Skip to main content
Question

macOS Tahoe: Jamf Pro PreStage Enrollment Not Installing Jamf Framework / Self Service

  • November 13, 2025
  • 3 replies
  • 243 views
Jack-AT
Forum|alt.badge.img+1

Dear community,

I am facing a major issue with our Jamf Pro environment.
We are running Jamf Pro 11.21 On-Prem and have several working PreStage enrollments—until today.

I had a device that was already upgraded to macOS Tahoe. After erasing the Mac, I started the PreStage enrollment. The macOS installation completed normally, and the device enrolled in MDM.
However, after the Setup Assistant finished, Self Service never appeared, and only half of the expected configuration profiles were installed.

I waited over 30 minutes, thinking it might be a timing or network delay, but nothing happened. I also tried:

  • restarting the Mac

  • running sudo profiles renew -type enrollment

  • manually installing Self Service.pkg and jamf.pkg copied from a working machine

Even after manual installation, the agent could not connect to the server.

It looks like the Jamf framework does not install correctly on macOS Tahoe during enrollment.
Has anyone seen this behavior, and what could be causing it?

Thank you in advance for your help.

3 replies

AJPinto
Forum|alt.badge.img+26
  • AJPinto
  • Legendary Contributor
  • November 13, 2025

The vast majorty of times you see behavior like this its something network related. Make sure all the hosts and ports required for Apple device management and Jamf are whitelisted and TLS bypassed on your network. 

 

You can use Jamf Jet, and Apples Mac Evaluation Tool to check for network traffic issues.

Jack-AT
Forum|alt.badge.img+1
  • Jack-AT
  • Author
  • New Contributor
  • November 14, 2025

Thanks for the response. In this case I can determine a general network or whitelisting issue.

To validate this, I tested the exact same workflow on multiple OS versions:

  • macOS 15 (Sequoia) → PreStage enrollment completes normally
    - Jamf Framework installs
    - Self Service appears
    - All configuration profiles deploy as expected

  • macOS 15 device upgraded accidentally to macOS 26 (Tahoe)
    - After erase & PreStage enrollment:

    -Jamf Framework does not install, Self Service is missing, Only a subset of profiles deploy, Manual installation of jamf.pkg / SelfService.pkg cannot establish communication
  • I then downgraded the same device back to macOS 15, re-enrolled it, and everything worked immediately again with no MDM, network, or TLS changes.

So the environment, certificates, and network paths are functioning for macOS 15 clients.
The enrollment failure appears specific to macOS 16 (Tahoe) and reproducible across machines.

Based on that, it looks like Self Service / the Jamf binary cannot bootstrap on Tahoe during automated enrollment — possibly due to OS-level changes in TLS, enrollment flow, or new restrictions in the Setup Assistant phase.

If others are seeing similar behavior with on-prem Jamf Pro 11.21 and Tahoe, I’d be very interested.

P
  • Poulau
  • New Contributor
  • November 17, 2025

Hello Jack-AT, 
Thanks for your experience.

From 2 weeks, I've some difficulties with the usual Prestage Enrollment (computer).
I've not found the root cause. I will search side TLS and the inbound/outbound. And test with macOS Sequoia 15.6
 

With Jamf Cloud 11.22.1 for an enrollment macOS Tahoe 26, the usual package JamfConnect (set priority 1 in order / sideload) is not installed during the Setup Assistant.
- I've tried to verify my Jamf Cloud Point. 
- I've crossed other PreStage Enrollment Scenarii, with the approriate configuration profile JamfConnect ( sideload version 2.45.1 and SelfService Classic automatic ; sideload 3.3.0 with SelfService+ automatic ) same issue. 
- I've tried to add more options steps (Gest Started, Location Services...) to help the optimize package installation... but no success. 
- I've tried to test another Prestage Enrollment with Self Service sideload not automatic
Temporary to workaround, I've add a policy to install the package JC immediatly with the trigger "Enrollment Complete" required for my Configiration Profile Jamf Connect to finalize the enrollment. 

Kind Regards,
P.
 

 

Terms & ConditionsCookie settingsAccessibility statement