Sudo jamf removeMDMprofile
Sudo jamf removeFramework
Sudo rm /var/db.AppleSetupDone
Restart and go through setup assistant again. I did not test this.
@zake If Larry's suggestion above doesn't work then try issuing a sudo profiles -N while logged in as the user. If it still has an mdm profile then you'll need to remove it using the command above. Using the profiles -N command ensures the machine still reports a DEP enrollment.
You may need to nuke the contents of /var/db/ConfigurationProfiles/Store/ as well as /Library/Keychains/apsd.keychain before trying another re-enrollment if the management command to remove the mdm profile doesn't work.
Just ran into this. Seems to be caused by running Migration Assistant and migrating everything (rather than just migrating user account). Causes overwriting of something that breaks the configuration profile functionality. Policies would run okay after re-enrolling, but push didn't work (couldn't remove via "Remove MDM" on Jamf end either.
Had to talk customer through disabling SIP, then Bomgar'ing in and deleting /var/db/ConfigurationProfiles/Store, and reenrolling via "sudo profiles renew -type enrollment". Then customer re-enabling SIP.
Shame apple doesn't give us some possibly sledge hammer to fix this remotely. I get the point of SIP, and agree with it, but when things wedge, it's a pain in the rear.
@zake If Larry's suggestion above doesn't work then try issuing a sudo profiles -N while logged in as the user. If it still has an mdm profile then you'll need to remove it using the command above. Using the profiles -N command ensures the machine still reports a DEP enrollment.
You may need to nuke the contents of /var/db/ConfigurationProfiles/Store/ as well as /Library/Keychains/apsd.keychain before trying another re-enrollment if the management command to remove the mdm profile doesn't work.
sudo profiles -N worked like a charm. Thank you!
