macOS Tahoe: Jamf Pro PreStage Enrollment Not Installing Jamf Framework / Self Service

The vast majorty of times you see behavior like this its something network related. Make sure all the hosts and ports required for Apple device management and Jamf are whitelisted and TLS bypassed on your network. 

You can use Jamf Jet, and Apples Mac Evaluation Tool to check for network traffic issues.

Thanks for the response. In this case I can determine a general network or whitelisting issue.

To validate this, I tested the exact same workflow on multiple OS versions:

• macOS 15 (Sequoia) → PreStage enrollment completes normally
  - Jamf Framework installs
  - Self Service appears
  - All configuration profiles deploy as expected

• macOS 15 device upgraded accidentally to macOS 26 (Tahoe)
  - After erase & PreStage enrollment:

  -Jamf Framework does not install, Self Service is missing, Only a subset of profiles deploy, Manual installation of jamf.pkg / SelfService.pkg cannot establish communication
• I then downgraded the same device back to macOS 15, re-enrolled it, and everything worked immediately again with no MDM, network, or TLS changes.

So the environment, certificates, and network paths are functioning for macOS 15 clients.
The enrollment failure appears specific to macOS 16 (Tahoe) and reproducible across machines.

Based on that, it looks like Self Service / the Jamf binary cannot bootstrap on Tahoe during automated enrollment — possibly due to OS-level changes in TLS, enrollment flow, or new restrictions in the Setup Assistant phase.

If others are seeing similar behavior with on-prem Jamf Pro 11.21 and Tahoe, I’d be very interested.

Hello Jack-AT, 
Thanks for your experience.

From 2 weeks, I've some difficulties with the usual Prestage Enrollment (computer).
I've not found the root cause. I will search side TLS and the inbound/outbound. And test with macOS Sequoia 15.6
 

With Jamf Cloud 11.22.1 for an enrollment macOS Tahoe 26, the usual package JamfConnect (set priority 1 in order / sideload) is not installed during the Setup Assistant.
- I've tried to verify my Jamf Cloud Point. 
- I've crossed other PreStage Enrollment Scenarii, with the approriate configuration profile JamfConnect ( sideload version 2.45.1 and SelfService Classic automatic ; sideload 3.3.0 with SelfService+ automatic ) same issue. 
- I've tried to add more options steps (Gest Started, Location Services...) to help the optimize package installation... but no success. 
- I've tried to test another Prestage Enrollment with Self Service sideload not automatic
Temporary to workaround, I've add a policy to install the package JC immediatly with the trigger "Enrollment Complete" required for my Configiration Profile Jamf Connect to finalize the enrollment. 

Kind Regards,
P.
 

Did you guys find a solution for this? I basically have to remove the MDM profile and then reenroll in order to get the JAMF binaries on Tahoe. This does not happen on Sequoia as they get them immediately after enrollment.

This Jamf Idea explores the question, why aren’t Jamf installing the binary and Self Service as packages installed as part of the PreStage entry. Currently they don’t install until after Setup Assistant has completed (i.e. once the login screen has been reached).

Hello, I have a client who also happened to encounter the same problem as yours. I analyzed that it was caused by network fluctuations. After waiting for a while, the Jamf binary framework will be automatically installed. Sometimes it can take a very long time to wait.
When I encounter such issues, usually when the Jamf binary framework is not installed. I usually use the Jamf API interface function. I directly reinstall it through the MDM framework. This can temporarily solve such problems. 
My clients mainly have problems related to the network.
Here is a suggestion for handling the matter.

 

#!/bin/bash

#

#==============================================================================

#

#           FILE: Jamf_binary_reinstall.sh

#

#          USAGE: ./Jamf_binary_reinstall.sh

##    DESCRIPTION: Mac is still within the effective management scope of MDM. It can execute standard MDM management instructions. 
# This script can be used to repair or update the damaged Jamf binary framework.。

#                 

#       

#        OPTIONS: ---

#   REQUIREMENTS: Fix the damaged Jamf binary framework

#           NOTE: Jamf Pro 版本需要满足10.36 及以上。

#         AUTHOR: Gaoyajing@IT Technical Service Center

#   ORGANIZATION: HCNX

#    CREATE DATA: 2024-10-14

#       REVISION: 1.0

#==============================================================================

#变量声明

#$1 = JAMF 用户名

#$2 = JAMF 密码

#$3 = JSS_ID

#$4 = Mac 序列号

#变量

JSS_URL='https://jamf.youURL:8443'

JSS_USER="Jamf Manage user"

JSS_PW="Passowrd"

ID_NUM='JSSID'

TOKEN=$(curl  -s -X 'POST' ${JSS_URL}/api/v1/auth/token -H 'accept: application/json' \

  -u "${JSS_USER}:${JSS_PW}" \

  -d '' |grep -w '"token"' \

  |awk -F '"' '{print $4}'

)

    echo "重新部署Jamf管理框架....."

    curl  -s -X 'POST' ${JSS_URL}/api/v1/jamf-management-framework/redeploy/${ID_NUM} \

     -H 'accept: application/json' \

     -H "Authorization: Bearer ${TOKEN} " \

     -d ''

     if [[ "${?}" == '0' ]];then

        echo "${ID_NUM} --- Yes "

     else

        echo "${ID_NUM} --- No."

     fi