Sophos MDM v6.0.5 Can't register Device [Language GER/ENG]

Question

Hello Guys, 
 we have the same issue like here: https://community.sophos.com/products/mobile-device-protection/f/8/t/7691 
 But we haven't solved to problem yet. We updated our MDM yesterday (25.02.2016) to the latest version 6.0.5 it is working perfectly fine. 
 We (as IT) got about >200 iPad's to manage and we need to implement new devices (currenct iPad 3) this year. Therefore our SelfService needs to work fine till this change! 
 Now to my Problem: 
 We've currently two users which can't register new devices via the Self Service Portal. The one (a generic users) had devices registered until I've deleted them, for a reinstallation (testing and stuff). Everything was ok, I've deleted the devices (2) , cancled the VPP connection and the user was deleted from the MDM. After I have completed these steps, I was going to login via the Self Service Portal to register a new device. The message: "you got no device registered bla bla bla" ; and where the "register new device - Button " should be, it's telling me "you can't register a new device". 
 
 -I've checked everything, the maximum count of devices you can have is on 2 ; as well we have taskbundles and very everything you can dream of. As well I checked the AD-Users , but theres nothing wrong to me- 
 
 The other user (normal employee), was never registered on the MDM before. The user logged into the Self Service and receive the same Message. "you can't register a new device". 
 
 Do you have a clue where I can look for a solution? maybe some entries in the database? It's so damn weird to me! 
 
 I have a workaround to solve this issue, but this is not solving the main issue at all. With version 6.0.5 you will be able to create devices for dedicated users. So I have created an device for my generic user, downloaded the Sophos App on the iPad, scanned the QR-Code for configuration and there you have it, the user got one device registered and it's gonna be configured. The only issue will be, the user still can't use the options like (wipe, reset password, reconfigure) via the Self Service Portal, the only option the user has is to "delete". 
 
 Could use some good clues!

MatthiasPauli · Accepted Answer

@All, 
 with the help of the Sophos-Support we solved the issue, at least know where the problem is. In our MDM exist more then one Enrollment-Groups linked to Active-Directory-Groups. The Default-Enrollment-Group is not active. 
 Here is the clue: if you got some users who can't register a new device on the SSP, then because the MDM can't resolve the user in your active directory and put's em in the "default enrollment group". Our default-group was not active and therefore the user was not able to register a new device because the MDM was not able to resolve the User in the AD. We activated the "default-group", now the users were able to register new devices. 
 Now I need to figure out where is the problem in the AD to solve the problem or I let the default group activated and need to put the users manualy into the correct groups and stuff. 
 
 Hope this will help all out there!