403 (Forbidden) error when testing JSS to Apple GSX Connection

jkarpenske
New Contributor III

Yesterday I was attempting to look up our purchasing information from GSX , but received an error that simply said "Unknown Fault." I went to the JSS configuration page to test the GSX connection, but received the same "Unknown Fault" error. Viewing the details showed "403 Forbidden" as the actual error. I tried again this morning, just in case it was a temporary hiccup, but got the same results. Our JSS to GSX connection was working last week, and as far as I know, nothing has changed related to this. I am still able to log into GSX manually using the same username/password related to our JSS-GSX connection. Has anyone else experienced this, and do you know of a fix?

21 REPLIES 21

tomr
New Contributor III

I can only add a me too. Happened this morning. We're using cert based auth but i tried it with password based auth too.

sbrosnihan
New Contributor III

In JSS 9.96, I'm getting "Service unavailable" in the details of an "Unknown Fault." I was getting successful tests in 9.92, but was unable to gather warranty info. Since the upgrade, there's a new field to configure in the GSX Connection section: "GSX Account Number." This is in addition to the Sold-To. This field isn't referenced in the documentation, nor is it a number I see in GSX.

I was getting 403 errors (not the current 503 errors) in 9.92 and had to work with Apple GSX Web Services to clear those up. Even after whitelisting, I was getting the errors well after the 7 day wait. I just kept at them until they confirmed there was 'a problem on their end.'

This 503 error is new. I'll pester Apple again if it doesn't clear up today.

chris_kemp
Contributor III

Swell. Happening here too. WTF, Apple?

alex04
New Contributor

yes apple last week changed a lot things!!
i have another problem anyone can help me !
i can't make carry in repair cases in my gsx account,everytime i tried to make repair i put correct serial number with same GB ,same model ,color as replacement but i got invalid serial number so why i got that error ? where is my mistake? how to fix that erro?
thanks

dkelly
New Contributor

Same issue as one of the posts above. GSX integration finally was working (at least it would do a successful test), though still couldn't pull warranty information. I had to work with Apple to get IP whitelisted and the like. Once upgraded to 9.96, first notices "Enable GSX..." was unchecked and when I check in and put in the information (not sure what both the GSX numbers are (Account and Ship to) so I'm putting the same for both), when I test I get the Unknown Fault and Service Unavailable in the Show Details. Anybody have any luck on getting integration to work?

sbrosnihan
New Contributor III

Post 9.96 upgrade I ended up having to re-enable the GSX connection and change the URL to https://gsxapi.apple.com/gsx-ws/services/am/asp from https://gsxws2.apple.com/gsx-ws/services/am/asp, which was what was working before. I am now able to connect and retrieve information.

dkelly
New Contributor

Thank you sbrosnihan, changing the website URL worked for me and it's running!

jkarpenske
New Contributor III

I'm glad to hear that you guys got your GSX integration working! After a flurry of emails back and forth with Apple's GSX support, they determined that our IP had never been whitelisted (even though GSX integration had been working for several weeks prior! A few days later, ours started working again.

akseez
New Contributor II

Thanks @sbrosnihan! That fixed it for us as well.

amoscaritola
New Contributor III

@dkelly I'm having the same issue, still persistent after changing the URI. I was told to have apple whitelist the ip. I contacted support through GSX and was told it's out of their scope. I'm just curious what channels of support you went through with apple to get that done. -Thanks, Anthony

jkarpenske
New Contributor III

@amoscaritola We were able to get (re)whitelisted after talking to the same folks who issued our certificate. We contacted them through the generic support email of gsxws@apple.com. I hope they can get you whitelisted soon!

sbrosnihan
New Contributor III

@amoscaritola, I communicated several times with gsxws@apple.com (GSX Web Services) and they worked with me to troubleshoot the connection and verify whitelisting of our IP range. There was an additional problem on their end that was eventually identified. I had to politely persist, but the issue was finally resolved.

amoscaritola
New Contributor III

Thanks @jkarpenske and @sbrosnihan ! After contacting gsxws@apple.com they were able to help us get set up to the GSX New Generation WSDL. We needed to provide some information for them to whitelist the outgoing IP we use and sign a CSR file that we generated.

stphnlee
New Contributor II

We started getting this error after our network administrator switched us over to our new FortiGate firewall. Apparently that changed the external IP address of the requests from our JSS, and Apple had to whitelist the new IP address. I got help from them using the gsxws@apple.com email address that @sbrosnihan suggested.

adhuston
Contributor

I have started seeing this error this morning on my Jamf cloud instance. I know GSX had maintenance this weekend. I just wanted to check and see if anyone else was seeing errors connecting to GSX as well?

JasonAtCSUMB
Contributor

@adhuston Yup, me too. I'm using this URI in our JSS settings: https://gsxapi.apple.com/gsx-ws/services/am/asp

adhuston
Contributor

Same here. I reached out to GSX support and was able to get it working for about a week, but it's down again. I'm getting a forbidden error message today when I test the connection. Time to reach back out to GSX support.

blairb
New Contributor III

I've been getting the 403 for weeks now. Apple insists our IP is whitelisted and JAMF seems to have no idea of what to do next. I really need this integration to work. Anyone have any more ideas for troubleshooting? Can the 403 forbidden error result from a problem with the cert? I didn't get any errors in the process of obtaining and uploading the cert.

cwaldrip
Valued Contributor

Same issue as @blairb and no idea. We renewed our GSX cert back in February, so it's good through 2/14/21 (of course we'll have to replace it with the new API release on Oct 1. I wonder if there's anything related there...

hkabik
Valued Contributor

Yesterday everything worked fine.

Last night I updated to Jamf Pro 10.15. Then recreated my GSX cert with apple and inserted my GSX API token today per the 10.15 upgrade instructions.

As of today I am getting the 403 error.

I have Apple checking my ip whitelist, but as it was whitelisted yesterday I don't see that being the issue.

hkabik
Valued Contributor

Somehow Apple had de-whitelisted my IP the very night I updated to 10.15. Seems suspicious but thats what they are saying. After they re-whitelisted my IP, all is well.

So if you are seeing this, request your IP be whitelisted again even if it already has been.