Posted on 03-30-2018 11:11 AM
This may be really simple and I'm just missing something here, but someone enrolled a Mac into our Jamf, and I cannot get the computer to even show up to be added to the scope of any configuration profile. I've eliminated smart groups from the config profiles so the only scoped machines are done so individually, and when I search for the specific machine, it shows no results, but I can find it when I do an inventory search.
The other odd thing is that under the management tab of the specific computer, I'm used to seeing "Management Commands", and this computer does not show that at all, which leads me to believe that somehow it enrolled, but not completely.
So far, we've rerun our quick add (we haven't completely un-enrolled it) again, and I even sent over a newer one I've tested. It does run some policies, and I've scoped it individually to a policy. Just can't seem to do anything with config profiles.
Any thoughts?
Solved! Go to Solution.
Posted on 03-30-2018 11:23 AM
If you don't see "Management Commands" then that generally means MDM enrollment failed. You'll have to check on why. That will prevent configuration profiles from being pushed. It could also explain why you can't scope a profile to it, since it can't accept one.
Posted on 03-30-2018 11:23 AM
If you don't see "Management Commands" then that generally means MDM enrollment failed. You'll have to check on why. That will prevent configuration profiles from being pushed. It could also explain why you can't scope a profile to it, since it can't accept one.
Posted on 03-30-2018 11:26 AM
Appreciate it. We've had some trouble with our quick add packages in the past where they "fail" but everything is fine, and all MDM functionality is there, but this computer did show a "failed" enrollment during the process of running the quick add, so I'll look in to that.
Thanks again!
Posted on 03-30-2018 12:47 PM
For what it's worth, we turned on MDM relatively recently and found that enrollments were failing because the JSS SCEP process for MDM enrollment requires stricter certificate evaluation than the rest of the jamf enrollment process. We had to make sure our internal root certs (that issued the JSS' SSL cert) were installed and trusted beforehand. I re-rolled the Quickadd with a postflight script to do that.