Skip to main content

I'm trying to get a mobileconfig to download and install using a policy. Here are the steps that I am doing:



Create configuration profile on the JSS
Download the configuration profile
Unsign the profile using Apple Configurator
Put <name>.mobileconfig into /tmp/ folder
Put /tmp/<name>.mobileconfig in Recon
Add postinstall script to recon package (sudo /usr/bin/profiles -I -F /tmp/<name>.mobileconfig)
Save .pkg to Desktop
Add .pkg to JSS
Add JSS package to policy
Run sudo jams policy -id <policy id>



After reading through the different discussions in Jamf nation, here are the different steps I've tried:
chmod 777 <name>.pkg
chmod +x <name>.pkg
<name>.pkg without post install, run an install script through the "Files and Processes Execute Command" payload



I keep getting an installer failed, showing that the package was able to download, but the install was not able to happen.



The attached log is what the /var/log/install.log shows

Figured it out.



I was setting the permissions on the .pkg, not on the .mobileconfig.



In case anyone is having this same issue, here are the steps I did to resolve it.




  1. Download desired Configuration Profile (<name>.mobileconfig) from JSS

  2. Put <name>.mobileconfig in /tmp/ folder

  3. Put <name>.mobileconfig from /tmp/ folder into Casper Composer

  4. Change user permissions of <name>.mobileconfig to a user that will be present on all systems, and set RWX for all

  5. In the postinstall script add:
    sudo /usr/bin/profiles -I -F /private/tmp/<name>.mobileconfig (if there is a space in the .mobileconfig name it must either be escaped or the whole path must be passed as a string (with quotes)).

  6. Get UUID of <name>.mobileconfig (can be done through Apple Configurator 2)

  7. Run sudo profiles -P on your computer and check to make sure that there are no UUID's that match the UUID of the <name>.mobileconfig that you are wanting to install.
    8.1 If the UUID exists through a Configuration Profile push via APNS/JSS, exclude your machine from the Configuration Profile on the JSS, run a sudo jamf recon to remove the Profile, and then check to make sure it is removed.
    8.2 If the UUID exists, but it was not passed via APNS/JSS, then run sudo profiles -R -F /tmp/<name>.mobileconfig to remove it from the Profiles list.

  8. Build the <name>.mobileconfig package and run it on your computer to insure it works.