Skip to main content
Question

Enrolling with Management Server Failed error

  • January 13, 2026
  • 1 reply
  • 11 views
J
Forum|alt.badge.img+5

Your enrollment Profile MAY have expired. Try loading a new enrollment profile. 

I am not sure what to do with this. It is happening immediately following a reset and check in with Jamf. Any assistance is appreciated. 

1 reply

h1431532403240
Forum|alt.badge.img+2
  • h1431532403240
  • New Contributor
  • January 14, 2026

Hi JPost,

The "Enrolling with Management Server Failed" error with the message "Your enrollment Profile MAY have expired" can be caused by several factors. Here's a systematic approach to troubleshoot this issue:

Step 1: Check Certificates and Tokens in Jamf Pro

First, verify that all your certificates and tokens are valid:

  1. MDM Push Certificate: Go to Settings > Global > Push Certificates and check if the MDM Push Notification Certificate is expired. If expired or expiring soon, renew it immediately.
  2. Automated Device Enrollment Token: Go to Settings > Global > Automated Device Enrollment and verify the token isn't expired. If there's an error or it's expired, download a new token from Apple Business Manager/Apple School Manager and upload it to Jamf Pro.

Step 2: Verify Device Assignment

  • In Apple Business Manager/Apple School Manager, confirm the device is assigned to your Jamf Pro MDM server
  • In Jamf Pro, verify the device is assigned to a PreStage Enrollment (check Computers > PreStage Enrollments > Scope)

Step 3: Check the APSD Keychain (Common Fix)

If the device has been sitting for a while or the image is older, the local APNS certificate may have expired. Run this command to check:

/usr/bin/security find-certificate -a -p -Z /Library/Keychains/apsd.keychain | /usr/bin/openssl x509 -noout -enddate | cut -f2 -d=

If the date is in the past, delete the keychain and reboot:

sudo rm /Library/Keychains/apsd.keychain
sudo reboot

Step 4: Re-sync with ABM/ASM

Try unassigning and reassigning the device in Apple Business Manager:

  1. Go to ABM/ASM and unassign the device from your MDM server
  2. Wait 10 minutes
  3. Reassign the device to your Jamf Pro MDM server
  4. In Jamf Pro, verify the device appears in Automated Device Enrollment

Step 5: Force Enrollment Renewal

If the device is already past Setup Assistant, try:

sudo profiles renew -type enrollment

Step 6: Last Resort - Erase and Re-enroll

If none of the above works:

  • For Macs with Apple Silicon or T2 chip: Go to System Settings > General > Transfer or Reset > Erase All Content and Settings
  • Then go through Setup Assistant again

Additional Checks:

  • Verify all required network ports are open for Apple services
  • Test enrollment on an unfiltered network (mobile hotspot) to rule out firewall issues
  • Check if any Enrollment Customization in your PreStage is causing issues (try creating a simple PreStage without customization)

References:

Let me know what you find and we can troubleshoot further!

Terms & ConditionsCookie settingsAccessibility statement