Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Grandeco
Grandeco Author
User level: Level 1
0 points

Client not regestering with server

Hi,


I'm setting up a server to manage our Mac Pro's. For this I have two machines in a test environment at my disposal.


Mac Pro's, mid 2012, 6core, 12Gb Ram, ...

Server: Mac OS X 10.8, fully updated OS and the lastest Server version.

Client: Mac OS X 10.7, fully updated


Both machines are a clean install of the OS, besides installing a few aps nothing has happend with them.

Both macs have a static IP from the DHCP server, I configured a forward and reverse record in our DNS to the OS X server.

The server has full access to the internet (normally everyone is behind a firewall / proxy (websense).

The client has access to internet through the proxy, local domain are excluded.

In our internal network NO traffic is blocked.

Both machines can ping eachother, DNS resolution works.

No firewall is enabled on the machines.



Server:

I installed the Server app, created a certificate, setup Open Directory, enabled the website and activated the Profile Manager.

I also enrolled the Server into our AD, so I can use the user groups to manage the settings.

In profile manager the groups show up as expected.


Client:

I can connect to the website of the server and install the machine certificate (self signed).

But when I try to "sign up" the machine, it installs the certificate without any problems but the machine is not "enrolled" nor does it show up in the devices on the server side.



I tried;

removing all certificates from the client, rebooting, reinstaling the certificates, ...

requesting a new certificate on the server.

removing the proxy settings from the client, so all trafic has to go through our internal network.

using a different account to install the certificates.

reinstalling both OS's (reloaded an image i took) and tried again.

adding the server machine to be managed by the server app, this works without any problems !! (the server shows up on the "mydevices" website)


Still have to try;

Allowing the client full access to the internet (so not behind a proxy) => not something we are keen on !!!



Am I missing something?

How can I test if all requirements are met?

Is there a way to test where the problem lies?



Thank you !!

Domien De Clercq

Mac Pro (Mid 2012), OS X Mountain Lion (10.8.3)

Posted on Mar 20, 2013 5:52 AM

Reply
3 replies
User profile for user: Grandeco
Grandeco Author
User level: Level 1
0 points

Mar 28, 2013 9:11 AM in response to Grandeco

Ok... despite the overwhelming response on this forum I contacted Apple support to found the solution.


All mac's need internet access to send and receive the Apple Push Notifications. Even if the server is on the same network....


For those behind a firewall / proxy and not quite keen on letting clients have full access; all apple servers are on the 17.0.0.0/8 range.


For thosel looking to restrict even more (http://support.apple.com/kb/HT5302)

2195, 2196TCPUsed by Profile Manager to send push notifications
5223TCPUsed to maintain a persistent connection to APNs and receive push notifications
80/443TCPProvides access to the web interface for Profile Manager admin
1640TCPEnrollment access to the Certificate Authority



Kind regards,

Domien

Reply
User profile for user: PatrickFist
PatrickFist
User level: Level 1
0 points

Sep 9, 2013 10:29 AM in response to Grandeco

Hey Grandeco,


this is fine. But do you know which Ports are incoming and which are outgoing?


Thx,

Grandeco wrote:


Ok... despite the overwhelming response on this forum I contacted Apple support to found the solution.


All mac's need internet access to send and receive the Apple Push Notifications. Even if the server is on the same network....


For those behind a firewall / proxy and not quite keen on letting clients have full access; all apple servers are on the 17.0.0.0/8 range.


For thosel looking to restrict even more (http://support.apple.com/kb/HT5302)

2195, 2196 TCP Used by Profile Manager to send push notifications
5223 TCP Used to maintain a persistent connection to APNs and receive push notifications
80/443 TCP Provides access to the web interface for Profile Manager admin
1640 TCP Enrollment access to the Certificate Authority



Kind regards,

Domien

Reply

Client not regestering with server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up