Mojave Upgrade Creates Unverifed MDM Profile

Question

I'm seeing an issue where once we apply the Mojave update to a machine, the MDM profile then gets listed as unverified and other pushes (IE apps and other profiles) don't come down until I remove the MDM and re enroll the machine.  Then of course I have to navigate to the profiles section of system preferences and approve the new verified mdm profile.  Is this normal behavior or is there a work around?

I've tried removing the MDM profile then doing a sudo jamf manage command, however I get an error saying "Error installing the computer level mdm profile: profiles install for file: '/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user 'root' returned -915 (Unable to contact the SCEP server at"https://ourserver.com:8443//CA/SCEP".)

Not sure If maybe I'm doing something wrong.

Gabe ShackneyPrinceton Public Schools

michaelprice · Accepted Answer

I am finding both of these commands run in this order is fixing the issue for me -- we have been struggling with known issue PI-000489 and this post helped me. Not sure if it has fixed our EDU profile yet, but I will report back.

sudo jamf trustjss
sudo jamf mdm -userLevelMdm

Saves us from disabling SIP, DEP re-enrollment trickery

GabePPS · Answer

So after some playing around I also found that we could use the command sudo jamf trustjss but I don't know yet whether it works to correct this issue until I do another machine.

Also I found that running sudo jamf mdm -userLevelMdm fixes another part of this problem that was causing our EDU profiles from getting through.

I'll post more info if I find out anything more.

Edit: Looks like just running the above user mdm command fixes this issue. the trustjss may not be needed.

Gabe Shackney
Princeton Public Schools

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded