Infrastructure Manager/LDAP Proxy

is the server windows or linux? if linux, you can probably skip the following as it pertains to windows.......
my issue ended up being that my JIM could check in to cloud but it could not do any ldap operations. I had to manually allow an exception in Windows Firewall for it and it has been working ever since. may be worth a try....
I know you mentioned it already, but the hostname issues can be problematic depending on your network. does your JIM show an internal or external IP on the server side settings? It should show an internal IP on Jamf, if it is showing external, that is a red flag.

does your JIM have a public domain name? for example, jamf.mycompany.com for JIM and the cloud is mycompany.jamfcloud.com. if you're just doing it by IP, i do not think it will work

Finally, are you trying to do LDAP or LDAPS? If LDAPS, make sure your cert CN is the same name as the FQDN of the AD server and it comes from the root CA of your domain

• This is running on Windows Server 2016.
• The server itself has a different name than the DNS name (i.e. server is "server12345.company.com", DNS name "jim.company.com"). This shouldn't be an issue if the DNS is setup correctly, I believe.
• It is showing the internal IP address in the JSS.
• We have an external facing DNS entry ("jim.company.com") that goes to our F5 load balancer, and is forwarded to the server. I did an nslookup on it on our network and it's returning the external F5 IP addresses, so I'm seeing if we need to have the internal DNS server updated.
• I'll look into getting a firewall rule for the internal connection to the AD server as well.
• I'm just trying LDAP for now, I haven't gotten into LDAPS yet.

hey @PhillyPhoto did you ever get this working? Re-reading your post, it sounds like you have the firewall rules for tenant.jamfcloud.com, but you need to add the specific IPs for the CDN: https://www.jamf.com/jamf-nation/articles/409/permitting-inbound-outbound-traffic-with-jamf-cloud

This is the info I used to have our firewall configured:

Outbound traffic:
Source {External facing IP addresses}
Destination https://cloudtenant.jamfcloud.com {cloud IPs}
Service 80, 8443, 443, 8389, 8636 / HTTPS, LDAP, LDAPS

Inbound traffic:
Source 54.208.14.206 54.208.84.215 52.1.62.94 52.1.215.211 52.203.216.218 34.233.253.88 34.234.26.211 52.72.152.43 52.39.2.203 52.39.4.253
Destination {External facing IP addresses}
Service 80, 8443, 443, 8389, 8636 / HTTPS, LDAP, LDAPS

on Windows Server, have you checked any of the log files?
mine are located at C:Program FilesJamfInfrastructure Managerlogsjamf-im.txt

I had quite a few different errors in there to go off of to resolve the issues I was having when configuring the ldap proxy. It is possible that while the JIM itself is functioning and can check in, the LDAP proxy might not even be running.

It just has this over and over:

2019-08-12 11:11:57,838 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Initiating checkin to JSS
2019-08-12 11:11:57,901 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Checkin complete, next checkin in [30] seconds
2019-08-12 11:12:27,921 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Initiating checkin to JSS
2019-08-12 11:12:27,983 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Checkin complete, next checkin in [30] seconds
2019-08-12 11:12:58,003 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Initiating checkin to JSS
2019-08-12 11:12:58,065 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Checkin complete, next checkin in [30] seconds
2019-08-12 11:13:28,085 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Initiating checkin to JSS
2019-08-12 11:13:28,148 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Checkin complete, next checkin in [30] seconds
2019-08-12 11:13:58,158 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Initiating checkin to JSS
2019-08-12 11:13:58,251 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Checkin complete, next checkin in [30] seconds
2019-08-12 11:14:28,263 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Initiating checkin to JSS
2019-08-12 11:14:28,326 INFO c.j.j.c.j.JssCheckinManager [pool-3-thread-3] Checkin complete, next checkin in [30] seconds

so it seems like the LDAP proxy isn't even running....

what happens if you open IE on the server itself and browse to "jim.company.com:$PORT"? does it connect to itself? do you get any logs then?

It just says the page can't be found when I try to connect in IE. I don't see any logs created or updated beyond what's above.

It looks like it may be an issue with the tenet IP addresses. Today they're different from when I submitted the firewall request for them, so I'm seeing if I can get the range they use to open it to that instead.

@PhillyPhoto if you do not get logs even when browsing locally, it sounds like your proxy isn't working correctly.

i have mine running on https, so i put in https://publiclyresolvable.name.com:8389. i get a cert warning when first connecting, and then i get the "this page can't be displayed". btw, do you resolve the AD server in your hosts file, or just the publicly resolvable name? my hosts file is

internal ip public DNS name
internal ip AD server DNS name

@hdsreid I get the same error when trying to connect to my JIM. I also tried adding the IP of my AD server to my hosts file as well and it made no difference. I already had the server IP and DNS name in it.

Hey, could you fix this issue? I get this notification:

And the status is shown as "Disabled"

Does someone know what to do?