locked
Gateway Server Interface Issues RRS feed

  • Question

  • I am trying to create a test environment for SCMDM but am having issues with the gateway server.  The DM and EN servers are set-up correctly and work correctly (successfully enrolled a phone onto the domain while having it connected to the LAN).  My network admin is using an external address that forwards to an internal address on the gateway server.  When I try to set-up the gateway connection in the device management console, I get an error that the external interface cannot be reached.  I have tried putting both the external address that is attached to the firewall and the private IP address that the firewall is forwarding to.  I have added a second NIC for internal management.  Has anyone done a set-up in this before or know why the gateway isn't communicating with the other server?

    Thanks.
    Tuesday, February 17, 2009 7:27 PM

Answers

  • OK... from your MDM Device Managment server open a command promt an run :

    Telnet <internal MDM Gateway DNS entry> 443 


    This should connect. If it does not, then you have a routing / DNS issue.

    Does you BPA throw any errors when you run Post installation check ? Anything to do with loopback check ?
    Is the gateway configred with the same subnet for internal and external interfaces?


    Cheers Wayne
    Airloom

    Thursday, February 19, 2009 6:51 AM
    Moderator

All replies

  •  Setting up the gateway can be really tricky if you don’t have the routing setup correctly. Check out this link : http://technet.microsoft.com/en-us/library/dd252860.aspx  

    When you use a different external IP to that of your MDM Gateway, you are translating the traffic, which is known as NAT.
    The MDM Gateway server should have two interfaces, an internal facing interface and an external facing interface. So you have three interfaces/IP addresses to consider. Just to add to the complexity you have 2 external interfaces ! The firewall has one and the MDM gateway also has one.

    When you are using the MDM gateway wizard:

    External IPsec : The external (firewall) address setup by your admin. The firewall will then send this to your MDM External address. This is the address the client uses to connect to MDM. So this has to be the firewall.

    Name: The Internal Management interface DNS entry.

    When you NAT the MDMGW, the Alerter service will not function. This is expected. The Alerter server is used for Instant Remote Wipe, and requires the traffic to remain unaltered. I (and Microsoft) recommend routing the traffic rather than using NAT

    Hope this helps

    Cheers Wayne
    Airloom
    Tuesday, February 17, 2009 11:13 PM
    Moderator
  • Admin says he is not using NAT, but is routing.  MDM Gateway Wizard setting are set to the external IP for the IPSec address and the internal DNS for the other entry.  The error still persists and cannot enroll a phone.  Any other suggestions?
    Wednesday, February 18, 2009 8:04 PM
  • OK... from your MDM Device Managment server open a command promt an run :

    Telnet <internal MDM Gateway DNS entry> 443 


    This should connect. If it does not, then you have a routing / DNS issue.

    Does you BPA throw any errors when you run Post installation check ? Anything to do with loopback check ?
    Is the gateway configred with the same subnet for internal and external interfaces?


    Cheers Wayne
    Airloom

    Thursday, February 19, 2009 6:51 AM
    Moderator