Hi,
Is anybody having an issue with prestage enrolments not syncing for the last 4 days.
Our devices can be added to the prestage but do not enrol when the device is turned on and connected to the wireless.
Our DEP program is working, and devices are showing in Jamf.
Any ideas?
Thanks
Simon
@a.simmons. Thanks for the info. Looks like I will be needing to open a support ticket. This is my test/dev server which I recently rebuilt from scratch. Maybe ASM is still pointing to an old token even though I recreated them now a few times. My syncs all seem to be working well, I just can't get the clients to go into the PreStage at Setup. Hopefully Support can get this resolved.
Same thing going on here as well with our Jamf Cloud Prestage. Not to the level some of you are reporting. What I'm seeing is I add a device to a prestige and save. The device is then in the prestage with the box checked but is listed as unassigned. If I wait about 15 min or so the device will then be listed as assigned. However the sync does not update. It's very unstable at the moment.
I found the resolution to my issue with PreStage not being initiated on the client-side. Turns out it was a user permissions setting on my end.
The Management Account I had assigned to the PreStage only had Site Access privileges, not Full Access privileges. Adjusting the permissions fixed it.
Cheryl
None of mine have Synced since 6th June but I was able to make a new one.
A bit of a problem as new devices go to iOS by default and I need to move one I just Assigned to Library Kiosk...
I was able to work around the above by unchecking Automatically add new devices then saving, going back into the iOS PreStage and removing the device from scope.
Since the changes to DEP and the addition of Auto Assigning devices in AMS I have found DEP for both Macs and iOS a bit slower and more cumbersome to use.
I cannot create a new prestage as a result of this now....my existing ones still work fine however
Chiming in here on this topic as it may help others.
It looks like I was unable to save a new PreStage Enrollments object in Jamf Pro using Chrome on my Mac. I was able to create one using Internet Explorer. I am on Jamf Pro v10.11.1.
I seem to be having the same exact issue. My profile shows 11/2/19 last sync but in the DEP settings the date and time is up to date. I even downloaded a new public key and uploaded a new token but no luck.
Are there some objects missing in the prestageProfile? You can try to make a change at this profile, e.g. changing the contact informations.
It should then update the sync after a change has been done.
@morti I ended up making a change and it did update. Now it seems my machines won't even go past the remote management screen. "Failed to connect to Mobile Device Management Server" is what I keep getting. I've opened a ticket with support and they are trying to figure it out. We went through all the troubleshooting steps.
@NGKF Are you running a cluster configuration and have enrollment restricted to just Macs, or just iOS? If so, try allowing both types. Apparently 10.15.0 introduced a bug where an enrollment attempt would incorrectly determine the device type and cause a failure if both macOS and iOS weren't enabled to enroll.
Yeah can confirm the fix to this issue is to go to your PreStage enrollment. Edit. Under the General section, add or make a change to the Support Phone Number field. Click Save. This will FORCE a sync somehow.
On our Jamf Pro server, although the PreStage Enrollment last sync is also showing the time stamp quite a while ago, it does appear still working. Unticking a device in the PreStage Enrollment scope does show the device assignment status from Assigned - Pending Sync to Not Assigned after a little while. But the device assigned time stamp does not get updated.
It's interesting to note that because we are not automatically assigning the PreStage Enrollment to the DEP device yet, this laptop was the last one we manually assigned the PreStage Enrollment which happened last year in July. Even though I'm making changes to this device now, the device assigned column of the PreStage Enrollment scope view still has the same old time stamp. This is telling me this device assigned attribute is actually referring the MDM server assignment in DEP rather than the PreStage Enrollment assignment.
I'm experiencing a similar thing. ABM/Jamf think the sync is current, but my PreStages are clearly not in sync (recent changes arent being picked-up at enrollment time). Each time I want to make a PreStage Enrollment change, I have to reimport a new token (even though the current token is fairly new) - or other 'tricks' to get it syncing again. Odd.
