APNs is not reachable

Problem

You are unable to reach a managed mobile device and get the error message "APNs is not reachable"

Cause

This could happen due to various reasons, such as:

  • Port blocked
  • Proxy not configured
  • Invalid APNs certificate
  • Third-party filters

Resolution

Port blocked

Ensure that the following ports are open:

TCP port # 2195 should be opened on the external firewall, this allows the MDM server to communicate with the APNs.

TCP port # 5223 should be opened on the firewall/proxy settings, if the mobile devices connects to the internet via Wi-Fi.

Additionally, ensure that the domain 17.0.0.0/8 is also open on the external firewall.

NOTE: From MDM build number 92179, ensure api.push.apple.com is allowlisted on outgoing port 443 of the firewall/proxy server.

Proxy not configured

If the network in which  MDM server is installed has a proxy, ensure that the proxy settings are configured. Verify the user name and the password for proxy authentication, so that the server can reach the APNs.

Invalid APNs certificate

Ensure the latest APNs certificate is uploaded on the MDM Server. If not, generate a new APNs and upload it on the MDM Server.

Third-party filters

        If the network in which MDM server is installed has third-party web filter, ensure that the third-party web filter has an exception for MDM Server to connect to the internet.

 

NOTE: To verify whether the issue has been solved, you can retry establishing connection with the mobile device. On the MDM server, navigate to the Enrollment tab, click on Actions and select Verify Connectivity. If the above resolution does not work, try enrolling using Cellular Data. 

If you're still unable to resove the issue, contact MDM Support ( mdm-support@manageengine.com).

 


Applies to: Scanning the mobile device, Distributing Apps, Associating Profiles

Keywords: MDM scanning, Associating profiles, APNs, Mobile Device Management