level 3 (660 points)

    you should also think about if you need to push settings, wipe devices etc. outside of your network

  • 2. Re: Configuring Mountain Lion Server for iOS MDM
    PVSDTech Level 1 Level 1 (0 points)

    At this time we dont anticipate having to manage anything outside of the network. But that isn't to say it won't happen somewhere down the line. Right now the focus is on the iPads used internally.

  • 3. Re: Configuring Mountain Lion Server for iOS MDM
    UptimeJeff Level 4 Level 4 (3,390 points)

    You can use .private but if there is EVER the possibility that this would be used outside your LAN, then I would use a FQDN.


    You do not need a commercial certificate. A self-signed will work fine.
    The default self-signed has a 1 year expire. If you don't want to deal with updating the cert in a year, I would create a new 5 year cert.
    This option is harder to find now with mountain lion.
    From the Certificates section in Server, first click the gear and choose 'show all certficates', then hit the + button and choose 'Create a trusted certificate'. You will see a button to override defaults. This allows you to have a different expire date.



    You can reset the profile manager data (stored in postgres) with:

    sudo /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeDB.sh