Apple MDM Troubleshooting

This Knowledge base article will help you troubleshoot mdm with FileWave.

Before going deep into troubleshooting, make sure that you have got these steps correct:

Your FileWave server should have a fully qualified DNS name (this dns name is the one entered in the Admin Preferences->Mobile)
If for some reason you changed the Server DNS Name in Admin Preferences->Mobile, did you re-generate the certificate?
If you did, then you have to trust the new certificate from the enrollment page ( https://dns:20443/ios)
If the APN cert upload fails from Admin Preferences, make sure you followed the exact steps from step 1, as this can be caused of password-protected certificate
If all of the above are set and still have problems, you need to create an admin user account for debugging django:
a. go to the FileWave server and type this command: "sudo fwcontrol mdm addadminuser" and follow the instructions
Another important log file is "/usr/local/filewave/log/filewave_django.log"
Make sure that your FileWave Admin displays "iOS/MDM Service OK" in the left lower corner in order to be able to manage your devices.

The following are some of the problems encountered before:

Enrolment Error (FileWave MDM Configuration is invalid):

The profile "Filewave MDM Configuration" is invalid. The MDM payload
"Mobile Device Management" contains an invalid topic

This is usually solved by re-generating the APN certificates because you have not generated them correctly.

CONNECTION PROBLEMS:

There are cases where ios devices fail to enroll and you get an error similar to this from sentry:

error
(61, 'Connection refused')
Request Method: PUT
Request URL: https://sscfilewave.co.sbmc:20443/ios/mdm_checkin
Exception Type: error
Exception Value:
(61, 'Connection refused')
Exception Location: /usr/local/filewave/python/lib/python2.7/socket.py in meth, line 222

This error is associated with a port "2195" being closed, you can verify by :

telnet gateway.push.apple.com 2195
Trying 17.172.239.89...
telnet: connect to address 17.172.239.89: Connection refused

the issue will be solved if the IT Admin opens port 2195 for FileWave.

5223 : IOS to apn server port:

port 5223 should be open for IOS clients to reach out to the APN server and receive push notifications.

For a list of all ports used, check this man-

Execute macOS scripts as Defined User

Execute Powershell Scripts as Defined User

macOS 10.15+ and zsh shell for scripting

Referencing Launch Arguments in Scripts

Script Best Practices

Scripting Languages supported in FileWave

Using PsExec to Test PowerShell 32bit Scripts on Windows with FileWave

Apple MDM Troubleshooting

Backup Procedures for FileWave Hosted Servers

FileWave Error Codes

FileWave Log File Locations

How to Restart FileWave Components

Resolving Network Issues with FileWave Server or Boosters on macOS when using Carbon Black EDR Extension

What is Compatibility Mode?

FileWave Automation Scripts

Apple MDM Troubleshooting

Enrolment Error (FileWave MDM Configuration is invalid):

CONNECTION PROBLEMS:

5223 : IOS to apn server port:

No Comments

Execute macOS scripts as Defined User

Execute Powershell Scripts as Defined User

macOS 10.15+ and zsh shell for scripting

Referencing Launch Arguments in Scripts

Script Best Practices

Scripting Languages supported in FileWave

Using PsExec to Test PowerShell 32bit Scripts on Windows with FileWave

Apple MDM Troubleshooting

Backup Procedures for FileWave Hosted Servers

FileWave Error Codes

FileWave Log File Locations

How to Restart FileWave Components

Resolving Network Issues with FileWave Server or Boosters on macOS when using Carbon Black EDR Extension

What is Compatibility Mode?

FileWave Automation Scripts

Apple MDM Troubleshooting

Enrolment Error (FileWave MDM Configuration is invalid):

CONNECTION PROBLEMS**:**

5223 : IOS to apn server port:

No Comments

CONNECTION PROBLEMS: