Jamf Nation Community

This makes the most sense and was my thought too. But other than 443 for https listed as a requirement, I cannot find any mention of other ports that need to be open.

@besteves Did you solve this or do you still have the "Problem contacting Apple services" error
we also get this one now so i am curious.

Do you have a proxy in place?

Nive to know about the time server, but in our case the next day we could import the DEP token without a problem so i think Apple had a error or something.

This could also fail if your JSS site certificate is expired.

I have also come across this.

Our JSS is behind Microsoft TMG server (not for long) but after running logs on traffic during the Upload I couldnt actually see a specific denial to an outbound address.
Does anyone know the specif IP or URL this process needs to communicate to?

@besteves, we had the same issue. Updating the date/time on the JSS resolved this problem for us.

SOLVED Posted: 4/28/16 at 5:10 PM by besteves

This solution worked for me - server was 5 minutes out! Thanks!

We had just seen the same issue after a clean and fresh install.
In our case we solved it by installing Oracle Java on the JSS instead of open JDK.

With OpenJDK the JSS could not contact Apple Servers for DEP and VPP, after changing to Oracle Java, everything started working.
Might be a 9.98 product issue...

We are running 9.98, the time on our server is correct, we are running Oracle Java, the fire wall is configured correctly per JAMF support, and this is a clean installation. However we get the problem contacting apple services error and can not configure DEP. Any other ideas?

I continue to have this issue. Did anyone come up with a confirmed resolution?

It seems that the DEP portal is "down" since a few hours

After a support call to JAMF Support and examining many support articles - we followed these steps to resolve:

• Apple School Manager - "Get a new Token" from desired MDM Server

• JAMF Pro - upload new "Server token file" Settings | Global Management | Device Enrollment Program

Once uploaded, errors went away and missing devices from ASM started populating in Pre-stage Enrolments.

Running into this currently. ntpd is configured properly and the time on the server is accurate. Firewall certainly shouldn't be an issue given that it's 443. I've tried downloading the token from multiple different admin and device manager accounts in apple school manager.

hepl!

seems like no one saw this or has an answer.

No answer, but we're currently experiencing this issue as well. I suspect it started when we shifted to daylight savings time about a week back - GMT/UTC+13. We do occasionally and unpredictably sneak a DEP sync or token update through, but not due to any changes on our end.

We have been noticing this too. 10.15.1. I'm not sure how long its been happening, but if we retry enough times we can get a new token to take. But I can't seem to sneak an ASM roster sync through at all.

Looks like this was our issue: https://macmule.com/2019/10/01/more-dep-sync-errors/

Sync is working after applying the fix.

This issue just crept up for me and my team, and I am looking at the macmule.com/2019/10/01/more-dep-sync-errors/ post, and am more lost than anything, and the problem is, I inherited this setup, and the last major update that was ran was to 10.15.1, and installed the prerequisite Amazon Corretto 11.0.4.11.1, and was running fine up until this afternoon. I noticed there was an update to 10.17.1 that was supposed to fix issues with EDU sync, but still nothing.

TIA
-Mark

@amityaccounts Sound like you are experiencing the same as being discussed here: https://www.jamf.com/jamf-nation/discussions/34219/dep-sync-failing

Sync failed. Awaiting next sync.

It is occurring for us too, as of today.

We have the DEP SYNC Issue as of today.

same here. I noticed this started happening yesterday morning for us. I get "Problem contacting Apple Services" if I try to upload a new DEP token.

Same here running 10.15.1 on-prem.

Us too (10.17 on-prem) . All three of our Jamf environments stopped synching with Apple on 9/12 at about 17:00. I tried to upload a new token to our development instance (to see if it fixed it) but now get the "Problem Contacting Apple Services" message....

We are experiencing the same issues ALL our DEP-Sync are failing........ but our 6 caching servers are working and syncing fine.
Renewed all tokens... restarted our Jamf Pro and DBServer ... nothing changed all are sync failures

Looks like Apple reinstaed their change that broke TLS 1.3

You need to do the fixes listed in this Post:

https://www.jamf.com/jamf-nation/discussions/34219/dep-sync-failing

We need to add the following line to the JAVA_OPTS area of setenv.sh:
-Djdk.tls.client.protocols=TLSv1.1,TLSv1.2
Default filepath on Linux:
/usr/local/jss/tomcat/bin/setenv.sh
This will need to be done on all Tomcat servers. Tomcat will need to be restarted after doing

@jhalvorson the steps from this link worked for me. Needed to allow TLSv1.2, Restart Tomcat, Renew DEP Token, and all was good. The syntax needed is all at the link. Thanks for pointing me in the right direction!

bcourtade´s post solved it for us with JAMF 10.16.1 !
https://macmule.com/2019/10/01/more-dep-sync-errors/

@martenblank I appear to be having some DEP issues even after using that method to fix in v10.17.1

Running into PI-006472: UserList mdm command continues to be issued (and fails) when required preconditions are no longer met)

Some computers are having issues re-enrolling via methods provided by support. My theory is DEP related as I see errors in logs and devices assigned to prestages not showing as such in the Automated Device Enrollment section in JAMF Pro.

If you are still having issues, check with your firewall team as well. We had to have our FW team trace our traffic and re-allow it for mdmenrollment.apple.com. Not sure what could have changed since we had all of Apple opened and it was working before, but it was more than the Java/TLS 1.2 change for us.

After editing and saving my prestages as suggested by JAMF Support, now getting the following error after invoking

sudo profiles renew -type enrollment

Selecting details, and accepting enrollment

I was having the same issue. Apple School Manager was last connected to the MDM on December 9th. Our infrastructure was upgraded to 10.17.1 on the 4th of December.

Process I used to fix the sync was. 1) Add the TLS first in our Ubuntu server. 2) Then Renew the DEP tokens. Even though we were still within the time frame of expiration, it still worked.

Cross reference https://www.jamf.com/jamf-nation/discussions/34219/dep-sync-failing for another solution that fixed the problem for us.

I just performed an on-premise install (my first install), 10.19.0 here. Ran into the same issue when adding the MDM to Apple Bus. Mgr. The TLS adjustment to Tomcat advice from above fixed it. The page linked from above that showed the Handshake-error log entries were immensely helpful.

In my case, I needed to forward port 5223 to my Jamf Pro server.

Semi-old thread resurrection, but, is anyone experiencing issues today with this? I just noticed several ABM assigned Macs that I've added to a Prestage are still awaiting sync and in my ABM setup in Jamf it's saying Sync Failed - Awaiting Next Sync.
I tried re-uploading a token from ABM into Jamf and I'm getting the "Problem contacting Apple Services" error.

See, this is the kind of crap that keeps me up at night. ABM + DEP is cool and all, but it's relying on a process that could go down at any moment and we have zero control or influence over it. If this is on Apple's side, the only thing I can do is sit and wait and hope they address it sooner rather than later. I was just about to ship out several Macs to customers when I noticed they weren't syncing over to the Prestage, which I'm glad I checked. Gonna hold onto these machines until I know things are communicating again. *sigh*

Same issue for me. Been going on for some weeks though.

Awaiting sync is the error I see in the pre-stage and under device enrollment settings.

I AM able to upload a new token without issue.

I have a support ticket open with Jamf but this is yet to be resolved.