Help

Bootstrap Token not supported on server Error

baric-dondarion
New Contributor II

Posted on ‎01-10-2024 07:23 PM

Hello People, While troubleshooting a failed policy deployment I came across this error message
Error: Bootstrap token must be escrowed to the Jamf Pro server in order for computers with Apple Silicon (i.e., M1 chip) to use RestartDevice MDM command.

I tried manually with “sudo profiles install -type bootstraptoken” but I got this error
Bootstrap Token functionality is not supported on the server.

 

My user is an admin and has securetoken enabled according to “sysadminctl -secureTokenStatus

sudo fdesetup list -extended” also lists my user admin as Volume owner and I have filevault enabled.

I can also carry out update on the computer without issues.

The laptop operates like a test computer and I have had to enrol and unenrol it multiple times. could that be the cause of the Bootstrap Token functionality is not supported on the server. error?

Some information about my setup

Computer operates more or less like a test laptop and gets unenrolled and enrolled to jamf multiple times.
JAMF Cloud Version is 11.1.1-t1701704198
Enrollment is via user initiated

I noticed a couple of computers in our JAMF inventory seem to have been affected by this issue but not all of them.I got scant results from my search about this particular Bootstrap Token functionality is not supported on the server error and got very scant result, both on google and on hereI would really appreciate any insight on this

0 Kudos
Reply
6 REPLIES 6

cbrewer
Valued Contributor II

Posted on ‎01-11-2024 12:20 PM

We've had a few Macs in our environment lately where bootstrap token is reported as Not Supported. So far, the only fix I've found is to remove the MDM profile for that Mac, delete the computer record from Jamf and then re-enroll it. Re-enrolling without deleting the computer record in Jamf will result in the same bootstrap token Not Supported problem.

Reply

owen_burtonrg
New Contributor II
In response to cbrewer

Posted on ‎10-03-2024 07:39 AM

@cbrewer I re-enrolled a device after removing all profiles from the Mac by using the commands:

cd /var/db/ConfigurationProfiles

sudo rm -rf *

sudo mkdir Settings

sudo touch Settings/.profilesAreInstalled

To remove the profiles from the device and used the following command to enrol the Mac:

sudo profiles renew -type enrollment

However after doing this I got the same error same error 

Bootstrap Token functionality is not supported on the server.

Are there any other commands or solutions I can try to resolve this error?

Kind regards,

Owen Burton

0 Kudos
Reply

cbrewer
Valued Contributor II
In response to owen_burtonrg

Posted on ‎10-03-2024 07:49 AM

Did you delete the computer record from Jamf Pro before re-enrolling?

0 Kudos
Reply

owen_burtonrg
New Contributor II
In response to cbrewer

Posted on ‎10-03-2024 09:02 AM

I did remove the Mac from Jamf before re-enrolling.

0 Kudos
Reply

owen_burtonrg
New Contributor II
In response to owen_burtonrg

Posted on ‎10-03-2024 07:55 AM

I have solved this by re-issuing the FileVault key after re-enrolling the Mac.

0 Kudos
Reply

owen_burtonrg
New Contributor II
In response to cbrewer

Posted on ‎10-04-2024 09:40 AM

@cbrewer Is there a way to run the following commands without disabling System Integrity Protection?

cd /var/db/ConfigurationProfiles

sudo rm -rf *

sudo mkdir Settings

sudo touch Settings/.profilesAreInstalled

We don't to have users to go into recovery mode and disable SIP to resolve this issue. And if possible would prefer to have a script which and re-enrol a Mac into Jamf after removing the record. Thanks for your help in advance.

0 Kudos
Reply