Hey guys...searched some discussions on here but didn't come across anything I could use. Has anyone had any luck with putting and keeping an Apple TV on an Enterprise WPA2 WiFi network with a time requirement?
We can get all the certificates, trusts, etc on the Apple TV through Apple Configurator but it cannot join our wireless because the Apple TV (at first) doesn't know the correct time. It cannot connect to the network wirelessly to grab the time either.
Anyone come across a way to get this to work without resorting to a hard wire ethernet connection? Any feedback would be appreciated.
Solved! Go to Solution.
Do you do a full wipe of the Apple TV to skip the setup steps and the naming of the device? I had a problem before where our firewall was blocking the port for the Network Time Server.
The firewall still does this, but after I did everything in configurator, I didn't have an issue connecting to the wireless setup that we have.
Don't mean to hijack... But ours is certificate based RADIUS authentication.
The AppleTV's clock seems to reset to 1970, meaning that the Certs are not trusted & so can't authenticate.
We saw this as the wireless profile would have an install date of 1970.
Is that similar to you setup @gburgess?
Also, maybe it's an AppleTv model thing, or software as you've mentioned.
I work for a very large corporation and basically, we have a RADIUS server which has a time requirement of +/- 5 mins to be able to join the network, in addition to AD credentials.
So with brand new ATVs, after pushing the certificates through Configurator, it cannot join the network. The certs don't expire until 2036, so it isn't that. I'm pretty certain it is the time requirement and as we all know, the ATV has no way to store the time or obtain the time when it's brand new (or freshly imaged) without a network connection. It seems for now the alternative is to connect via wired connection at setup and then unplug when ready for production. Not ideal but it does seem to work.
We don't have a RADIUS setup here that would require certificates. We just have them connect to an SSID with WPA2.
I do know the issue that you are talking about though with the 1969ish date. I've had that hit me with not being able to use certain profiles in the Apple TV. I find it odd though that the Apple TV's that I'm setting up with my machine are sending out the correct date to the Apple TV. I just checked our firewall, and it is still blocking the 123 port for the Apple Time server. The payloads are showing the correct date on which they were received from the config machine.
Currently, I do a two stage loading of the profiles on to my Apple TV's. One for the config of wireless and name of the Apple TV. And then I do a quick add of the MDM profile to add it to the JSS.
I wonder if you could set up a hidden SSID for setting up the Apple TV's and then remove that and add the RADIUS items after the first config run-through.
interested to hear which bonjour gateway you use and how it works for you. We used the aerohive AP's and found that once you had approx 10-12 ATV's it would start intermittently broadcasting some and not others.
We had 3 vlans we were broadcasting over. Approx 400 client devices (ipads)
Went to a Ubuntu box with avahi and the reflector option, which worked but caused other issues such as the naming of the apple tv's always changing and then different names showing up on different devices and so some devices were unable to connect to the apple tv using airplay. for example: AppleTV Library would randomly change to AppleTV Library (23) or some other number. We assumed this to be a stale mDNS record on a device somewhere causing mDNS to create a new dns record for that appleTV
@calum_carey We currently are using Ruckus with our network and have the bonjour gateway set up. Limited testing right now. We have over 50 Apple TV's over 3 SSID's that are also broadcasting to a 4th SSID. So far in my testing, I've only seen 1 issue in one area of the building that is having a delay of about 20 seconds. Not crossing over the gateway seems fine though...so as I said, testing the waters with it currently.
For you to not get those numerical names, you'll want to reserve IP address for each of your Apple TV's. That what we did to stop this issue. That and set the devices to never sleep.
I keep seeing error 4001 when trying to install a .mobileconfig to my 3rd-gen aTV and get it to connect to my 802.1x PEAP wireless. Tried profiles that both included and excluded the cert, no dice; was able to install the cert separately.
My network guys claim that they whitelisted that aTV's wireless MAC so that it doesn't need to authenticate, but it seems that neither Configurator or iPCU can get the aTV to accept a profile with blank username & password fields for PEAP authentication. Now, if they'd just create a service account..
@pete_c, you need the whole certificate trust chain on the AppleTV as per: https://jamfnation.jamfsoftware.com/discussion.html?id=6495
This quotes a KB that has been updated without the quoted text, but afaik still holds true.
@calum_carey, if this isn't on a separate thread, maybe we should move it there. We are using Aerohive APs and their Bonjour Gateway and are seeing the exact same behavior you described. I've been troubleshooting this on and off since September and we can not seem to find any rhyme or reason as to which Apple TVs disappear. Most of the time, simply turning AirPlay off and then back on, on the Apple TV, seems to make it reappear in the AirPlay list on the iPads. We have about 80 Apple TVs being shared across 9 different VLANS.
@andyparkernz Did that end up solving the issues? Are all of your Apple TVs consistently showing up in the AirPlay list now?
We just finished upgrading all of our Apple TVs and have turned off the Bonjour Gateway. The new bluetooth initiated connection method seems to be much more reliable so far, but time will tell.
@dpenny - yes, they show consistently, and the other issue we had that they would rename (by adding an increasing number after the Apple TV name) was also solved.
Haven't tried the new bluetooth method yet, but it seems preferable to an increasingly long list of Apple TVs to choose from.