Unable to contact https://mdmenrollment.apple.com PreStage enrollment

I keep getting this error using the new 9.3 stable.

Unable to contact https://mdmenrollment.apple.com to add a device to a PreStage enrollment

I see this under PreStage Enrollments when I create a new one and save it.

My iPads are erroring out :

The configuration for your iPad could not be downloaded from ****
The operation couldn't be completed. (NSURLErrorDomain error -1012.)

Please help. Thanks

EDIT: When I go to this site https://mdmenrollment.apple.com
I see this:

The requested URL was not found on this server.

Thanks

Page 3 / 4

I had the same problem today and tested everything that is in this discussion:
Created a new Public Key;
Created a new MDM server;
Tested the telnet commands as cited by @chlaird;
Removed the DEP settings from JSS.

All of these worked fine but I still couldn't add a new DEP setting on my JSS. Then I checked the time on my server and for some reason it was 5 minutes behind, even using an internal NTP server. Anyway, I corrected the time and it worked straight away.

If in case someone is getting the same error, check the time on the server first just to avoid spending time and effort.

@luispalumbo Ran into this issue today, checked my time on the JSS and sure enough it was off by about 6min, and reseting the NTP server setting on the JSS fixed it! Thanks!

I had the same issue after updating my Apple ID

I Fixed the issues by Generating a new Server Token on the DEP website and uploading it to the JSS.

I also just had this issue. For me, it was one single iPad in my prestage scope that was causing the issue. Once I removed that iPad from the scope, everything worked perfectly. I'll have to check with apple to see what might have caused that device to throw an error.

I had the same thing happen today:

"Unable to contact https://mdmenrollment.apple.com to add a device to a PreStage enrollment"

and

"The DEP service reported an error. (https://mdmenrollment.apple.com [403])"

Found out that Apple changed their terms and conditions for the DEP program and had to agree to them. Need to sign in with the program Agent account. After doing that the error messages went away in the JSS.

Just another "me too."

In this case it turned out Apple was wanting two-step verification to be set up, as well as accepting new terms. After that was set up all was well.

Refreshed my MDM token from the DEP portal and that resolved my problems.

I was seeing the same errors. I had to log in to DEP and agree to the two updated User Agreements. Problem solved.

Thank you mramsay -- this should be on the Jamfnation frontpage. Problem solved here, after a restart of our JSS.

We had the same problem of JSS not contacting the DEP servers, even though we recently updated our DEP token. Logging into DEP and accepting Apple's new terms and conditions fixed the problem. You know the old saying, mind your Ts and Cs.

I'm receiving the same error. I did accept the new terms but under Device Enrollment Program in JSS we have two DEP entries, both pointing to the same Apple ID. While the new token made the first entry happy, the second one states that token is in use. If I create another key and token for this account, is that going to cause my first DEP entry to flake out?

Not sure if this is related but I have resolved our "NSURLErrorDomain error -1012" issue shown at the start of the DEP process for our iPhones.

Our solution was to restore a copy of our server.xml file and restart tomcat service. The difference between the two server.xml file that I noticed was that the restored file had more ciphers settings. The keystorefile and keystorepassword were also different.

I believe the server.xml file was changed or replaced during an failed upgrade to 8.91. An uninstall and reinstall of JSS was then preformed to get 8.91 working.

My Fix was similar to @dboeshart , Agreeing the the new Terms and Conditions and assignments started happening again.

On JAMF's advice I regenerated the token on Apple's deployment website, and loaded it into our JSS server. The "DEP service reported an error..." message is gone now. Here are the steps they sent me:

1.)Go in the JSS to Settings>Global Management>Device Enrollment Program
2.)Download the Public Key by clicking the key button that says Public Key right next to it
3.)Log into deploy.apple.com
4.)Upload the PublicKey.pem that was just downloaded into the DEP portal. We'll hit "Replace Key.."
5.)Then we are going to select generate a Server-token and this will be uploaded into the JSS
6.)Go back into the JSS Device Enrollment Program select the DEP group, hit edit and Upload Server Token File
7.)Once we upload the new server token file we are going to click save

I just started receiving this error today. I've tried updating the key and token, but I'm still getting an error. We're using the cloud portal, so I can't verify time on the server, or use telnet. Any suggestions? Update-Our vendor did add two new devices today, and they do show in the prestage enrollment page, but are listed as unassigned.

Exact the same error shows up here in pre-stage enrollment for Macs. Did Apple break something?

We are having the same exact issue for our JSS environment and JAMF support told us that this issue has been escalated to Apple Engineering team. I guess we have to wait for Apple to fix it.

FWIW: in our case it seemed that one single unassigned device we added to the PreStage Enrollments (PSE) caused the error. When i removed the device from the particular PSE-group the thing went back to normal (as in no errors). I'll keep you guys posted on updates. Additional info: i first had to remove all devices drom the group, saved it and then added the 'normal' devices back to the PSE-group.

Same happened here to me today. (2/24)

Same happened here to today. (2/25) But not on all my JSS servers???
But it's only bij the PreStage enrollment of Computers
The PreStage enrollment of Mobile Devices is oke
This is on the same server. So it must be something in the JSS
After making a new PreStage enrollment stage by Computers same error
if i make a new PreStage enrollment stage by Mobile Devices no problem.

whats going on??

I'm not getting any errors, but our Macs aren't getting the JAMF binary, our management account, or Self Service after setup assistant. The MDM profile installs, but no other profiles push down. Gonna submit a ticket to JAMF Support and our Apple TAM.

Hmm, working again on a test machine, but a huge delay after completing setup assistant. Everything pushed down about 30 min after hitting the desktop of the local user. Still have support tickets logged with JAMF and Apple to see what they have to say.

After the rogue device was unpacked, turned on and connected to internet (we didn't had it unwrapped yet) We removed the device from the PSE-group, saved the group and, put it back in, saved again and presto! Error gone.
I'll do some research in the days to come on logs etc, but for now I think it might have something tot do with Apple's DEP and not with the JSS.

@mvdbent Did you made an empty PSE? (without Mac's added to the scope)

@Aufderhaar we did made a empty PSE-group but we get the same error.
This morning the error message went away after assigning devices in the PSE-group. it was for sure a Apple error but do you know what the error was??

@mvdbent for sure now is that 'something' in the DEP triggers that error. But what exactly is unknown. I could trickle it down to one device as we just got started on DEP/PSE and easily remove devices from groups etc. Oh well, let's all wait for the next hiccup.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded