Posted on 10-27-2016 09:05 AM
Our DEP isn't working in QA (it looks like some ports may need to be opened), so I tried PROD just to play around with DEP. We're currently on 9.81 in PROD and 9.96 in QA (we need to do some backend changed before upgrading). I assigned the test device to our PROD JSS, and got the prompt to configure it on start-up. I entered my credentials and got prompted to create an account. I checked out the profiles, and saw the MDM profile in there, so I figured it was successful.
I checked out the computer record, but the inventory hadn't fully updated (no OS version, hardware info etc). I then created a smart group based on the Prestage Enrollment group, but it didn't show up. That's when I realized it wasn't managed, and checked the machine and the jamf binary wasn't on the device. I had user-initialized enrollment configured as I saw in another thread. The only thing that I could think of, was I had all LDAP users set to enroll institution-owned devices only, but there's no option for that in the Purchasing tab, so I don't know how to define that. I made all LDAP users able to enroll both institution and personal-owned devices now. My ID is part of the admin group anyway, so that shouldn't be the issue.
I re-imaged the device to try with all users able to enroll, but still no go. I got logged in and went through Safari to manually enroll (had to refresh each page in the process and manually download the package before I could run it, but it worked). So, there's something happening with this enrollment process, but I'm not sure if 9.96 will magically fix it or not. Anyone else run in to this type of issue?
Posted on 10-27-2016 10:12 AM
I also just ran into this issue yesterday, and the only way I could get it to move forward was to manually enroll. Once I manually enrolled, then it added itself to the prestage based smart group and the proceeded with the rest of my DEP workflow. I don't know what happened, nothing has changed on my end.
Edited to add: We're also on 9.96.
Posted on 10-28-2016 11:28 AM
I am also on 9.96 and am having the same issue. It is sporadic.
Posted on 12-11-2016 07:53 PM
Did any of you guys figure this out?
I am trying out Casper in the cloud, and trying out DEP at the same time, and it runs 9.96.
DEP is enrolling the devices - they show unmanaged, and there is no jamf binary present.
I don't know how to fix this.
Posted on 01-05-2017 08:25 AM
I am running into this now too. I am on 9.97 cloud based. The only way around I have found is to user-initiate enrollment.
Posted on 01-05-2017 12:18 PM
I am having the same issue with a cloud hosted 9.97 JSS and DEP. The computer seeings the DEP prompt that it will be managed, but then the JAMF binary is never installed, the computer shows in the JSS as managed. Anyone having any success using DEP enrollment?
Posted on 01-05-2017 12:30 PM
I'm having DEP issues today as well. Computer is assiged to a Pre-stage, but does not hit DEP during Setup Assistant.
Posted on 01-05-2017 01:01 PM
So for our issue I reported in December, I spoke to JAMF.
They mentioned that, in the payload for the DEP Prestage enrollment, don't add anything in the "Account Settings" section.
It will cause the enrollment to stop before the binary is laid down and enrollment with Casper is complete.
He mentioned it's a defect, but I am not sure what the number is.
So we are currently doing the Prestage enrollment with basic settings and using our create-administrator.pkg file like we usually do.
Posted on 01-06-2017 04:51 AM
Seeing this behavior consistently on a couple MacBooks and sporadically on Mini. For me, it sees a configuration and goes into the process of installing it and then bombs out to create computer account. If I do that, it does not install much at all. After a reboot or two, it does show up as managed and has information attached, but it is obviously not complete the way it should be. Have a case open for this but with the impending snow in NC I likely won't get to test/troubleshoot until maybe Tuesday.
Posted on 01-24-2017 06:11 AM
Starting seeing this issue Yesterday (23Jan2017) where it was working perfectly last week. I'm on 9.96 on-prem.
I've changed the Prestage to be very minimal and still no luck.
Any help would be greatly appreciated.
Posted on 01-24-2017 06:30 AM
I'm also seeing the same thing, was working last week as well. I had a machine i left running over night to see but it looks like nothing had happened in terms of enrollment , etc
Posted on 01-30-2017 04:37 PM
Throwing my hat into the ring as well, we started seeing it January 21st and are on 9.96 on premise. We've confirmed with Apple that recently enrolled devices are asking the JSS for a profile but not receiving one. Opening a ticket JAMF.
We are seeing if the manual refresh will help, just did the first refresh about an hour ago. Here's the entry from the Casper Admin Guide:
"Refreshing DEP Instance Information
The JSS allows you to manually refresh information in the DEP instance as needed.
If there is updated information in DEP, this information is displayed in the JSS."
Posted on 01-31-2017 07:28 AM
Ended up working with JAMF Support and come to find out Java was updated on our server which was causing issues. Once we confirmed that Tomcat was looking at the correct version folder for JRE and updated the JCE policy files, everything started working again.
Posted on 03-29-2017 08:00 AM
Do we have an answer for this? DEP not enrolling initially is very sporadic.
Posted on 05-23-2017 10:13 AM
I too am having this issue. Laptops are very unreliable about triggering DEP during Setup. We are using Jamf Cloud so don't have any control over Java or anything.
