SOTI Pulse Logo

Which Ports / target-URLs are needed to enroll Android devices - can not enroll with only 443 and 5494

A
Alex

Hi all,

feels like this question is most probably asked similarly a thousend times, however I did not find an answer for my specific problem.

My MobiControl Server is running in the Soti Cloud and my devices should be enrolled in a partially restricted WiFi.
This WiFi can access the Soti Server with Port 443 and 5494. Once enrolled this works perfectly.
If I try enrolling a new device, it fails during enrollment with "no internet connection", while it actually was able to download the agent => so standard Internet via 443 is possible.

Are any other Ports needed during the enrollment process or does the device need to communicate to some other URL during enrollment and with wich Port?

enrollment firewall ports
7 months ago
SOTI MobiControl
ANSWERS
KM
Karl M
7 months ago

Hi Alex,

I don't have an answer for you unfortunately, but I do believe I'm having a similar, if not same issue at two of our sites.

Does the enrollment hang after the ID has been enterred on the enrollment screen? Does the device appear in MobiControl dashboard but with limited information?

Our network team have opened the correct ports but we still can't get devices enrolled whereas on other sites we can. I know that our networks work different on the problem site but I haven't been able to narrow it down to a cause.

Karl.

R
Remy
7 months ago

Could this be a classic case of a captive portal?

MD
Matt Dermody Diamond Contributor
7 months ago

Are you using an Enrollment ID? The Enrollment ID has to be resolved to an Enrollment URL through a separate SOTI Enrollment service URL that the devices would also need access to that is separate from your SOTI server. It's possible the devices don't have network access to that server. You can alternatively try plugging in the Enrollment URL instead. 

ZC
Zafer Cigdem
7 months ago

Hi Alex,

As Matt mentioned, I'd also test using Enrollment URL instead of Enrollment ID (if you used Enrollment ID earlier).

And also, if this is specific to only some devices that was already on your system earlier you can create a support ticket, but if these are new devices never been enrolled to your system earlier, then other network related sections should be checked as well.

A
Alex
7 months ago

I forgot to answer here. - No, there is no difference if I use Enrollment URL or Enrollment ID. The resolution is working fine. I expect this service to be available on Port 443 which, in my case, is open to Internet and not restricted.
So I needed to know what else is needed in a WiFi, where I want to enroll devices.

Thank you

RS
Rafael Schäfer
7 months ago

As i don'T know which enrollment method you are using, you may also check this: https://support.google.com/work/android/answer/10513641?hl=en

RC
Raymond Chan Diamond Contributor
7 months ago

To get your Android devices enrolled AND managed properly afterwards, you likely need to AT LEAST add firewall exceptions for ports 5228-5230 & 123 in your restricted Wifi network.

KM
Karl M
7 months ago

Hi Raymond,

What are these ports responsible for?

Regards,

Karl.

RS
Rafael Schäfer
7 months ago

see my link i provided before

RC
Raymond Chan Diamond Contributor
7 months ago

The document from Google mentioned by Rafael is centred generically around Google without considering many other factors such as MDM vendor, device vendor, enrollment mode/method, various post-enrollment services,..., etc.     It is just a good starting point for initial reference.  Let's see if you still have problem in device enrollment and usage of more advanced MDM policies. If so, more tuning needs to be done

RS
Rafael Schäfer
7 months ago

Yeah but especially regarding the ports you mentioned and his question, it shows a lot which matches.

But fully agree there can also be things in addition, I always prefer to wrok together with IT to track what is blocked from a defined test device during enrolment (there shouldn't be too many other/unimportant destinations tried to be reached) and then working through them (if there's no document like the one from Google or the MDM or manufacturer,...

A
Alex
7 months ago

We will now open up the Ports to the specified URLs from the google link above and try again.
It'll take some time until I can test this. I will report here.

A
ATMOD@SOTI
6 months ago

Hi Alex,

 

Thanks for posting on SOTI Pulse.  Thanks all for responding to the post, your expertise and willingness to help are greatly appreciated!

Has your query been resolved? If this post did not assist you in resolving the issue completely and you have additional questions, please do not hesitate to reach out or you can contact SOTI Support (support@soti.net) to open a new case and one of our support engineer will be there to assist you.

Kind Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

Similar Discussions