Skip to main content

I was able to get DEP and our on-site JSS tied together yesterday but was still having trouble getting the computers to enroll during the setup assistant. We fired up a hotspot to test DEP off our network and to our surprise it worked perfectly.



I placed a call to our firewall (fortinet) support to see if there was something I did wrong. We fired up a remote session and they confirmed we had the ports unblocked in the firewall. During several tests they noted that the firewall policy was behaving properly and that the packets were being rejected from the Mac Server (sending back an "rst" or reset packet).



Our Mac server is a Mac Mini running 10.9.5 with JSS 9.73. The firewall is off and it is on the same subnet as everything else (currently a flat open network). Am I wrong in thinking this has to be a firewall issue, regardless of what the support said, because DEP worked off our network?



Here is the error from the log if that helps at all: 9/9/15 7:27:17.557 AM apspd[165]: stream: received error: The operation couldn’t be completed. (OSStatus error -9806.) on: incoming stream: apns:com.apple.mgmt to host: gateway.push.apple.com:2195



Any suggestions are more than welcome! Thanks!

These may help you troubleshoot



Debug APNS
Network ports used by JSS
Push Diagnostics application

@rcastorani



If you have any comfort with networking or Wireshark, I would suggest installing Wireshark on your Mac Mini and making sure the traffic from the computers is actually making its way to the server. I have seen firewalls create reset packets on behalf of the device they are blocking traffic to (i.e. pretending to be that device). Wireshark would help you figure out if the TCP connection is indeed being reset by the server for one reason or another or if the packets aren't even getting there--this would be the first step in my own troubleshooting process for this problem if I were to see it myself.



Are these devices on wireless? Any chance there are any wireless restrictions that might prevent communication with the server? Maybe give wired a shot if that is the case.

@cpdecker I think your intuition was correct. I hard wired the laptops with an ethernet connection and DEP worked flawlessly. I talked with our Aruba Wireless contractor and the controller doesn't recognize the DEP ports by default. Once we added them into an allowed policy, DEP worked perfectly.



@May Thanks for the documentation links!

Terms & ConditionsCookie settings