VMware Workspace ONE Community
Ramkumara11
Enthusiast
Enthusiast
‎06-18-2020 12:16 AM
Jump to solution

Unable to enroll devices in DEV Airwatch environment

Question:

If an ACC is in place, how does the D.S/CN server talk to internet or even the Apple servers (17.0.0.0 - 17.0.0.255) ?

Does ACC come into picture here at all or it just the load balancer?

When we do a "Test Connection Over HTTP/2" on APNS cert, it keeps spinning without any results.Also, enrollment is not working and no profiles are getting pushed for us!!!

Do assist.

Labels (2)
Reply
1 Solution

Accepted Solutions
RogerDeane
VMware Employee
VMware Employee
‎06-24-2020 07:55 AM
Jump to solution

ACC is not used during communication with Apple.   It is only used to communicate to internal resources such as Active Directory, Certificate Authorities, etc..    You need to provide open ports from DS and CN to 17.0.0.0/8 (17.0.0.0 to 17.255.255.255) for port 443.    You may also want to open ports 2195 and 2196 which are legacy APNs.  This is documented in ports.vmware.com as well as the On Premises Install Guide.

FYI - there are many other endpoints and ports that need to be opened as well which are documented on ports.vmware.com if you want to support Android, Windows 10 and other functions.

Roger

View solution in original post

Reply
4 Replies
RogerDeane
VMware Employee
VMware Employee
‎06-24-2020 07:55 AM
Jump to solution

ACC is not used during communication with Apple.   It is only used to communicate to internal resources such as Active Directory, Certificate Authorities, etc..    You need to provide open ports from DS and CN to 17.0.0.0/8 (17.0.0.0 to 17.255.255.255) for port 443.    You may also want to open ports 2195 and 2196 which are legacy APNs.  This is documented in ports.vmware.com as well as the On Premises Install Guide.

FYI - there are many other endpoints and ports that need to be opened as well which are documented on ports.vmware.com if you want to support Android, Windows 10 and other functions.

Roger

Reply
Ramkumara11
Enthusiast
Enthusiast
‎06-24-2020 11:32 PM
Jump to solution

Hi @roger Deane,

Thanks for ur help so far.

What about traffic to onprem Mailbox servers? Does it still go through that ACC

Kindly advise.

RAam    

Reply
0 Kudos
RogerDeane
VMware Employee
VMware Employee
‎06-25-2020 04:49 AM
Jump to solution

The bottom line answer is no, communication to mail servers does not go through ACC.  The Workspace ONE UEM core components such as DS and CN do not communicate with internal mail servers such as Exchange.   Devices need to talk to the mail server but do not go through ACC, they either talk directly to the mail server or go through a proxy such as the Secure Email Gateway service running on the Unified Access Gateway.    You can view this information by reading through the Reference Architecture located on Tech Zone, link below.

VMware Workspace ONE and VMware Horizon Reference Architecture | VMware

Look in the Architectural Overview section, specifically the On-Premises Logical Architecture section.

Roger

Reply
chengtmskcc
Expert
Expert
‎06-29-2020 08:07 AM
Jump to solution

Are you still having issues with device enrollment and the APNS test in your SaaS environment? How many ACC do you have and have you checked and confirmed all necessary ports are open?

Reply