Help

DEP issue with JSS hostname

Go to solution
RobertHammen
Valued Contributor II

Posted on ‎05-30-2014 10:08 AM

Hi folks,

Wondering if anyone has any experience with this. Client had registered their JSS with DEP but it was never going to work, as their JSS was not publicly exposed/it had a private .lan DNS hostname/URL.

So, we changed the hostname, configured internal and external DNS, regenerated the built-in SSL cert, restarted Tomcat, and opened up inbound ports 8443 and 80 to the JSS. Tested it and everything works, both on the local LAN and on the Internet.

Unsuprisingly, trying to activate a DEP-enrolled iPad resulted in an error about "A server with the specified hostname could not be found". So, we logged back into the DEP portal, removed the MDM server and created a new one, with a newly-downloaded Public Key. Downloaded the token file, recreated it in the JSS, and re-scoped everything to the new server in the JSS.

Still getting the "The configuration for your iPad could not be downloaded from xxx. A server with the specified hostname could not be found." Trying to do this from a non-firewalled public internet connection...

Anyone have any thoughts/suggestions/tips/advice? The first-tier JAMF support person I talked to wasn't that experienced with DEP to offer any suggestions, just created a ticket for further follow-up...

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
RobertHammen
Valued Contributor II

Posted on ‎05-30-2014 10:44 AM

I got it working - hooked the test iPad up to iTunes, wiped it. The first time it connected it pulled down the DEP info again (spinning gear for a few seconds) and it properly activated the iPad...

View solution in original post

0 Kudos
Reply
6 REPLIES 6

Go to solution
RobertHammen
Valued Contributor II

Posted on ‎05-30-2014 10:16 AM

Just to be totally clear, I deleted my pre-stage and re-created it. Something somewhere is holding on to the old JSS URL.

0 Kudos
Reply

Go to solution
were_wulff
Valued Contributor II

Posted on ‎05-30-2014 10:37 AM

@RobertHammen

Off the top of my head, there are a couple things I can think of to check:

- If you've got Configurator in the mix for any part of anything, redownload the Enrollment Profile and the Trust Profile and replace the ones already in Configurator with the new ones.

- Under Global Management >> JSS URL is there anything in the JSS URL for Enrollment Using Built-in SCEP and iPCU field? If yes, wipe it out, save, regenerate the Tomcat cert again, restart Tomcat again and give it another shot.

I took a quick look for a case from you in our queues but didn't see it just yet; was it one submitted via JAMF Nation, or by sending an e-mail into support@jamfsoftware.com?

One thing we'd want to take a look at on that case would be your JAMFSoftwareServer.log as that's usually pretty good about logging errors that come up.
The console log from one of the affected iPads may be helpful as well.

Thanks!
Amanda Wulff JAMF Software Support

0 Kudos
Reply

Go to solution
RobertHammen
Valued Contributor II

Posted on ‎05-30-2014 10:44 AM

I got it working - hooked the test iPad up to iTunes, wiped it. The first time it connected it pulled down the DEP info again (spinning gear for a few seconds) and it properly activated the iPad...

0 Kudos
Reply

Go to solution
were_wulff
Valued Contributor II

Posted on ‎05-30-2014 10:59 AM

@RobertHammen

An even easier solution!

Glad it's back up and working.

Amanda Wulff
JAMF Software Support

0 Kudos
Reply

Go to solution
RobertHammen
Valued Contributor II

Posted on ‎05-30-2014 11:22 AM

The DEP server info (for the old server) must have been cached on the device itself. I did restart it a few times and the behavior didn't change. Finally, connecting to iTunes and resetting by restoring from backup (with no saved backups) wiped it out.

Good to know, for future reference...

0 Kudos
Reply

Go to solution
dokihara
New Contributor

Posted on ‎05-30-2014 03:54 PM

Yes, it caches the response once it hits configuration. Only a complete wipe will reset it.

0 Kudos
Reply