I've been grappling with this issue over the past few days as well. You're actually further along than me. I am unable to enable Mobile Device Management in Profile Manager. I supply it with an AppleID but it never acquires the certificate from Apple's Push Notification Services. It just spins. Because of that, Devices do not appear in Profile Manager and so the clients do not "see" the Enroll button.
Anyway, because your setup (and mine) are inside a firewall, I believe there are certain ports that the server and clients must have access to. In case you haven't seen them, here are some good documents on the subject.
https://docs.google.com/viewer?a=v&q=cache:f5YopgsSW4oJ:training.apple.com/pdf/w p_osx_configuration_profiles.pdf+&hl=en&gl=us&pid=bl&srcid=ADGEESiZN7W2bT3Z53-j_ O9y_F8gY1mKcgjtIJE5KSO1skxqbSZXPmcFvM2aTwrFZjVrXVI6WkKW2btDn6sMOifaZsRLjN-h9elV7 XK1seSZqqloP3RyyO3JPmhcR9n1Vqg5-LAmDlcj&sig=AHIEtbRtOqJN_KCKdn60LILJzdzA2P4zeg