I'm doing a lot of Prestage changes and testing right now so this has been a point of friction in my workflow. "Ain't nobody got time for this"
@dstranathan - I have had a similar experience about a few weeks ago. The difference was that I could see that the sync failed (within Automated Device Enrollment) and would have to do the whole 'renew the token' bit through ABM... I opened a case and Jamf support basically stated there's no way to identify the root cause of it.. :(
Had this happen to me today. Needed to make some changes to my Prestage profiles and it failed to sync (and stayed like that).
Followed @benducklow @dstranathan instructions to renew the token in ABM and got the Prestage profiles to sync almost instantly. Defiantly a bug in the process that needs fixed. Didn't use to error out when making changes to Prestage profiles.
@stutz I am not sure it's the same issue but when it happens here I simply change and save a minor info in the Prestage (such as the contact phone number) and the sync immediately shows as completed. I found this workaround in another post here on JN. Hope it helps.
Response from Jamf Support. Appears our environment is operating normally since update 10.11.
"The token sync which syncs devices assignments and settings in the DEP prestages will happen every 5 minutes. That was the new update with DEP prestage refactoring in 10.11. So if we add or remove a device to a prestage that will get updated on the back end during the next token sync. But the "Last Sync" time won't actually update until the DEP prestage settings themselves update. When we make changes to the actual settings in the General pane, such as changing steps that are skipped or not, the phone number, display etc. then that will kick off an update of the DEP prestage settings themselves and that field will then update at next token sync. We will then see a new message in the interim stating "Awaiting next sync". Making changes to other panes will not initiate a new sync of the prestage as those settings are not being sent to Apple, only the General pane settings."
@bhart Thanks for this! Found this issue while troubleshooting a different problem. Glad to see it's expected behavior. Indeed, when I made a change to a setting in the General tab (disable skipping Location), the last sync was reset to seconds ago.
Thought I'd chip in as had a similar issue to this today.
Our CTO had brought a new M1 Macbook whilst out in the US in the Black Friday sales whilst at a conference and was under strict instructions to WAIT to set it up until I'd enrolled it to our ABM via Apple Configurator on an iPad (that REALLY is a great feature now!)
Spent most of the day running through suggestions on here (bar cert renew one) and swapping it between 2 different PreStages to no avail.
Eventually thought I'd just run through Setup Assistant with a dummy user and try enrollment via command line in OS and that worked as expected so it was definitely able to pickup the profile.
I then issued Wipe Computer command and it reset and ran through re-activation and SA again and this time it actually started the enrollment at the expected point :)
Thought I'd chip in as had a similar issue to this today.
Our CTO had brought a new M1 Macbook whilst out in the US in the Black Friday sales whilst at a conference and was under strict instructions to WAIT to set it up until I'd enrolled it to our ABM via Apple Configurator on an iPad (that REALLY is a great feature now!)
Spent most of the day running through suggestions on here (bar cert renew one) and swapping it between 2 different PreStages to no avail.
Eventually thought I'd just run through Setup Assistant with a dummy user and try enrollment via command line in OS and that worked as expected so it was definitely able to pickup the profile.
I then issued Wipe Computer command and it reset and ran through re-activation and SA again and this time it actually started the enrollment at the expected point :)
Just to note, if your CTO powered on the Mac and connected it to the internet and didn't wait until the device was in your ABM instance and assigned to a PreStage Profile, that is the problem.
Basically, the device will reach out to Apple's Activation Servers and check if it has an Activation Record (to ADE enroll) and it caches that info on the device (so that Mac had an empty Activation Record). So it will not check again until you can force it via the profile renew -type enrollment command.
To resolve you have several poor options:
All of which are not great/easy for a remote end user, which is when this most often happens.
@stutz I am not sure it's the same issue but when it happens here I simply change and save a minor info in the Prestage (such as the contact phone number) and the sync immediately shows as completed. I found this workaround in another post here on JN. Hope it helps.
I found the same also, updating the Prestage Display Name or Phone Number seemed to force the sync...
@stutz I am not sure it's the same issue but when it happens here I simply change and save a minor info in the Prestage (such as the contact phone number) and the sync immediately shows as completed. I found this workaround in another post here on JN. Hope it helps.
We updated support phone number and that worked. Thank you!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.