I keep getting this error using the new 9.3 stable.
Unable to contact https://mdmenrollment.apple.com to add a device to a PreStage enrollment
I see this under PreStage Enrollments when I create a new one and save it.
My iPads are erroring out :
The configuration for your iPad could not be downloaded from ****
The operation couldn't be completed. (NSURLErrorDomain error -1012.)
Please help. Thanks
EDIT: When I go to this site https://mdmenrollment.apple.com
I see this:
The requested URL was not found on this server.
I had that, and a few others (network error, corrupt profile) etc. This is how I solved it for every device:
After restoring the devices, they all worked the 1st try.
Hmmm. I was getting the EXACT same error after a while, and I did NOT change firewall or anything. I changed a few things, I'm trying to remember what all.
One thing I DEFINITELY changed was -- enabled the JSS URL for Enrollment Using Built-in SCEP and iPCU
Settings > Global Management > JSS URL -- set it to format http://jss.mycompany.com:9006/
Another, I installed the "Anchor Certificate" for my mobile-device prestage enrollment.
1. Settings > PKI > "Download CA Certificate"
2. Go into your prestage profile, click certificates, click edit, upload the cert you just downloaded.
Wanna try both of these changes, then restore the iPad again in iTunes and let me know what happens? I'll try to remember what else I changed too.
@jonathan.puebla][/url I've suddenly started receiving this error on 3 separate jss servers. One of them is a clean wipe. I called JAMF support, they had no idea. The tech said he can't even see the prestage setup tab so he can't help.
I know that if it's a MacBook prestage and you check the box to make the enrollment mandatory, AND/OR if you UNcheck "allow removal", it'll fail. Those features aren't possible so JAMF needs to remove the buttons in an update.
We are also getting the error Unable to contact "https://mdmenrollment.apple.com to get the list of devices" in JAMF DEP and also in prestage enrollment. We have renewed the keys and even went as far as deleting the server in both Casper and Apple's DEP but with no luck. We currently cannot see devices nor can we complete testing for prestage enrollment.
In my communication with JAMF Support it sounds like there's a defect where if you don't check off most of the boxes, it won't go through. Without these three boxes checked, our PreStage kept failing - https://www.dropbox.com/s/b8s6xj2w986yoyj/Screenshot%202014-06-04%2014.08.37.png
So they're looking into that.
We had other issues cause we changed our internal IP address of the server and never updated the token from Apple. I know its silly but just make sure you're certs and FQDN and ports are all good to go before trying anything else. Once I got all that good, we enrolled right away.
Our iPads aren't having any issues, as the JSS PreStage screen just displays the "Unable to contact mdmenrollment.apple.com..." error message. All the iPads we've uploaded via deploy.apple.com don't refresh and show up in the scope. Even when we try to create a new deployment server from settings, we get "Problem contact Apple services" when we upload the cert.
I am also getting the error message unable to contact mdmenrollment.apple.com, but only for the Mac PreStage Enrollments. With iOS devices I have no issues at all.
Per JAMF's recommendation I've tried generating a new token and uploading that to the JSS, and also deleted the PreStage Enrollment then created a new one but I still get the error for Macs. The strange thing is if you go to the Scope of the saved PreStage Enrollment it DOES see the Macs that have been enrolled in the DEP.
I was also told that while iOS devices automatically enroll using the DEP, Macs will only install the MDM profile and will need to be manually enrolled with the JSS. Can anybody confirm if that is correct? What would be the point of an MDM profile if the device is not enrolled with the JSS?
Per a conversation with JAMF, It has been identified that the issue is a defect in the current version of Casper.
iOS: Make MDM Profile Mandatory' check box is selected
OSX: when "Make MDM Profile Mandatory" is selected but "Allow MDM Profile Removal" is deselected.
It is expected to be fixed in the next version but we don't know when that will be.
While I have personally experienced the issue with OSX pre stages, I haven't experienced it with iOS.
@qsodji We found those 2 defects, and 3 more causes as well. In addition to yours, there was:
Unidentified JAMF issue. We had 3 servers go down at once. They came back up randomly a few days later. Nothing changed on them, the JSS just suddenly couldn't talk to MDM.
Time on the JSS server gets out of sync. One of our servers had the time wrong (auto-time stopped refreshing), so Apple's servers were rejecting the connection. As soon as we fixed time, it fixed the issue.
Info on DEP-side changed. Our phone number in the DEP changed. We had the error until we generated a new token that contained up-to-date DEP info
Per a conversation with JAMF, It has been identified that the issue is a defect in the current version of Casper. 2 scenarios iOS: Make MDM Profile Mandatory' check box is selected OSX: when "Make MDM Profile Mandatory" is selected but "Allow MDM Profile Removal" is deselected.
I have neither of these selected on the OSX side and am still seeing the error.
Everything went fine for me on the iOS side, but I get the same error for OSX (with "Make MDM Profile Mandatory" selected and "Allow MDM Profile Removal" deselected). We are cloud hosting the JSS; is there any way to update the time server? We're on Pacific time but all of our time stamps are in Eastern time. I'm not sure if that would make a difference or not.
We are running JSS 9.3 and started recieving this error when attempting to create a new Pre-Stage Enrollment for iOS devices:
Unable to contact https://mdmenrollment.apple.com about a new PreStage enrollment or changes to an existing PreStage enrollment
We have created iOS Pre-Stage enrollments in the past without any trouble.
We like to make the MDM profile mandatory and not allow it to be deleted, but I can confirm that in our case, unchecking "Make MDM Profile Mandatory" and checking "Allow MDM Profile Removal" fixes the above error. That is unfortunate considering that we like to make the MDM profile mandatory.
The behavior you described is certainly not intended, and is the result of a currently open defect.
For reference, the defect ID is D-007032.
The workaround to the defect is exactly what you've described in your post.
If you haven't already contacted your Technical Account Manager to open up a case on the issue, please do so when you get a chance so we can get the case attached to D-007032 for tracking purposes.
JAMF Software Support
I had this issue when I was testing 9.40 back on 8/19. I contacted Support, and used the workaround of the non-Mandatory and Removable PreStage enrollment.
I could not find the details in my notes today, so I made this the last thing I tested again before going live. It works. Both my test box running 9.40, and after I upgraded live to 9.40.
Perhaps it turned out not to be an issue in the JSS code but in communicating with Apple?
I'm happy. 🙂 🙂
We just started seeing this message two days ago. iPads are not enrolling successfully (getting an "Invalid Profile" error) and the JSS is showing "Unable to contact https://mdmenrollment.apple.com to get the list of devices" when I look at the DEP status and "The DEP service reported an error. (https://mdmenrollment.apple.com )
Unable to contact https://mdmenrollment.apple.com to add a device to a PreStage enrollment" when I go to the PreStage Enrollment page.
I did log into deploy.apple.com to make sure there wasn't new terms to accept (I remember having to do that back in Sept), but no new terms.
Any new ideas about this? Oh, and we are running JSS 9.6