How can you change the MDM Ports ? Especially port 443, which is needed for Exchange Activesync - you can't push via mdm and have the exchange running, which settings are to be pushed.
What email server are you running on the server?
Can you share a screenshot of the error message Server is alerting?
Also, some apps can share ports...
You cannot change the MDM ports.
It is more typical to have different servers acting as the MDM system and the Mail server system. In a more complex setup it might be possible to have both host names e.g. mdm.domain.com and activesync.domain.com go to the same public IP address and on that have a reverse proxy server which forwards them to the individual servers.
Sadly you cannot NAT mdm, it forces itself to be on port 443 - so that won't work.
Both 443 servers are behind the same global IP (in the company). How could a reverse proxy help here ?
I can bind exchange.domain.com to global IP + bind mdm.domain.com to the same global IP - but it won't work via proxy:
<VirtualHost *:443>
ServerName mdm.domain.tld
ServerAlias mdm.domain.tld
SSLProxyEngine On
ProxyPass / https://mdm.company.local/
ProxyPassReverse / https://mdm.company.local/
SSLEngine on
SSLCertificateFile /etc/myssl/public.pem
SSLCertificateKeyFile /etc/myssl/privkey.pem
SSLCertificateChainFile /etc/myssl/chain-class2.pem
</VirtualHost>
John Lockwood wrote:
You cannot change the MDM ports.
It is more typical to have different servers acting as the MDM system and the Mail server system. In a more complex setup it might be possible to have both host names e.g. mdm.domain.com and activesync.domain.com go to the same public IP address and on that have a reverse proxy server which forwards them to the individual servers.
Let's say I have locally:
exchange.domain.local:443
mdm.domain.local:443
an a linux.domain.local:543 (reverse proxy) to mdm.domain.local:443 it's still the port 543 to be used for mdm.domain.com (pointing to global ip) ...
Get a second ethernet adaptor or multi home the existing port. What server hardware are you on? A Mac mini? Allow Profile Manager to claim the primary port and host name for your domain. Then put your mail solution on the second adaptor or address. Now you can run two services requiring 443 on the same machine as the port will bind to unique addresses. Are you running Kerio? Communigate? Either will let you bind to a network address.
Reid
Apple Consultants Network
Author - "El Capitan Server – Foundation Services"
Author - "El Capitan Server – Control & Collaboration"
Author - "El Capitan Server – Advanced Services"
:: Exclusively available in Apple's iBooks Store
How can you change the MDM Ports ?
