I've got a few devices enrolled in my server's Profile Manager service. To test that this works on an outside WiFi network, I opened ports 443 and 1640 on our firewall (and ignored the others, as our firewall does not block outbound traffic), but when trying to send a Lock command to the test device (an iPhone connected through 4G LTE, no WiFi network), the command just stalls in Profile Manager, listed as "pending".
The interesting thing is, I can connect to my server's public IP in Safari on that iPhone and connect through HTTPS. However, when I try to access anything in a sub-directory, such as /mydevices/, I get a 503 error (Service Temporarily Unavailable).
I had thought DNS might be at the heart of the issue, but if I can connect directly through my public IP, I wouldn't think that would be an issue.
Can anyone offer any hints as to how I can tackle this issue and allow Profile Manager to do its job for devices on other networks? Thank you!
Best Answer
Please enabled all the applicable ports.
Apple's documentation (http://support.apple.com/kb/ht5302) also lists the service needing TCP ports 2195, 2196, and 5223 for the service to send/receive push notifications, which AFAIK is how the service communicates with clients.