iPad786

Q: Apple Profile Manager : MDM Ports , Push Notifications

Hi All

I have configured MDM with Mountain Lion , Server Tools 2.2.1 , worked fine with iOS device (checked with iPad) worked fine.

But when I push to OSX devices, it stuck , ... lot of search on Google and found some threads that people had the same issues.

 

 

http://serverfault.com/questions/102416/iptables-equivalent-for-mac-os-x/105736# 105736
https://discussions.apple.com/thread/4254271?start=0&tstart=0

https://discussions.apple.com/message/19441034#19441034

http://krypted.com/iphone/managing-ios-devices-with-apple-configurator/

 

The solution was to open following ports:

o use Profile Manager, you should ensure that the following ports are open on your network.

 

PortTCP/UDPDescription
2195, 2196TCPUsed by Profile Manager to send push notifications
5223TCPUsed to maintain a persistent connection to APNs and receive push notifications
80/443TCPProvides access to the web interface for Profile Manager admin
1640TCPEnrollment access to the Certificate Authority

 

But when I tried to open the ports (tried both text based and with ICE Flor)
sudo ipfw add 27860 allow tcp from any to any dst-port 2196
sudo ipfw add 27860 allow tcp from any to any dst-port 2195
add 78600 allow tcp from any to any dst-port 5223

When I use sudo lsof -i -P | grep -i "listen" , it didnot show me if the ports are open.

iPad, iOS 6

Posted on Apr 16, 2013 6:47 AM

Close

Q: Apple Profile Manager : MDM Ports , Push Notifications

  • All replies
  • Helpful answers

  • by lukematt,

    lukematt lukematt May 20, 2013 8:33 AM in response to iPad786
    Level 1 (0 points)
    May 20, 2013 8:33 AM in response to iPad786

    Did you install the Trust Profile for your OSX devices in addition to the enrollment profile?

  • by Andreas Schenk,

    Andreas Schenk Andreas Schenk Jul 11, 2013 2:16 AM in response to iPad786
    Level 1 (5 points)
    Jul 11, 2013 2:16 AM in response to iPad786

     

    But when I tried to open the ports (tried both text based and with ICE Flor)
    sudo ipfw add 27860 allow tcp from any to any dst-port 2196
    sudo ipfw add 27860 allow tcp from any to any dst-port 2195
    add 78600 allow tcp from any to any dst-port 5223

    When I use sudo lsof -i -P | grep -i "listen" , it didnot show me if the ports are open.

     

    You don't see those ports open on your server, because they are not supposed to be open and your server is not listening on them.

    2195 and 2196 are used by your server to connect outgoing to APNS (Apple Push Notification Server), so your server won't need to listen there, nor be reachable here, but your server must be able to connect to Apple on these ports.

    5223 is basically the same, but for your clients. Any Apple device that wants to have Push services will use this port for an outgoing TCP connection to APNS. So again, your server wont listen here.

    The only incoming ports to the server are 443 (for both the web interface and the devices checking in for new profiles etc.) and 1640 (only used during inital enrollment).

  • by Badriya Alaraimi,

    Badriya Alaraimi Badriya Alaraimi Dec 22, 2014 12:55 AM in response to Andreas Schenk
    Level 1 (0 points)
    Dec 22, 2014 12:55 AM in response to Andreas Schenk

    hi,

    also I have configure MDM Ariwatch in my company. sending notification and install profile in IOS devices is not working.

    I have contact Airwatch support team, they ask me to open ports 2195 and 2196.

    then I request my network team to open above ports, they have try using ULR- gateway and feedback-. its not working. Then they try to use IP address, but they noted that the IP is continually changing. I have request support team to gave me on IP than I can use., they send IP 17.0.0.0/8 for both ports.

    then I informed firewall admin to open that port using 17.0.0.0 IP address, but he didn't accept this because its not secure to allow this range in firewall.

    and Airwatch team say this limitation from Apple said.

    please Advise.

  • by rccharles,

    rccharles rccharles Dec 23, 2014 1:37 PM in response to Badriya Alaraimi
    Level 6 (8,506 points)
    Classic Mac OS
    Dec 23, 2014 1:37 PM in response to Badriya Alaraimi

    Perhaps a conference call with Apple and your networking people would be helpful.

     

    Enterprise support:

    Call enterprise support  (866) 752-7753  to create  a case ID number

  • by Badriya Alaraimi,

    Badriya Alaraimi Badriya Alaraimi Dec 24, 2014 2:59 AM in response to rccharles
    Level 1 (0 points)
    Dec 24, 2014 2:59 AM in response to rccharles

    thank you very much for your response...

    BUT I'm not able to reach the (866) 752-7753

    can you send full number with open line?

  • by rccharles,

    rccharles rccharles Dec 24, 2014 2:18 PM in response to Badriya Alaraimi
    Level 6 (8,506 points)
    Classic Mac OS
    Dec 24, 2014 2:18 PM in response to Badriya Alaraimi

    Here is the list of well known ports.  Can't a firewall limit access from an ip address and a port?  Should get past network group protests.

    TCP and UDP ports used by Apple software products - Apple Support

     

     

    Well, the general Apple contact number is:

     

    Apple

    1 Infinite Loop
    Cupertino, CA 95014
    (408) 996-1010
    I think there is some paid service that lets you dial 800 numbers in the US.
    Apple will call you.
    https://getsupport.apple.com/ServiceOptionAction.action
    Here is the world wide contact info.
    Contact Apple for support and service - Apple Support