Unable to Enroll Apple iOS Device

Enrollment fails with iOS devices on SOTI MobiControl running on Windows Server 2022.
The following events should be triggered during enrollment:
1. Add new device process is started
2. Apple Device Enrollment Profile is sent to the device
3. Device enrollment process is completed 
4. MDM check-in request to the device is successfully performed
With this error scenario, 3 and 4 are not triggered and MDM check-in does not start.

This process can be used with SOTI MobiControl v15.6 or higher running on Windows Server 2022.

The events "Successfully finished device enrollment process" and "Successfully requested device to perform MDM check-in" do not appear during the enrollment process.

Refer to the pre-installation requirements in the online help before enrolling devices.

For iOS enrollment, TLS 1.3 is not supported. However, TLS 1.3 cipher suites are enabled by default on Windows Server 2022.

APNS requires one of the following TLS cipher suites to be enabled on the deployment server:

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

To disable TLS 1.3  on Windows Server 2022

1.  Run Registry Editor and go to the following registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server

2. Right-click on Enabled to open the menu.

3. Select Modify then Set 0 to:  DWORD (32-bit).

Note: 0 is disabled and 1 is enabled.

To verify if any of the required cipher suites are enabled for APNS: 

 1. Run the Powershell command "Get-TlsCipherSuite" and verify if any of above cipher suites are in the output.  Example of the output is in Yellow in the screenshot below.

 2. If the output is large, redirect it to a temporary file (e.g., c:\tmp\tls.txt) then verify it by using a text editor.