Im glad someone brought this topic up i've run a few iPads through the prestage deployment no problem yet they never seem to supervise with prestage checked for supervision. Is there a spot Im missing where you can add the supervision profile?

Hi mcarasso,
When you look under in the Settings/General/About Name field, does it show supervised by... underneath the iPads name? The other place I would check is if it is listed as supervised under the managed tab in Jamf.
Did you have to do anything to the iPads before running the restate deployment, like verifying they have the trust certificate?

I have played around with it a little more. My problem was in requiring authentication. When I unchecked that box, the iPad finished the enrollment process.

My iPad was running 7.0.4, and there is a note I see now that says that only works with devices running 7.1 or later.

Also, mcarasso, I did verify on my iPad, it reads "This iPad is supervised by (my school) under the Name field, in Settings/General/About.

Where did you have to not require authentication?

Figured it out.

Actually, I figured out where to remove authentication, but I'm still getting the exact same error you described in your original post.

Okay. I had to disassociate the iPad from Apple Configurator completely and we're good. The only issue is, without using Configurator, how can I get around having to manually enter the WPA2 password for our network?

I believe that you could use configurator to install the wifi profile without supervising the iPad. On the setup screen, turn off the toggle to supervise and check the profile that contains your wifi settings.

I tired that earlier, but it seemed like Configurator was still interfering with my PreStage Enrollment...I'll give it another shot.

I'm to seeing similar issues with apple configurtor and dep. it more or less feels like you can use one or the other

I'm to seeing similar issues with apple configurtor and dep. it more or less feels like you can use one or the other

I am not near being able to test 9.3/DEP but my apple rep told me that iPads enrolled in DEP are not going to be recognized by Apple Configurator.

We are just looking into this also. However our Apple Rep said it is Configurator OR DEP.

The only success I've had was foregoing Configurator completely and then DEP worked like a charm. However, you can't deploy the Configuration Profile without being on WiFi first...and without Configurator, that leaves a manual join.

I am have the same issue with regard to the Prestage enrollment and the Require Authentication. When I remove that, it enrolls just fine but I WANT to require Authentication so that the user is tied to the device for VPP Assignments.. Or is there another way to tie the User and the device they are enrolling. Without doing it manually in JSS.

I've also been good at getting this error. What seems to cause it:

1. Having Authentication Checked on a version of iOS prior to 7.1


2. Not having PKI/Push Setup

Going through manual enrollment via the self enroll URL usually helps discover if there are issues with certificates or trust.

Regarding supervision - I haven't had any issues with OTA Supervision unless I restore an iCloud backup. The good news is the device is still enrolled, just not supervised.

I've been trying to find where to enable the authentication requirement in the jss so that my users would be prompted during the DEP pre-stage enrollment process. Where would I find it?

--Update--

Got it sorted. You need to have an LDAP connection setup for the option to show up.

I'm having the same issue, however i get it whether authentication is checked or not.

All certificates are fine and I can enroll them through Apple Configurator and through the browser just fine.

EDIT: Got it! This article solved my issue https://jamfnation.jamfsoftware.com/article.html?id=365 weird though because I never got that error. Just a heads up for anyone having similar issues.

We are running JSS 9.3 to test DEP pre-stage enrollment. Like many on this page, we received an 'Invalid Profile' error when attempting to download the configuration for pre-stage enrollment on an iPad. The iPad is running iOS 7.1.1 and we received the error whether Require Authentication is checked or unchecked.

The link that Furbee posted above fixed the problem for us. Thanks for finding that fix Furbee!

I'm having the same issue as many of you. iPad 2 on iOS 7.1 that has been unsupervised from configurator. Require authentication is off in the prestage enrollment profile. I go through the process choosing accordingly and in my case, manually put in the wireless I want. Eventually I get to the message saying "the configuation for your ipad... Invalid Profile."

I know I'm missing something probably with certificates I'm guessing, not sure.

Mr. Dent:

I can see how LDAP would tie in with this process, especially regarding authentication, but where do you tie in the LDAP for this exactly? Is it in the JSS user groups, if so, what do you do there, if it's not there, what then do you do?

Having a major issue this week where now it says all my Apple Enrollments are invalid, I haven't changed anything, but I tried removing all the iPads from the JSS and create a new server in DEP, and it's now working now.

The fix in the article:
https://jamfnation.jamfsoftware.com/article.html?id=365
…solved my issue. However, at first it didn't. I deleted, copied, renamed, restarted and got the same results. I forgot I had to do this on the JSS in my DMZ as well. As soon as I deleted, copied, renamed and restarted that instance of the JSS, I was able to complete the enrollment process.:

Just a heads up… If you have more than one JSS, do this to all of them.

For whatever reason, I used that article last week and it seemed to fix the issue with the NSURLErrorDomain - 1012 message I got. For whatever reason it's not working again. We stopped Tomcat and went into it on the Linux and and the "dep" folder was nowhere to be found, nor was the AppleCA.pem file! It has gone completely MIA! We even did a search for the specific pem file, but no luck there.

@CairoJXP, this is the same issue we have. That DEP folder doesn't exist, and we are getting the "Invalid Profile" error.

@musat Were you able to find the folder or pem file at all anywhere? We checked our JSS logs and couldn't find when the folder or file had been removed. We're going through backups we have to see if we have it anywhere in there.