We recently started using DEP for our NYC office and we purchased some new machines. I checked deploy.apple.com and checked our prestage on JAMF and the serial numbers were listed as assigned for our ZeroTouch enrolment, but upon booting up the machines, they didn't automatically enroll and manage themselves, instead moving onto the backup screen (setting up without JAMF) so I am unsure what happened.
A reboot, and uncheck/recheck on the Prestage scope fixed the issue but we don't want to do that for every machine.
Let me know if you need further info. Much appreciated 🙂
Couple things may be going on here. It sounds like the clock is skewed so far from time.apple.com that it isn't allowing the machine to enroll properly. You can boot into recovery mode and open a terminal and do an ntpdate -u time.apple.com.
The other issue is that once the provisioning fails, you have to do some voodoo to get it to a place where it will offer to enroll again. Assuming you're not on 10.13.4 or higher, do the following (after confirming the clock is set correctly):
From single user mode, mount the filesystem as rw and do:
rm -rf /var/db/ConfigurationProfiles
rm -rf /Library/Keychains/apsd.keychain
It's astounding that Apple doesn't show you the clock during the Setup Assistant.