Skip to main content

Hello everyone,



Recently changed the JSS URL (Settings > Global Management > JSS URL) and am having a difficult time getting our DEP instance to update with the correct settings.



After changing the URL, I updated the Tomcat SSL cert (and restarted the tomcat service), downloaded the public key from Global Management > Device Enrollment Program, uploaded that cert into our DEP instance on apple, and downloaded the new apple cert to upload into the JSS. However, I'm finding that the "public key" certificate downloaded from the DEP page within the JSS still has the old URL. I can't seem to get it to update.



DEP enrolled machines are currently unable to apply the MDM profile because of the SSL error. If you inspect the publickey.pem file downloaded from the JSS, I can see that it's still using the old url in the CRL part of the cert. If I check the configuration profile info on the target mac (/var/db/ConfigurationProfiles/.cloudConfigRecordFound) I can see that it is indeed still using the old URL. If I manually edit this file to point to the new url, the mdm profile will suddenly start working, however when the machine originally goes to pull down the settings from apple, it's still getting the old information.



I've even tried restarting the box after doing the tomcat ssl cert to maybe trigger a new cert to be generated for dep, but I just can't get it to update to the new information. The DEP public key will not update with the new jss url.



Any thoughts on this?

Recreating the PreStage Enrollment for those devices should solve this. If you create a new PreStage Enrollment, not clone the existing one, using the settings from your existing prestage, the Cloud Config file that comes down from Apple should reflect your current URL.

Creating a new prestage enrollment and assigning devices there solves the certificate issue.



I've noticed that I can't seem to get that profile to apply to the devices after assigning them to a new prestage enrollment though. If I reimage the computer, everything works great. But if I change the prestage the device is assigned to, it never seems to apply to the device. The users receive a toast in the corner of their screen every hour letting them know that we can manage their computer, and the device status on the prestage enrollment screen in the jss never changes from 'assigned' to 'completed'. Does anyone know what's likely to be going wrong here, or how I can assign a device to a different prestage without having to rebuild it?



For now, I've just unassigned the couple devices having an issue from any prestage enrollment. They're enrolled in our JSS and getting the settings/applications needed, which is enough for now.

Creating a new prestage enrollment and assigning devices there solves the certificate issue.



I've noticed that I can't seem to get that profile to apply to the devices after assigning them to a new prestage enrollment though. If I reimage the computer, everything works great. But if I change the prestage the device is assigned to, it never seems to apply to the device. The users receive a toast in the corner of their screen every hour letting them know that we can manage their computer, and the device status on the prestage enrollment screen in the jss never changes from 'assigned' to 'completed'. Does anyone know what's likely to be going wrong here, or how I can assign a device to a different prestage without having to rebuild it?



For now, I've just unassigned the couple devices having an issue from any prestage enrollment. They're enrolled in our JSS and getting the settings/applications needed, which is enough for now.

Terms & ConditionsCookie settings