Our DEP isn't working in QA (it looks like some ports may need to be opened), so I tried PROD just to play around with DEP. We're currently on 9.81 in PROD and 9.96 in QA (we need to do some backend changed before upgrading). I assigned the test device to our PROD JSS, and got the prompt to configure it on start-up. I entered my credentials and got prompted to create an account. I checked out the profiles, and saw the MDM profile in there, so I figured it was successful.
I checked out the computer record, but the inventory hadn't fully updated (no OS version, hardware info etc). I then created a smart group based on the Prestage Enrollment group, but it didn't show up. That's when I realized it wasn't managed, and checked the machine and the jamf binary wasn't on the device. I had user-initialized enrollment configured as I saw in another thread. The only thing that I could think of, was I had all LDAP users set to enroll institution-owned devices only, but there's no option for that in the Purchasing tab, so I don't know how to define that. I made all LDAP users able to enroll both institution and personal-owned devices now. My ID is part of the admin group anyway, so that shouldn't be the issue.
I re-imaged the device to try with all users able to enroll, but still no go. I got logged in and went through Safari to manually enroll (had to refresh each page in the process and manually download the package before I could run it, but it worked). So, there's something happening with this enrollment process, but I'm not sure if 9.96 will magically fix it or not. Anyone else run in to this type of issue?
I also just ran into this issue yesterday, and the only way I could get it to move forward was to manually enroll. Once I manually enrolled, then it added itself to the prestage based smart group and the proceeded with the rest of my DEP workflow. I don't know what happened, nothing has changed on my end.
Edited to add: We're also on 9.96.
So for our issue I reported in December, I spoke to JAMF.
They mentioned that, in the payload for the DEP Prestage enrollment, don't add anything in the "Account Settings" section.
It will cause the enrollment to stop before the binary is laid down and enrollment with Casper is complete.
He mentioned it's a defect, but I am not sure what the number is.
So we are currently doing the Prestage enrollment with basic settings and using our create-administrator.pkg file like we usually do.
Seeing this behavior consistently on a couple MacBooks and sporadically on Mini. For me, it sees a configuration and goes into the process of installing it and then bombs out to create computer account. If I do that, it does not install much at all. After a reboot or two, it does show up as managed and has information attached, but it is obviously not complete the way it should be. Have a case open for this but with the impending snow in NC I likely won't get to test/troubleshoot until maybe Tuesday.
Throwing my hat into the ring as well, we started seeing it January 21st and are on 9.96 on premise. We've confirmed with Apple that recently enrolled devices are asking the JSS for a profile but not receiving one. Opening a ticket JAMF.
We are seeing if the manual refresh will help, just did the first refresh about an hour ago. Here's the entry from the Casper Admin Guide:
"Refreshing DEP Instance Information
The JSS allows you to manually refresh information in the DEP instance as needed.
If there is updated information in DEP, this information is displayed in the JSS."
Same issue here...DEP triggers during setup, enter in the account details and then sits on the desktop not doing anything. Used to work prior to 9.97 but we are on a Cloud instance so I can't roll back.
Noticed in the config URL it points to jssinstance/cloudenroll. The link itself doesn't work from a web browser so not sure if that link has modified in anyway.
FYI the Jamf tech support person who is dealing with my case said this is a known bug and to disable the Account Settings payload in order for DEP enrollment to fully complete. This is a little inconvenient for me because I ship new laptops over to our Berlin office where I am relying on DEP to create my admin account and auto-enroll users, as we have no IT support on site there, but I can come up with a workaround. Hopefully this gets worked out soon though because the Account Settings payload is one of the best features of prestage enrollment.
@steagle , thanks for posting this. Had been having this issue, this just saved me a bit of time. Still need to package up the accounts, but this gets my DEP enrollment working (again). Do you happen to know if there is an associated issue number?
For others, can confirm this issue exists on 9.99.2 too.
Same issue here as first reported by @ jkuo. We are on JSS 9.100.0-t1499435238 hosted version. Support stated that the accounts payload issue was fixed in 9.8 version and the troubleshooting is on-going. Worth it to re-test without the accounts payload just in case. Also seeing that manual enrollment using "jamf enroll -prompt" from the terminal restores functionality and other packages start flowing as they should.
Unfortunately removing the Accounts payload did not work for me.
Is there an update to this issue before I submit a support request?
We are on 9.10 (Hosted).
There is a laptop which will not accept the configuration or enrol into Jamf Pro yet I see the 'Configuration page' during set up. We are not creating accounts using Account Settings, just using the predefined Management Account. I can say it used to work prior to the .10 upgrade.
In additional testing for us, configuring anything other than the general tab in PreStaged Enrollment breaks the process. Also the machine if ending up in the "none" site even though a specific site is configured in DEP setup and in the PSE. Support acknowledges this to be an open issue that they are expecting to fix soon.
Wanted to post this in case it helps anyone else -
Running 9.96 on-prem here.
I've been fighting this same issue off and on for a few days. PreStage enrollments were not completing - machines were being left in an "unmanaged" state with no Configuration Profiles or Policies running on them and no Self-Service installed. I tried everything mentioned above - no dice. What finally worked for me was to disable this setting under the "User Initiated Enrollment" settings:
Restrict re-enrollment to authorized users only
Only allow re-enrollment of mobile devices and computers if the user has the applicable privilege (“Mobile Devices” or “Computers”) or their username matches the Username field in User and Location information
I also granted all LDAP users access to enroll Institutional devices (in "User Initiated Enrollment" > Access tab), which I'm guessing is also necessary, but didn't test without.
I had enabled the "Restrict re-enrollment..." setting previously since it seemed like a good idea to restrict re-enrollments only to users who had that privilege. I was trying to avoid users being able to un-enroll to bypass restrictions, then re-enroll whenever they wanted, and seemed like a harmless setting at the time.
As soon as I disabled this setting, pre-stage enrollments completed as expected, deploying Conf. Profiles and Policies and resulting in a fully managed machine.
Hopefully that helps someone else fighting the same issue.