Question

Apple DEP - Failed to contact Mobile Device Management server

Forum|Forum|11 years ago
February 5, 2015
31 replies
305 views

jbarnes
Contributor

We've signed up with Apple DEP and successfully put a token into the JSS. Inside the JSS, we can see the two test OS X machines we've added to DEP and their requisite serial numbers.

When we go to re-image one, the DEP dialog that our institution has been detected shows up, but when you hit continue, the computer cannot contact the MDM server with the error "Failed to contact Mobile Device Management server. Your Mac will not be configured with default settings from Institution Name. To apply these settings later, click Continue." Which seems odd, because inside the JSS, the MDM server is clearly contacting the DEP to show us the machines that have been added.

We do not currently have port 8443 open incoming outside our intranet for this server, as it is in development. I was wondering if that could be the issue -- and perhaps the JSS can contact DEP when I'm logged into it because it's establishing an outgoing connection, not an incoming one? Basically, I'd like to understand what's happening after the computer knows it is associated with our institution (which it does, as it has our DEP e-mail and phone number) without just opening the required ports in the documentation.

Does anyone know?

Show first post

Forum|pagination.label 2 / 2

lidiya_dergache
New Contributor
Forum|Forum|6 years ago
November 25, 2019

Same issue here. Have a ticket open and awaiting response.

+11

dbradprice
Contributor
Forum|Forum|6 years ago
December 5, 2019

Having this issue intermittently. Some computers do enroll anyway (after clicking "OK" at "Enrolling with management server failed" message.. Some never enroll. Tried both on institution network, and external (open) network.

+11

dbradprice
Contributor
Forum|Forum|6 years ago
December 5, 2019

Seeing different sub-texts below the "Enrolling with management server failed". E.g. "Unable to connect to the MDM server for your organization" (ok... maybe a basic network issue), but also "Unexpected error (NSOSStatusErrorDomain:-67846)" not sure what this means. Also in another instance got the "your institution has MDM" gear screen but "null" where the institution name should be.

+11

BCPeteo
Contributor
Forum|Forum|4 years ago
June 24, 2021

Was getting "The server chain for your organization's MDM server was not properly setup" when trying to enroll using ADE when going from the built in CA cert to a 3RD party cert. The fix was to add the 3rd part cert to the certificates in the PreStage enrollment. That cert then gets added to the MDM profile that gets pushed down.

+19

dstranathan
Valued Contributor
Forum|Forum|4 years ago
September 28, 2021

I had a similar issue on my on-prem JSS servers (10.29.2) after replacing the built-in SSL cert with a third-party cert, I was seeing this error when enrolling Big Sur Macs into our Jamf MDM:

"Enrolling with management server failed. The server certificate chain for your organization's MDM was not properly set up" (See screenshot).

I called Jamf Support and I was told to delete my current PreStage (that had an existing built-in anchor cert) and create a new, clean PreStage WITHOUT an anchor certificate payload. I was also told that on-prem Jamf servers that use an external third-party SSL cert should NOT use an anchor certificate in PreStages.

+11

BCPeteo
Contributor
Forum|Forum|4 years ago
November 4, 2021

Is this the MDM cert or web cert? I am using self signed for MDM and 3RD party web cert. In this config I needed to have both in prestage in order for ADE to work. Seems Apple requires it in order for a MacOS or iOS device to initially talk to Jamf. If you enroll using the jamf URL you do not need the web cert.

Forum|pagination.label 2 / 2

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded