You need to allow outbound connections to Apple’s 17.0.0.0/8 block over TCP ports 2195 and 2196 from your server.

Thanks for the reply!

I'm running in the JAMF cloud. Shouldn't that already be the case?

I assume you are correct as I run Jamf on-premises and needed to ensure the ports were open for my instance. 

@jbresee Some pages you'll find very useful for determining what ports/servers need to be open for using Jamf Pro and managing Apple devices:

Network Ports Used by Jamf Pro 

Use Apple products on enterprise networks 

If your Apple devices aren't getting Apple push notifications 

FWIW @jbresee - I had this happen a week ago exactly, and I just kept trying and it worked on like the 10th try...maybe on Fridays, Apple do some maintenance?  There was nothing wrong on my setup (also cloud) and it took a while, but worked.  Good luck!

Thanks Scott. I've tried hammering it over the weekend. No luck yet.

Those are helpful, but do they apply when JAMF Pro in the cloud is contacting Apple directly cloud-to-cloud?

@jbresse did this ever work for you?

Yes, I deleted and recreated the token on the apple biz side.

This happened to me just now. I know it isn't a port thing because there are other Apple Business Manager accounts attached to this same JSS that are not having the problem.

I tried multiple times with no luck. Then I uploaded a new public key and download a new .p7m and still no luck.

So I tried like 20 times and it finally took.

See my post above...have had the same experience twice now, and just retrying over and over gets it.
Why?  No clue, but it stinks! 😏

Ha! So it happened with two more ABM accounts and two JSSs.

Rebooting the JSS hosts did the trick.