Home » 

[Free Training] Get ahead with MDM essentials.

Register Now X
 

Troubleshooting tips for errors occurring when enrolled via ABM/ASM

Enrollment via ABM eases the role of the IT admin by providing bulk out of the box enrollment. Here are some of the common errors that happen during different stages of this enrollment.

ABM portal errors

  1. After logging in to the Apple Business Manager (ABM) portal, you are unable to view the Add MDM Server button.

    The option to add MDM servers is available only when you have the Device Manager role assigned to you. Make sure the administrator has assigned the Device Manager role to you. Also, check if the admin has agreed to Apple's terms and conditions. To learn more about role management and the difference between roles in ABM and other Apple Deployment Programs, refer to Roles in ABM user guide.

Syncing ABM with MDM

  1. MDM server is not able to contact ABM to sync devices.

    Check if mdmenrollment.apple.com is allowed along with other domains and ports listed here. Also, verify the availability of the required Apple services.

  2. You encounter the error "Technician removed from ABM server".

    If the technician who created the ABM server is removed from the MDM console, a new technician must be assigned to the ABM server in order to continue enrolling devices via ABM.

    1. To assign a new technician, in the Apple Enrollment tab, click on Servers and click on Modify Settings under Action for the respective server.
    2. In the pop-up window, click on Modifywithout modifying any settings. This will assign the currently logged in user as the owner for the server.

      Technician Removed

  3. When you are unable to perform sync in ABM server.

    If you have not accepted the terms and conditions in ABM server, sync will fail. Go to ABM portal and accept all the terms and conditions. Wait for sometime and perform the sync once again.

  4. IOS device added to ABM but not showing in MDM console after sync.

    Cause: Device already exists in MDM under managed, retired, or staged tab.

    Resolution: Check and remove the device from the existing tabs (managed, retired, staged) in MDM, then re-sync ABM with MDM.

During device activation

The following page will appear, when there is any error in enrollment during device activation.

Click on Back and go to the previous page, click Next, wait for sometime till it redirects you to the error page. Note the error and check for the error in the below mentioned errors.

  1. Request timed out.

    Reason:

    When the server is unreachable to the device due to poor network connectivity.

    Resolution:

    • Ensure that the device can reach MDM server from the network used.
    • Make sure that you can reach the Apple URL from the network you are trying to enroll the device.
    • Check whether the DNS records are properly added for the server and its reachable from the network used.
    • Go to Enrollment -> ABM/ASM enrollment page -> Servers tab,modify and save the ABM token settings. Factory reset your device in recovery mode and try to enroll again. Check this to factory reset in iPhone and iPod,iPad.

    Note:

    If you're using EC build above 2224.1, you should enable Tools and Remote control port (8443) for inbound traffic.

  2. Configuration of the profile cannot be downloaded.

    Reason:

    This issue happens when you cannot reach the MDM server from the network used.

    Resolution:

    • Ensure that you can reach the MDM server from the network used.
    • Make sure your proxy/firewall allows this connection properly. If you are using Secure Gateway server, ensure its server time is in sync with MDM server's time.
    • On the server console, Go to Enrollment -> ABM/ASM enrollment page and check whether any error is shown at the top. Resolve them.
    • Factory reset your device in recovery mode and try to enroll again. Check this to factory reset in iPhone and iPod,iPad.
  3. Invalid profile or HTTP - 403 Forbidden.

    Reason:

    The Configuration for your iPhone could not be downloaded from organization name. This happens because of some errors in syncing ABM with MDM.

    Resolution:

    • Head to the server console,Enrollment -> ABM/ASM enrollment page and check whether any error is shown at the top. Resolve them.
    • Factory reset your device in recovery mode and try to enroll again. Check this to factory reset in iPhone and iPod,iPad.
  4. Cancelled.

    Reason:

    If your enterprise SSL certificate does not satisfy the requirements, then this error happens.

    Resolution:

    • If you are using Enterprise SSL certificate, ensure it satisfies the requirements mentioned here.
  5. The cloud configuration server is unavailable.

    Reason:

    • If no MDM server is assigned to a Mac in the ABM portal and the Mac hasn’t been synced in the MDM server, attempting to enroll it through ABM using a terminal command will result this error.
    • This error occurs when multiple users are present on a Mac, and the command is executed by a user signed in with a non-administrator account.

    Resolution:

    To resolve this error, follow these steps:

    • Login to the ABM portal and assign the Mac to an MDM server.
    • In the MDM console, navigate to Enrollment > Enroll through ABM/ASM, select the assigned server, and perform a sync.
    • Once synced, enter the enrollment command in the device’s terminal. The device should now enroll successfully.
    • Log in as an Administrator user and execute the command to complete the ABM enrollment successfully.
  6. A server with the specified hostname could not be found.

    Reason:

    This issue occurs when the configured MDM server cannot be reached due to network-related problems. Common causes include poor connectivity, incorrect DNS resolution, or interference from proxy or VPN configurations.

    Resolution:

    To resolve this error, follow these steps:

    • Ensure the device is connected to a stable internet connection.
    • If the issue persists, try switching to a different Wi-Fi network or use a mobile data connection to eliminate any network-specific restrictions.
    • Ensure that the new network does not have proxy or VPN configurations that could block access to the MDM server.
    • Once the connection is stable and unrestricted, attempt to enroll the device again.

MDM console errors

  • Why are my devices not listed under Apple Business Manager (ABM) tab when I add the devices to ABM using Apple Configurator?

    When devices are enrolled to ABM using Apple Configurator, the devices will be initially listed under Apple Configurator tab even though they are added to the ABM portal. On reset, the device gets listed under ABM. 

  • Even after successful sync, the device is not listed in the MDM server under Enrollment -> Apple -> Apple Enrollment (ABM/ASM) -> Devices.

    Check if the device has been enrolled in the MDM server using an enrollment method other than ABM. Remove the device from management, reset the device and sync again with the server. The device is listed on under Enrollment -> Apple -> Apple Enrollment (ABM/ASM) -> Devices.

Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.
Back to Top