Actions: get a Supervised iOS device on our WiFi, try to enroll it.
Expected behavior: device appears correctly in the JSS and can be managed.
Actual behavior: device does appear in the JSS, but with the wrong name (its serial number), missing most other info, and listed as being neither Managed nor Supervised. AC2 confirms it is Supervised. the device's Settings confirms WiFi, MDM, CA profiles present and correct.
There were no errors at any time, whether doing a user-initiated or profile-based enrollment. Configurator 2 showed no errors. No hints in its spartan JSS record. Checked the iPad's log via AC2, and it may have had the answer, but it didn't leap out to my untrained eye.
Diagnosis: our network was allowing a successful connection to the JSS, but preventing some parts of the iOS device's contact with Apple. It may be more nuanced than this, but we think it boiled down to successful PUSH traffic, but some blocked traffic specifically with their courier.* servers. Solved it with our network folks; checking denial logs and opening more holes to Apple.
My searches weren't fruitful... just writing this note for future searchers with the same problem.
Cheers. Joel
[ Setup: I suppose this problem would have occurred with any workflow under the same firewalling, but for completeness we were using non-DEP iPads and Configurator 2 with a "connect, restore, then two blueprints" procedure.
Blueprint 1:
Prepare: manual, no MDM, Supervise, org with JSS identity, don't show steps
Profiles: WiFi and Trust mobileconfigs from JSS
apply blueprint 1, wait for WiFi icon on device, apply blueprint 2
Blueprint 2:
Profiles: JSS MDM Enrollment Profile (or setup assistant, user-initiated enroll). ]
