MDM - OS X machine cannot install mdm_profile

Good morning,

I have been tasked to set up a MDM server for my company. I have a new Mac Mini with OS X 10.10.4 and OS X Server 4.1.3. All updates have been installed.

I have configured Open Directory and created a few Local Network users.

I have configured Profile Manager, installed a self signed certificate we use for the whole domain (*.company.com).

I have generated and installed the OD Intermetidate CA and Code Signing certificates.

I have generated and installed the Apple Push Notification certificate.

My OS X machines are able to connect to profile manager from the internet. After logging in they are presented with the mydevices page. Clicking on Enrol begins the installation of two profiles. The first (Trust Profile) installs fine. The second (MDM Device Management/Remote Management) profile tries to install but always results in the following error:

Profile installation failed.

Unable to contact the SCEP server at “http://mdm.company.com:1640/scep/”.

Port 1640 is open on my firewall.

I've spent 2 days Googling and have found nothing relevant.

This server sits behind Nginx which appears to be configured correctly. i.e. http://mdm.company.com has it's URL rewritten to https://mdm.company.com.

When I point a browser at http://mdm.company.com:1640/scep results in a timeout. The same is true for https://mdm.company.com:1640/scep.

If I remove the port number from the URL I get a 403 (forbidden) message.

All I see in scep_helper.log are lots of these messages:

0:: [957] [2015/07/28 13:08:30.199] getSCEPURL: hostname = '127.0.0.1', urlString = 'http://127.0.0.1:1640/scep/'

I've spent far too long working on this problem. I'm sure it's something simple but I'm not very familiar with Apple products which is a hinderance.

Any help is appreciated.

Regards

Rob