Currently Being ModeratedMay 20, 2013 8:33 AM (in response to iPad786)
Did you install the Trust Profile for your OSX devices in addition to the enrollment profile?
Currently Being ModeratedJul 11, 2013 2:16 AM (in response to iPad786)
But when I tried to open the ports (tried both text based and with ICE Flor)
sudo ipfw add 27860 allow tcp from any to any dst-port 2196
sudo ipfw add 27860 allow tcp from any to any dst-port 2195
add 78600 allow tcp from any to any dst-port 5223
When I use sudo lsof -i -P | grep -i "listen" , it didnot show me if the ports are open.
You don't see those ports open on your server, because they are not supposed to be open and your server is not listening on them.
2195 and 2196 are used by your server to connect outgoing to APNS (Apple Push Notification Server), so your server won't need to listen there, nor be reachable here, but your server must be able to connect to Apple on these ports.
5223 is basically the same, but for your clients. Any Apple device that wants to have Push services will use this port for an outgoing TCP connection to APNS. So again, your server wont listen here.
The only incoming ports to the server are 443 (for both the web interface and the devices checking in for new profiles etc.) and 1640 (only used during inital enrollment).