Jamf Nation Community

scottt · ‎01-25-2016

Hi All

Getting the error "There was a problem communicating with a push server" when trying to push and commands to iOS devices or to Macs.

We have setup an apple push certificate and also have a valid SSL certificate, but we are still getting the same error.

Enrolled iOS devices are not showing any information other than the serial number and we cannot push any commands to these devices at all.

Our JSS is installed in Ubuntu server

nteal · ‎01-25-2016

Just chiming in to say I'm seeing this as well. Glad to see that I am not the only one. We're running JSS on a windows server, JSS version 9.81.

iJake · ‎01-25-2016

Check your JSS has access to these ports for APNS on Apple's 17.0.0.0/8 block
APNS Ports

nteal · ‎01-25-2016

An update: My issue was probably not related, but I'll post this anyway in case anyone comes across the same issue (TL;DR: Someone running a java update ruins the day. Reverted and all is good).

The firewall rules were properly set. All traffic is allowed on ports 443,2195,2196, and 5223 from 17.0.0.0/8. There wasn't anything in the firewall logs indicating any of these connections are being blocked. From this tech note iOS Developer Library - Technical Note TN2265 - Troubleshooting Push Notifications, I was able to test connectivity

$ telnet 1-courier.push.apple.com 5223
$ telnet gateway.sandbox.push.apple.com 2195
$ telnet gateway.push.apple.com 2195

Or for those lucky enough to have nmap...

nmap 1-courier.push.apple.com -p "443,5223" && nmap gateway.sandbox.push.apple.com -p "2195,2196" && nmap gateway.push.apple.com -p "2195,2196" && nmap feedback.push.apple.com -p "2195,2196"

The APNS certificate wasn't set to expire for several months out.

I finally decided to check the JAMFSoftwareServer log and it had errors all over the place. It wasn't until I restarted the tomcat service that the problem nastily revealed itself. The tomcat service showed an error when starting back up. The Tomcat logs commons-daemon log showed:

... [2016-01-25 12:49:33] [info] [ 536] Starting service... [2016-01-25 12:49:35] [error] [ 536] Failed creating java C:Program FilesJavajre1.8.0_60inserverjvm.dll [2016-01-25 12:49:36] [error] [ 536] The system cannot find the path specified. ...

A few days ago java update 8u71 was installed. I uninstalled the updated jre and reinstalled the jdk and jre to the expected version using the article here: https://jamfnation.jamfsoftware.com/article.html?id=28 After starting the Tomcat service again, everything came back online like normal.

scottt · ‎01-26-2016

Our firewall is open accordingly. We actually have another MDM solution (Absolute MDM) installed and working with push notifications just fine.

davidacland · ‎01-26-2016

Hi @scottt

Was it all working fine previously or is this the first go at getting it setup?

If it was set up previously, I'd check the push cert is still valid, check the JAMFSoftwareServer log for errors and check that a change hasn't been made anywhere else that could be affecting it.

scottt · ‎01-26-2016

Hi @davidacland

This is the first go at getting it setup

I have renewed the push certificate just incase but still getting the issue

Thanks

Scott

davidacland · ‎01-26-2016

There's a couple of possibilities in the server itself, although firewalls are the most common cause. The server would need to reach 17.0.0.0/8 on 2195 and 2196 (both outbound). I'd double check that the main network firewall is set to allow the traffic, and that the Ubuntu firewall (iptables) isn't blocking the traffic.

scottt · ‎01-26-2016

Right just got this sorted, turns out there where no DNS settings setup on the Ubuntu box! DOH!!

Thanks all for the advice

Scott

Jamf Nation Community

JSS - There was a problem communicating with a push server