Cannot communicate with any iOS device upgraded to iOS 11

Rhinehart
Contributor

Running JSS 9.101.0-t1504998263. after updating any device to iOS 11, devices stop communication with the jamf server. tried to wipe a device and reconfigure, i get to the remote management page and it tells me " The configuration for your ipad could not be downloaded from....... Canceled." anyone else having this problem?

1 ACCEPTED SOLUTION

Rhinehart
Contributor

OK talked with JAMF (Camden Webster) yesterday my problem was a SHA-1 certificate in Tomcat. macOS High Sierra 10.13, iOS 11, tvOS 11, and watchOS 4—available this Fall—don't support SHA-1 signed certificates for any TLS connections. Updated cert to SHA-256 and reestablished communications.

View solution in original post

19 REPLIES 19

ross_burdick
New Contributor II

I also am seeing this issue with my devices. I've had 2 ipads and 1 ipad pro that updated to 11.0 and I am unable to get them to enroll because of the same issue with the same message as above.

Update: JAMF version JSS 9.100.0-t1499435238

Rizvi
New Contributor II

I just upgraded JSS to 9.101.0 without upgrading to iOS 11 and all commands are stuck in pending status

analog_kid
Contributor

I might be seeing this as well... same versions of JSS and iOS. Looking right now to confirm with other devices.

jillhughes
New Contributor III

I am too.

egill
New Contributor III

We are having this same issue, 9.101. I emailed jamf support, no response yet.

dminnema
New Contributor

We are also seeing this issue. Not just with iOS 11 but with any iOS device.

ryan_bender
New Contributor III

We're at JSS 9.99.0-t1494340586 and are having similar issues with devices upgraded to iOS 11.

egill
New Contributor III

Hey @ryan.bender, I don't believe that 9.99 is compatible with iOS 11 which is probably why you are having issues. However, upgrading to 9.101 (which is supposed to be compatible) probably isn't going to help you much either it seems.

CairoJXP
Contributor

The only devices on 11 I've seen not updating were on what I'm guessing was the beta version. We're on the latest version of JSS 9.101.0-t1504998263 and I just set the device name of a DEP device on iOS 11 and it took. I haven't tried enrolling anything new that's on 11 though which may be your problem.

If the device is in a prestage, have you removed it and re-added it then tried enrolling? Also, make sure you've accepted the new apple agreements via Apple School Manager. Also make sure your certificates i JSS are up-to-date.

We're having issues with iPads not connecting to Apple TVs that we're troubleshooting because the Apple TVs updated to iOS 11 on their own somehow.

ross_burdick
New Contributor II

I just removed and added a device to prestage enrollment with the same result. We've also accepted the new apple agreements and the certs are current. Still an issue with enrolling 11.0 devices, it gets to the remote management screen if you try to manually enroll and says the configuration could not be downloaded, the configuration is not available. Annoying to say the least.

CairoJXP
Contributor

I remember a similar issue to this with iOS 10 I believe, specifically with newer iPad models that ran the 64bit version of iOS vs. the iPad 4 which was the last model on 32bit iOS.

What if you remove the device from the inventory (if it's created an incomplete inventory profile, delete it), then try to do OTA enrollment and see if that works at all. If not, add it back to prestage, wipe it and try prestage enrollment again.

Cyanez
New Contributor

I had a similar issue, i refreshed the configuration profile:

  1. Locate your configuration
  2. Select edit
  3. Save
  4. Select Distribute to all.

Note, you are not actually making any changes to the profile.

Once i did this, i did not receive the error message" The configuration for your iPhone could not be downloaded..."

pwilliams
New Contributor

We are also seeing this issue. Running the latest JSS (JSS 9.101.0-t1504998263). I have tried the "refresh config profile" fix but no improvement.

ITcaspersuite
New Contributor II

Do you guys have any updates on this issue? Or are you holding tight until Jamf has a response?

Rhinehart
Contributor

OK talked with JAMF (Camden Webster) yesterday my problem was a SHA-1 certificate in Tomcat. macOS High Sierra 10.13, iOS 11, tvOS 11, and watchOS 4—available this Fall—don't support SHA-1 signed certificates for any TLS connections. Updated cert to SHA-256 and reestablished communications.

ITcaspersuite
New Contributor II

Alright, thank you. Were did you find out which certificate you were using? We are going to update to latest release but need some information on the subject

Rhinehart
Contributor

look at the certificate properties and it should tell you weather it is Sha-1 or Sha-256

Rhinehart
Contributor

its the certificate that Tomcat is using

damienbarrett
Valued Contributor

I'm just now starting to test iOS 11 on my iPad fleet, which has been locked at 10.3.3 since the summer. On my test iPad, which has been upgraded to iOS 11.2.x and reset, I'm now encountering this problem. The setup assistant won't complete, because the configuration profile won't download from my JSS.

My JSS is currently 9.101.4 and uses a SHA-256 3rd party cert issued from RapidSSL.

Any ideas on how to troubleshoot this if it's not the SSL cert?