Apple configurator is a popular tool used for enrolling corporate Apple devices. The following are the troubleshooting tips to resolve the possible errors that may occur during different stages of Apple configurator enrollment process.
The first step to perform Apple Configurator enrollment is to prepare the device either directly or by creating a blueprint. Blueprint contains all the policies that has to be applied to the device. After creating a blueprint, apply that to the devices that has to be enrolled. We have collected some of the common problems that occur while preparing the device and have given proper resolution.
Unable to verify the server's enrollment URL. A server with the specified hostname could not be found.
Reason:
This message is shown on Apple Configurator when the Endpoint Central server is not reachable from the network you have connected the mac machine which is running Apple configurator or the host URL you have given in the apple configurator is incorrect.
Resolution:
Unable to verify the server's enrollment URL. Unable to load, Code: 4xx, Description: unauthorized.
Reason:
This error message comes while preparing the blueprint or when directly preparing the device.
Resolution:
The device is not connected (or) The device is no longer connected.
Reason:
The USB cable gets unplugged from the device during enrollment.
Resolution:
Unable to skip the prompt Enter Apple id & Password while configuring blueprint.
Reason:
If you have enabled the setting Add devices to Apple Business Manager or Apple School Manager while preparing the blueprint or preparing the device directly.
Resolution:
Note: Once you have unchecked this setting, the devices will not be added in the ABM portal, the user can remove the device from management. If this setting is checked, the devices will be added to the ABM portal and cannot be removed from management after 30 days.
Fetching trust anchor certificates from Endpoint Central server.
Reason:
While configuring the blueprint, the screen gets stuck on fetching trust anchor certificates or if the certificates are not fetched.
Resolution:
Pairing is prohibited by a policy on the device.
Reason:
If you want to enroll your device once again, but the restriction Allow iTunes pairing and other USB connections is applied in Endpoint Central server (or) the setting Allow devices to pair with other computers is unchecked in the Apple configurator while enrolling previously.
Resolution:
Update the device to a newer system version to prepare it.
Reason:
This happens only if the device doesn't match the OS requirements.
Resolution:
Provisional enrollment failed. [MCCloudConfigErrorDomain - 0x80EF(33007)]
Reason:
If the device is unable to contact the ABM server, this error occurs.
Resolution:
Provisional enrollment failed - Network Communication error.
Reason:
This happens if there is a network error while accessing Apple servers or MDM server or if the device is already present in the ABM/ASM portal and have enabled the Add devices to Apple Business Manager or Apple School Manager portal while preparing the blueprint or preparing the device .
Resolution:
Failed to retrieve IMEI.
Reason:
This error occurs on Wi-fi only iPad where IMEI is not present in device.
Resolution:
DMCTunnelErrorDomain - 0x36B2(14002)
Reason:
This happens if the device is already present in ABM/ASM portal and the device is assigned to any server in the ABM portal.
Resolution:
There are few issues that may occur during device activation. We have explained those errors with proper troubleshooting tips below.
Profile installation failed.
Reason:
When the Endpoint Central server time and Secure Gateway Server time are not in sync with each other.
Resolution:
Cancelled.
Reason:
If the SSL certificate used in Endpoint Central server doesn't match the Apple requirements, this issue occurs.
Resolution:
Note:
For builds above 2224.1, the ABM and Apple Configurator enrollment will work even when client certificate authentication is enabled. Note that for the ABM and Apple Configurator enrollment to work, port 8443 must be open.
Request timed out.
Reason:
When the Endpoint Central server is unreachable to the device due to poor network connectivity.
Resolution:
Note:
If you're using EC build above 2224.1, you should enable Tools and Remote control port (8443) for inbound traffic.
Invalid profile.
Reason:
The configuration for your iPhone could not be downloaded from organization name. This happens because of some errors in syncing ABM with Endpoint Central.
Resolution:
After activating the device, it marks the end of enrollment. Then we have to check the Endpoint Central console whether all the devices are enrolled. The following are the troubleshooting tips to the errors that occur during the final leg of enrollment.
Devices not linked under ABM tab.
Reason:
When devices are enrolled to ABM using Apple Configurator, the devices will be initially listed under Apple Configurator tab even though they are added to the ABM portal.
Resolution:
Apple configurator cannot access the Device Enrollment Program(DEP).
Reason:
You may encounter this error Apple Configurator 2 cannot access the Device Enrollment Program if there are network issues due to which https://mdmenrollment.apple.com is not reachable or when the Apple servers are down.
Resolution:
Enroll devices not purchased from apple or authorized resellers.
Reason:
If you are trying to enroll devices not purchased from Apple or authorized resellers.
Resolution: