Computers not enroll with DEP

yduchech
New Contributor III

Hi,

We have just started with DEP in our enterprise.

A user-initiated enrollment has been configured :
d37d017eff8e4695a763efb3e2614e9b

We have set an prestage enrollment with a few options (directory, account settings…).
When we run the setup assistance DEP on scoped computer, this computer does not enroll. But we can see it in inventory with the name « DEP - Serial Number ». I probably forget something…

We have tested in 10.10.5 and it's works, but not in 10.12.5.
Our JSS is in 9.97.

Have you met same issue ?

Many thanks for your support,

1 ACCEPTED SOLUTION

yduchech
New Contributor III

Our JSS was in 9.97, after upgrade into 9.100.0, the DEP enrollment completed.

View solution in original post

7 REPLIES 7

Wakko
Contributor II

8e36d60e399c485d864413b12dd0b0ad

@yduche I would try another Prestage without setting up anything I've circled red. Prestage with account payloads has been an issue. It's really a hit or miss. I would create an Enrollment Complete policy which lays down everything else. If that works and the machine enrolls, the binary is installed and everything is working. I would then reach out to your TAM to see if they could get the Prestage to work 100% of the time with you account Payload.

B-35405
Contributor

We had this issue at my place as well, and it turned out to be a cert issue. I use Require Authentication for all DEP enrollments, no issue. Our JAMF buddy asked to drop the 3rd party cert and use build in JAMF certs. The issue was resolved at that point. I'd check to make sure your certs are good for all systems related to JAMF and Apple DEP.

yduchech
New Contributor III

Hi @B-35405 , how to verify that own certs are good for Jamf and DEP ?

B-35405
Contributor

@yduche Unfortunately my Jamf buddy and I never found out what the issue was w/ the cert. We left the Built-in JAMF issued certs in place, the issue was resolved at that point. It's something for me to go back and look into at a later date and time.

TJ_Edgerly
New Contributor III

We had a few issues with our migration to DEP over netboot imaging. Specifically, when I set up a PreStage Enrollment and added anything (a tech admin account to be more specific) under the "Account Settings" the enrollment would only work sporadically. If the computer was not deleted from the JSS, then it would update with a new name (Ex. "DEP-XXXXXXXX") Once I removed the items from "Account Settings", my prestage worked perfectly.

They way i confirmed was to set up a DEP Prestage with only setting put in the "General Tab". As i moved down the list, i found that adding an account...or using the "Account settings" section to demote users to a standard account was the issue.

yduchech
New Contributor III

Hi @B-35405 , oh dear ! When do you edit the cert to modify that ?

Hi @TJ.Edgerly , we have already test to delete the items from "Account Settings", but it doesn't work… :/ Hum… I go proceed step by step for testing that.

yduchech
New Contributor III

Our JSS was in 9.97, after upgrade into 9.100.0, the DEP enrollment completed.