Broken MDM Profile - howto remove a prestage mdm enrollment?

N4pst3r
New Contributor
Hello, community
 
I have a faulty MDM configuration on one of our MacBooks.
 
The enrollment was performed via the following command: sudo profiles renew -type enrollment
The profiles have been created, but a message comes with:
Registration with the management server failed.
The update to an MDM profile contains different server URL.
 
We have never received this message so far, nothing had changed.
 
In the dashboard of Jamf pro, however, no management is possible for this device.
the profile seems to be broken. In the administration, the points MDM remove or similar are not available.
 
How can we remove MDM management via CLI and run the management again?
 
We have already tried the following without success, the message remains the same and no administration is possible:
 
Sudo jamf removeMDMProfile.
 
 
The profiles remained in place, a new enrollment resulted in the same error.
 
A reset of the MacBook is out of the question.
 
Greets
3 REPLIES 3

rastogisagar123
Contributor II

Looks like Mac Wipe. Have you tried this sudo jamf enroll -prompt -noPolicy

Sagar Rastogi

AJPinto
Honored Contributor III

MDM Profiles are protected by SIP. You cannot remove them in normal situations. It is possible to disable SIP and use some terminal magic to force remove MDM profiles, but you stand a very high chance of breaking macOS in doing this. Your only correct option is to reinstall macOS and ideally enrolling with Automated Device Enrollment. 

 

MacOS can be reinstalled from Recovery, or by using DFU mode (if it's an Intel Mac it cannot have an EFI password as that cannot be removed by Apple Configurator).

oli
New Contributor III

Remove Jamf from the Mac using the following. After that you have to enroll the Mac again manually with <jamf-url>/enroll

sudo jamf removeFramework