iPad conversion to Jamf NSURLErrorDomain error -1012

GHDJAMF
New Contributor

Hello I am in the process of converting all of my iPads in my organization JAMF and unfortunately on some specific iPads I am unable to do so. I have 3 iPad 2's and 2 new iPad Pro's all up to date on 9.3.5 and 10.2 that every I attempt to activate them through DEP during the setup process I receive an "The Operation couldn't be completed. NSURLErrorDomain error -1012". These devices are assigned to our jamf JSS in School Manager as well. I've attempted to wipe them numerous times and each time I go through the setup I get the same error. Our JSS is on 9.96. I've been able to convert through prestage about 25 iPads of varying models but these 5 I am unable to do so. I've checked all my certs to ensure they're up to date and they all look good. Have check into time drift and ensured the time is correct on my domain controllers and the JSS server. I'm at a bit of a loss. Any ideas?

9 REPLIES 9

tim_rees
Contributor

I'm getting this one today too... I wonder if there is an Apple service down somewhere.....

GHDJAMF
New Contributor

I've been working on this for weeks actually so I don't believe it's apple related as I've been successfully converting my iPad farm just fine and can't seem to get 3 specific iPad 2's to work with prestage

cparkridge
New Contributor

I am having the same thing happening. I am currently trying to update and enroll about 20 iPad 2 into Jamf I would like to set them up for Auto enroll using Configurator so that is a few less steps.

GHDJAMF
New Contributor

Yup sounds similar to me, it's only my iPad 2's I can't get working. All my other models work fine. Attempted Configurator 2 as well and receive profile invalid everytime. I even went as far as to setup a dev JSS environment completely stock with only what was needed to get DEP and prestage working with it and still the iPad 2's won't pass prestage on that environment either.

cbjake
New Contributor

Same issue here appears to only be affecting iPad2 for me as well. I have tried a couple different prestage profiles. If I remove the prestage and go to /cloudenroll, it seems to think my cert is not valid. Even though it is godaddy signed and is liked by IE, Chrome and Firefox on all my other devices.

fisherf
New Contributor

cbjake,
I have almost the exact same issue except my cert is from RapidSSL.

Any luck yet?

cbjake
New Contributor

I had to get the full SSL chain installed. For some reason when I exported from my main IIS server it only exported the server certificate. I had to go back and export using the certificate manager on the machine and reimport.

1ec2eeb505ee489a8f2fd27a0e6e2965

Notice how I have server and 3 chains, before I was only getting g the server section and then a red arrow towards the chain and they were missing.

Hope this helps.
Windows environment for web hosting server and Casper install in case that makes a difference to how you approach your issue.

GHDJAMF
New Contributor

Would you be able to explain more in depth on what you did to resolve this? I've actually nailed down my problem specifically to a certificate issue. We're using a GoDaddy wildcard cert for our Apache Tomcat settings and it works fine for every mac and newer iPad we have, but not these iPad 2's. I've cross referenced and confirmed on my dev environment that the builtin JSS cert works fine for all devices including the iPads 2's but for some reason on my live environment the wildcard does not for the iPad 2s and JAMF support can't seem to tell me why.

zach_dorow
New Contributor
New Contributor

There are a couple simple things to try:
re-attaching the device in deploy.apple.com
checking port 2196

Otherwise this is a great workflow:

  1. JSS Server with a Built-In Certificate a. The Built-In Certificate that's on Tomcat needs to be on the Prestage. b. We can i. Recreate the Prestage and move devices to the new Prestage. OR ii. Download the CA from Settings > Global Management > PKI > Download CA Certificate. Navigate to Prestage Enrollment > Certificates payload and delete the Certificate that's in place, and upload the CA Certificate.
  2. Server with a Third-party Certificate (native trust) on Tomcat, or the Load Balancer a. Navigate to Prestage Enrollment > Certificates and remove the Certificate that's visible. This payload should be empty. b. Ensure the JSS URL setting in Global Management Settings matches the certificate URL. If this does not match, correct it and rebuilt the PreStage.
  3. DFU Restore any device that's attempted Prestage Enrollment with the incorrect Certificate.