DEP Forbidden Error

Description

On creating a DEP Association or from any other DEP synchronisation action, the following error may be observed: DEP error: Forbidden

The most likely causes are:

Apple store the external IP of the FileWave Server from the last successful contact.  If this differs at the time of a synchronisation , the action will fail and the DEP Server Token will need to be replaced.

The stored IP may be observed from the relevant DEP account:

The Last Date and IP Connected may be seen from the Settings view; select the MDM Server and choose Edit.  

Requirements

Resolution

Forbidden error requires the token be replaced and not updated.

From FileWave Admin > Preferences > VPP & DEP:

  1. Choose 'Download certificate' (requires fwadmin password) to save the certificate

From the relevant Apple DEP account Apple Business Manager or Apple School Manager:

  1. Select 'Settings'
  2. Highlight the MDM server from the list and choose Edit
  3. Select 'Upload New...' and select the saved downloaded file from above
  4. When prompted, select to download the DEP Server Token

From FileWave Admin  > Preferences > VPP & DEP:

  1. Click 'Configure Accounts' (requires fwadmin password)
  2. Select the Forbidden token and use the '-' button to remove that token
  3. Select the '+' button to select the DEP Server Token downloaded from Apple
  4. Run a DEP Synchronisation Full Sync (Hold down ALT(macOS), Option(Windows)), then select to synchronise (the name of the button will change)

At this stage synchronisation should now be successful.

If the DEP Server Token is currently configured in the Education tab of Preferences, this association will need to be removed prior to removing the DEP token, but may be re-added again afterwards.


Revision #1
Created 13 July 2023 18:42:45 by Andrew Kloosterhuis
Updated 13 July 2023 18:49:23 by Andrew Kloosterhuis