Access Blocked! - Unable to enroll the Android device from a Public network
Problem
You are attempting to enroll an Android device from a public network and encountering issues that prevent successful enrollment, with the message Access blocked! Contact IT Adminbeing displayed.
Cause
The error might be due to one of the following reasons:
Resolution
- Server is using a private IP address: When a server uses a private IP address, users attempting to enroll their devices must be connected to the same local network as the server. This limitation prevents users from enrolling their devices from external or public networks.
Solution:
To resolve this issue and allow users to enroll their devices from any location, the organization needs to configure a public static IP address for the server. A public static IP address is a unique address that is accessible over the internet, ensuring that users can connect to the server regardless of their network location. This configuration enables seamless device enrollment from both internal and external networks.
- Firewall/Proxy is configured in the network, which denies access to the network request :If a firewall or proxy is configured in the network, it may be blocking the network requests necessary for device enrollment. This can prevent the device from communicating with the server, leading to enrollment failure.
Solution:
- Allow Required Ports in the Firewall:
Identify the specific ports used for device enrollment and communication with the server. Configure the firewall to allow traffic through these ports, ensuring that the necessary network requests can pass through without being blocked.
- Allow IP Addresses if Using an IP Whitelist:
If the organization employs an IP whitelist, only approved IP addresses can access the network. Ensure that the server's IP address and any other relevant IP addresses are included in this whitelist. This allows the devices to communicate with the server without being blocked by the firewall or proxy.
- Private FQDN in the DNS server: When the MDM (Mobile Device Management) application cannot resolve the Fully Qualified Domain Name (FQDN) in the DNS (Domain Name System) server, it means that the server cannot translate the domain name into an IP address, which is necessary for establishing network connections.
Solution:
Ensure that the server's IP address and FQDN are publicly mapped and accessible :
- Public DNS Mapping: Verify that the FQDN (e.g., mdm.example.com) of the server is correctly mapped to its public IP address in the DNS records. This mapping allows external devices to resolve the domain name to the correct IP address when attempting to connect.
- Network Configuration: Check the network configuration to ensure that the server's IP address is correctly assigned and accessible from external networks. If necessary, configure network settings to ensure proper routing and accessibility for external connections.
If the problem still persists, contact mdm-support@manageengine.com (MDM On-Premises) or mdmcloud-support@manageengine.com (MDM Cloud)