DOLAdmin

Q: Can't connect to https://servername/mydevices via corporate VPN

I have an established/viable VPN connection into my company's network on my iPad. 

 

- I can ping our 10.7.2's Lion Server's IP and Host name fine. 

- Other internal web sites work fine. 

- I can access the Lion Server internally from my Mac fine - connecting to https://servername/mydevices

- Turning the server's firewall on or off doesn't matter. 

 

The iPad tries to connect for like 45 seconds then comes back with the following error message: 

 

"Cannot Open Page"

"Safari could not open the page because the server stopped responding".

 

 

What could be wrong?  Thanks.

 

*I should mention that I have an ongoing/open case with Apple due to errors received when trying to enroll devices internally. 

Mac Pro, Mac OS X (10.7.2)

Posted on Feb 1, 2012 8:26 AM

Close

Q: Can't connect to https://servername/mydevices via corporate VPN

  • All replies
  • Helpful answers

  • by DOLAdmin,

    DOLAdmin DOLAdmin Feb 1, 2012 8:55 AM in response to DOLAdmin
    Level 1 (0 points)
    Feb 1, 2012 8:55 AM in response to DOLAdmin

    In Case this helps:

     

    Last login: Tue Jan 31 15:22:51 on ttys000

    ios:~ username$ sudo webappctl status -

    Password:

    web:webAppState:_array_index:0:state = "RUNNING"

    web:webAppState:_array_index:0:virtualHostName = ""

    web:webAppState:_array_index:0:webAppName = "com.apple.webapp.ACSServer"

    web:webAppState:_array_index:1:state = "RUNNING"

    web:webAppState:_array_index:1:virtualHostName = ""

    web:webAppState:_array_index:1:webAppName = "com.apple.webapp.devicemgr"

    web:webAppState:_array_index:2:state = "RUNNING"

    web:webAppState:_array_index:2:virtualHostName = ""

    web:webAppState:_array_index:2:webAppName = "com.apple.webapp.auth"

    ios:~ username$

  • by danielnord,

    danielnord danielnord May 29, 2012 11:46 PM in response to DOLAdmin
    Level 1 (0 points)
    May 29, 2012 11:46 PM in response to DOLAdmin

    Hi!

     

    Have you solved your problem yet? I have the same problem at my home.

     

     

    Best regards,

    Daniel

  • by alanfowler7,

    alanfowler7 alanfowler7 Jul 13, 2013 7:18 PM in response to DOLAdmin
    Level 1 (0 points)
    Jul 13, 2013 7:18 PM in response to DOLAdmin

    Hi,

     

    I have the same problem. I accessed the terminal, ran the above and everything checks out.  I am total novice, but I don't feel like I am configured incorrrectly if my devices can't access.  I can vpn though.  If I vpn they can connect.

     

    Thanks,

     

    Alan

  • by DOLAdmin,

    DOLAdmin DOLAdmin Jul 15, 2013 7:52 AM in response to alanfowler7
    Level 1 (0 points)
    Jul 15, 2013 7:52 AM in response to alanfowler7

    If you can connect over VPN but not internally, it almost always points to a ports issue at the router.  There are nine matches for the words "profile manager" on this site: http://support.apple.com/kb/TS1629.  Be sure each port associated with those two words is open.  That's your start point.

     

    Be sure these are open as well:

     

    Port TCP 443 (https)

    Port TCP 1640 (SCEP)

    Port TCP 5223 (APNS)

    Port TCP 2195 (APNS)

    Port TCP 2196 (APNS)

  • by John Lockwood,

    John Lockwood John Lockwood Jul 16, 2013 2:29 AM in response to DOLAdmin
    Level 6 (9,324 points)
    Servers Enterprise
    Jul 16, 2013 2:29 AM in response to DOLAdmin

    https://servername/mydevices is (as written) just a hostname and not a 'fully qualified domain name'.

     

    It might work internally either because internally the Mac will then try servername.local and try to access it via Bonjour (which will not work via VPN), or if your (internal) DHCP server is providing a domain name to clients e.g. mydomain.com then it will try adding that to servername to produce a fully qualified domain name of servername.mydomain.com and then try contacting the server via that. Make sure your VPN server provides the correct DNS server and domain name to VPN clients.

     

    I would suggest trying first the numeric IP address of the server via VPN e.g. http://10.1.1.1/mydevices and see if that works. If it does this would prove the ports are open and available. If you do have an internal DNS server (which if your running Profile Manager you will) and if your VPN server provides that to remote users, then try the fully qualified domain name via VPN.