Posted on 05-23-2017 01:20 PM
Same issue here...DEP triggers during setup, enter in the account details and then sits on the desktop not doing anything. Used to work prior to 9.97 but we are on a Cloud instance so I can't roll back.
Noticed in the config URL it points to jssinstance/cloudenroll. The link itself doesn't work from a web browser so not sure if that link has modified in anyway.
Posted on 05-24-2017 09:52 AM
Hm, we're having issues as well. DEP is configured, Pre-stage is configured, but the MacBooks selected are not triggering DEP during startup. Our instance is cloud based as well. Anyone come across a solution?
Posted on 06-02-2017 08:28 AM
Same issue here as well. We're on cloud-managed 9.98. Sporadic behavior - Some laptops semi-enroll and appear in Jamf computer list but do not receive the Jamf binary; upon reboot they are fully enrolled. And some DEP laptops do not enroll at all after initial setup.
Posted on 06-02-2017 08:37 AM
@steagle im on 9.96 and having a specific weird issue posted here : https://www.jamf.com/jamf-nation/discussions/24237/dep-w-10-12-5-done-from-internet-recovery-account-creation-issue
going up grade jss to see if it changes
Posted on 06-07-2017 11:46 AM
FYI the Jamf tech support person who is dealing with my case said this is a known bug and to disable the Account Settings payload in order for DEP enrollment to fully complete. This is a little inconvenient for me because I ship new laptops over to our Berlin office where I am relying on DEP to create my admin account and auto-enroll users, as we have no IT support on site there, but I can come up with a workaround. Hopefully this gets worked out soon though because the Account Settings payload is one of the best features of prestage enrollment.
Posted on 06-07-2017 11:50 AM
I concur with @steagle
Once I made that change, it started working again for us.
We currently deploy a pkg to create our administrator account, but a full DEP workflow will change the order of operations somewhat.
Posted on 07-21-2017 06:16 AM
@steagle , thanks for posting this. Had been having this issue, this just saved me a bit of time. Still need to package up the accounts, but this gets my DEP enrollment working (again). Do you happen to know if there is an associated issue number?
For others, can confirm this issue exists on 9.99.2 too.
Posted on 08-04-2017 02:52 PM
Same issue here, I would like to skip account creation, but enabling Account Settings payload producing unmanaged Macs. Most likely I will open a ticket with JAMF support.
Posted on 08-05-2017 11:02 AM
Same issue here as first reported by @ jkuo. We are on JSS 9.100.0-t1499435238 hosted version. Support stated that the accounts payload issue was fixed in 9.8 version and the troubleshooting is on-going. Worth it to re-test without the accounts payload just in case. Also seeing that manual enrollment using "jamf enroll -prompt" from the terminal restores functionality and other packages start flowing as they should.
Unfortunately removing the Accounts payload did not work for me.
Posted on 08-25-2017 10:52 AM
Is there an update to this issue before I submit a support request?
We are on 9.10 (Hosted).
There is a laptop which will not accept the configuration or enrol into Jamf Pro yet I see the 'Configuration page' during set up. We are not creating accounts using Account Settings, just using the predefined Management Account. I can say it used to work prior to the .10 upgrade.
Posted on 08-25-2017 11:21 AM
In additional testing for us, configuring anything other than the general tab in PreStaged Enrollment breaks the process. Also the machine if ending up in the "none" site even though a specific site is configured in DEP setup and in the PSE. Support acknowledges this to be an open issue that they are expecting to fix soon.
Posted on 08-29-2017 01:05 PM
Wanted to post this in case it helps anyone else -
Running 9.96 on-prem here.
I've been fighting this same issue off and on for a few days. PreStage enrollments were not completing - machines were being left in an "unmanaged" state with no Configuration Profiles or Policies running on them and no Self-Service installed. I tried everything mentioned above - no dice. What finally worked for me was to disable this setting under the "User Initiated Enrollment" settings:
Restrict re-enrollment to authorized users only
Only allow re-enrollment of mobile devices and computers if the user has the applicable privilege (“Mobile Devices” or “Computers”) or their username matches the Username field in User and Location information
I also granted all LDAP users access to enroll Institutional devices (in "User Initiated Enrollment" > Access tab), which I'm guessing is also necessary, but didn't test without.
I had enabled the "Restrict re-enrollment..." setting previously since it seemed like a good idea to restrict re-enrollments only to users who had that privilege. I was trying to avoid users being able to un-enroll to bypass restrictions, then re-enroll whenever they wanted, and seemed like a harmless setting at the time.
As soon as I disabled this setting, pre-stage enrollments completed as expected, deploying Conf. Profiles and Policies and resulting in a fully managed machine.
Hopefully that helps someone else fighting the same issue.
Posted on 01-24-2018 08:42 PM
We are facing same issue on 10.10 cloud.
So far no luck.
Posted on 01-25-2018 06:11 AM
I just configured a DEP Macbook this morning, We're not cloud based, so maybe it's that?
Posted on 01-30-2018 08:24 AM