- Jamf Nation Community
- Products
- Jamf Pro
- Apple Configurator 2 and Automatic Enrolment into ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Apple Configurator 2 and Automatic Enrolment into Profile Manager
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-02-2016 07:16 AM
Hi i am configuring Apple Configurator 2 for the first time.
I have existing profiles which i will use from Apple Configurator 1 which connect my iPads to the wireless network with proxy settings etc.
Basically i would like to prepare the device by supervising it and then enrolling it into my own MDM server Profile Manager without using DEP. I then apply my blueprint which contains my profile for the wireless network connection.
The iPad then comes up with a configuration screen which allows me to choose apply configuration. However when i try to type in the username of an open directory/active directory user in Profile Manager the credentials do not go through and unfortunately there is not even an error.
I basically would like to automatically enrol my iPads straight into profile manager from Apple Configurator 2 without using DEP.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-27-2016 03:54 AM
I am experiencing the same issue. I haven't found any documentation from Apple or guides on any blogs about how to supervise and enroll existing devices which are not in the DEP.
I have noticed that when you fill out your hostname in the mdm server URL field, it fills in /devicemanagement/api/device/dep_mdm_enroll sometimes. This makes me suspect that it only works with DEP enrolled devices, but I haven't found any information confirming or denying that. I did look at the Profile Manager logs in OSX server and it's giving 401 unauthorized errors:
1:: [13961] [2016/04/26 16:20:12.755] <192.168.244.8> >>> Processing POST dep_mdm_enroll
1:: [13961] [2016/04/26 16:20:12.759] signerIndex = 0, signStatus = 1
0:: [13961] [2016/04/26 16:20:12.794] <192.168.244.8> EXCEPTION: 401 Unauthorized - Requesting user digest authentication at
#0 /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/php/dep_mdm_enroll.php(173): DieUnauthorized('Requesting user...')
#1 /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/php/dep_mdm_enroll.php(201): _request_authorization('a7742da74c462b5...')
#2 {main}
1:: [13961] [2016/04/26 16:20:12.794] <192.168.244.8> <<< Sent Final Output (55 bytes) - POST dep_mdm_enroll
0:: [13961] [2016/04/26 16:20:12.794] <192.168.244.8> Completed in 43ms | 401 Unauthorized [https://<hostname>/devicemanagement/api/device/dep_mdm_enroll]Has anyone had any luck getting this to work?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-27-2016 06:40 AM
It looks like you need to set up a 'Supervision Identity' and do a Manual Configuration (haven't done this yet myself). Maybe these links will help?
Apple Configurator 2: getting an iPad ready for ZuluDesk
Automate MDM Enrollment Using Apple Configurator 2
Sharing a Supervision Identity Between JSS and Apple Configurator 2
Apple Configurator 2 Help - Prepare devices manually
chris
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-28-2016 08:43 PM
I have a supervision identity defined and I'm able to supervise devices with Apple Configurator 2. I can manually enroll them into the profile manager MDM by browsing to https://hostname.domain/mydevices on the device and pushing enroll, but when I try to do the enrollment with Apple Configurator, it prompts for the username and password from the device on first boot. When giving good credentials at this step, the device server log is showing the errors I mentioned above. I have a case open with Apple enterprise support to resolve this and they've admitted I have a good setup and escalated my case to a senior advisor and now to engineering. I think it's a bug.
I also watched the iPhone log with Xcode and according to the device it can't reach the MDM server, even though the events are showing up in the logs on the MDM server. We are certain it is not a networking problem. The senior apple advisor said he encountered another client with the same issue just yesterday.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-04-2016 12:36 AM
Anyone have any luck with this? Having the same issue that the iPad is asking for a username and password when I try to enrol from the setup screen. If I enter the local credentials used on the on the mac for profile manager, it installs the profile. I want to avoid that.
If I supervise the ipad, set it up (without enrolment) and then push the enrolment profiles to the iPad after setup it doesn't ask for any credentials.
