Skip to main content
Matrix42 Self-Service Help Center

Device Enrollment Program: Troubleshooting Guide

  1. Last updated
  2. Save as PDF

Troubleshooting Guide for Device Enrollment Program

This guide provides a structured approach to troubleshooting issues with Apple Device Enrollment (DEP). The focus is on verifying the essential components outside of the device itself to ensure a smooth enrollment process. Key steps include testing the general connection to Apple services, confirming that the device is assigned to the correct server, checking whether an enrollment profile has been properly applied, and validating that the chosen authentication method is working as expected. By following these checks, you can quickly identify and resolve the most common causes of DEP enrollment failures.

Check your Device Enrollment Program Connection

In Silverback

  • Open your Silverback Management Console
  • Login as an Administrator
  • Navigate to Admin
  • Select Device Enrollment Program
  • Check the last time updated information 

clipboard_eafdf8cdb854e9fde97741a0d0af29d57.png

In Apple Business or School Manager

  • Open Apple Business Manager or Apple School Manager
  • Login with your Credentials
  • Click on the bottom left on your account
  • Select Preferences
  • Navigate in the Middle Pane to MDM Servers
  • Click on your Silverback Server 
  • Check the Last connected at information

troubleshooting_dep_01.png

Both information should be equal. If not, you may need to update your Device Enrollment Program Token. Please refer to Device Enrollment Program: Token Renewal

Check your Device Synchronization

In Apple Business or School Manager

  • Open the Apple Business Manager or Apple School Manager
  • Login with your Credentials
  • Click on the bottom left on your account
  • Select Preferences
  • Navigate in the Middle Pane to MDM Servers
  • Click on your Silverback Server 
  • Scroll down to the assigned Devices Overview 

troubleshooting_dep_03.png

In Silverback

  • Open your Silverback Management Console
  • Login as an Administrator
  • Navigate to Admin
  • Select Device Enrollment Program
  • Check the Account Overview

troubleshooting_dep_04.png

Most issues with Apple Deployment Programs VI: Manually add devices to DEP or Device Enrollment Program: Add devices via iPhone are that you missed to assign the device to your corresponding Server 

Assign Devices

In Apple Business or School Manager

  • Open Apple Business Manager or Apple School Manager
  • Login with your Credentials
  • Navigate to Devices
  • Enter the Serial Number of your device
  • Select your device and press Edit MDM Server
  • Select Assign to the following MDM
  • Select your target Silverback Server
  • Press Continue and press Confirm
  • Wait until the process is finished
  • Click Done 
  • Wait a couple of minutes and recheck that the device is assigned to your Server

In Silverback

  • Open your Silverback Management Console
  • Login as an Administrator
  • Navigate to Admin
  • Select Device Enrollment Program
  • Press Refresh 
  • Wait a couple of minutes and recheck that the device amount is increased with +1 device

Check Profile Assignment

  • Press Devices
  • Review if the Profile Name for the affected device is currently empty

clipboard_e89c039c5c973d53f806d082f48e758fb.png

  • In this case, select the Device and use the Assign Profile button to assign your Default Profile or any other Additional Profile 
  • After assigning the profile, it might take up to minute until the profile is assigned at the Apple Business Manager
  • In the meantime, you can review your Logs, they should look like this:

clipboard_e78e565d594b38111ff5395fbaa5dd4b9.png

  • Navigate back to your Silverback Management Console
  • Press Refresh in the Devices table and the assigned profile should switch to your selected one

clipboard_e602f7039ce7ab436c14112a9c9b9331d.png

Check your User Credentials

Most issues during device setup are due to wrongly used credentials

Silverback Settings

  • Open your Silverback Management Console
  • Login as an Administrator
  • Navigate to Admin
  • Select Device Enrollment Program
  • Press General Settings
  • Locate the Default Profile section
  • Review the Authentication Setting:
    • If Username + Password is set: You need to enter either your Active Directory credentials or device user credentials 
    • If Username + OTP is set:  You need to create an OTP and enter the corresponding username with OTP on the device.
      • You will find the corresponding one-time password (OTP) information, for example, during self-service provisioning.
    • If SSP is set: Your users should go through the Self-Service Portal during enrollment. If their credentials are not working, you need to review the corresponding settings of your Authentication Provider, LDAP  or Cloud Connector,  or device user creation. 

troubleshooting_dep_07.png

Try your credentials

This check is only applicable when authentication is set to Username + Password or Username + OTP. For SSP as authentication method, just open your Self-Service Portal from any device and try to login. 

  • Starting from the Silverback Management Console, navigate to your General Settings in the Device Enrollment Program section
  • Review and note down the Activate Apple Location
  • Open your Browser in Incognito Mode
  • Copy and Paste Activate Apple Location URL into your Browser
e.g.https://silverback.imagoverum.com/activate/AppleActivate
  • You should see now a Login Message

troubleshooting_dep_05.png

  • Try to login with your credentials
    • Either with Username and Password
    • Or Username and OTP
  • When your credentials are correct, you will download a *.mobileconfig file

troubleshooting_dep_06.png

If your download doesn't start you are using incorrect credentials.

  • By default, Activate Apple Location authentication is performed against the settings made in the default profile.
    If you are using multiple profiles, you can check both authentication methods by using the following additional parameters:
https://silverback.imagoverum.com/activate/AppleActivate?auth=1 (Digest = for Username and OTP)
https://silverback.imagoverum.com/activate/AppleActivate?auth=2 (Basic = for Username and Password)

Check Logs

Silverback is writing by default log files for the Device Enrollment Program. For further investigation it is advisable to look at the log files. 

For wrong credentials

troubleshooting_dep_09.png

  • If you are trying from a device, you will see the following message(s)

troubleshooting_dep_10.png

For Synchronization Issues

  • Navigate to Device Enrollment Program
  • Check if you find any errors 
  • Usually, the logs should look like this:

troubleshooting_dep_08.png

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-To
    Stage
    Final
    Target Group
    Customer
  2. Tags
    1. Device Enrollment Program
    2. Troubleshooting