Failed to contact Mobile Device Management Server

BVargas
New Contributor

028e97b623894d76935918f7e5dba879
Hello! I am trying to implement a prestage enrollment on brand new computers at our university. However, I have been running into this error and have tried a few solutions to solve it. I have tried the following solutions to no avail:
1. I have refreshed the ASM token into the DEP,
2. I have tried initializing the process on different networks, both ethernet and wifi
3. I have included the University Private Root CA cert in the prestage enrollment (and then took it out after as a follow up test)

None have worked though. Any suggestions or thoughts would be appreciated!

7 REPLIES 7

sdagley
Honored Contributor III

@BVargas Has your network group opened the required connections to Apple's servers? You'll find Apple tech notes HT201999, HT207516, and HT203609 useful info on what's needed.

m_donovan
Contributor III

I had a similar issue back in November and it turned out to be a duplicate DEP record in Jamf.

Boyle
New Contributor II

Coincidently, we are having the same issue today as well. I have a case opened with Jamf support.

My tech mentioned to me that she was able to setup two iPads yesterday and I did confirm that we cannot setup an iPad today.

I did upgrade Jamf this morning from 10.11 to 10.11.1...not sure if that has anything to do with the issue...maybe Apple is having an issue.

We are going to try again tomorrow.

Chris

a_simmons
Contributor II

Yes I've been seeing this as well. It seems like its only happening on new devices.
I'm on Jamf 10.11

ShaunRMiller83
Contributor III

I've had this happen in a few of my past role.

I would make sure you are using a quality dongle (preferably MFI certified) if that is applicable. I've had dongles that were perfectly good in every other way fail during DEP.

If that is good during the Setup Assistant Press CTL+OPTION+CMD+T and see what your IP address is from terminal, and make sure you are getting a valid ip. You can also go to System Preferences after pressing that as well. Lastly make sure the subnet has the proper routing and ports open.

Boyle
New Contributor II

So the issue for me is that we didn't have anchor certs attached to our pre-stages. (I had migrated to a new server, and I had to generate a new built in cert, but apparently, that never carried over to our pre-stages).

I had to export the Built cert from the PKI Certificates and upload the cert to all my pre-stages.

Now they are enrolling correctly.

Chris

skhublall
New Contributor II

@Boyle This worked for me! Thank you!