Help

Computers not enroll with DEP

Go to solution
yduchech
New Contributor III

Posted on ‎07-18-2017 07:17 AM

Hi,

We have just started with DEP in our enterprise.

A user-initiated enrollment has been configured :
d37d017eff8e4695a763efb3e2614e9b

We have set an prestage enrollment with a few options (directory, account settings…).
When we run the setup assistance DEP on scoped computer, this computer does not enroll. But we can see it in inventory with the name « DEP - Serial Number ». I probably forget something…

We have tested in 10.10.5 and it's works, but not in 10.12.5.
Our JSS is in 9.97.

Have you met same issue ?

Many thanks for your support,

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
yduchech
New Contributor III

Posted on ‎08-23-2017 06:45 AM

Our JSS was in 9.97, after upgrade into 9.100.0, the DEP enrollment completed.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
Wakko
Contributor II

Posted on ‎07-18-2017 07:28 AM

8e36d60e399c485d864413b12dd0b0ad

@yduche I would try another Prestage without setting up anything I've circled red. Prestage with account payloads has been an issue. It's really a hit or miss. I would create an Enrollment Complete policy which lays down everything else. If that works and the machine enrolls, the binary is installed and everything is working. I would then reach out to your TAM to see if they could get the Prestage to work 100% of the time with you account Payload.

0 Kudos

Go to solution
B-35405
Contributor

Posted on ‎07-18-2017 08:48 AM

We had this issue at my place as well, and it turned out to be a cert issue. I use Require Authentication for all DEP enrollments, no issue. Our JAMF buddy asked to drop the 3rd party cert and use build in JAMF certs. The issue was resolved at that point. I'd check to make sure your certs are good for all systems related to JAMF and Apple DEP.

0 Kudos

Go to solution
yduchech
New Contributor III

Posted on ‎07-19-2017 02:34 AM

Hi @B-35405 , how to verify that own certs are good for Jamf and DEP ?

0 Kudos

Go to solution
B-35405
Contributor

Posted on ‎07-19-2017 06:41 AM

@yduche Unfortunately my Jamf buddy and I never found out what the issue was w/ the cert. We left the Built-in JAMF issued certs in place, the issue was resolved at that point. It's something for me to go back and look into at a later date and time.

0 Kudos

Go to solution
TJ_Edgerly
New Contributor III

Posted on ‎07-19-2017 12:07 PM

We had a few issues with our migration to DEP over netboot imaging. Specifically, when I set up a PreStage Enrollment and added anything (a tech admin account to be more specific) under the "Account Settings" the enrollment would only work sporadically. If the computer was not deleted from the JSS, then it would update with a new name (Ex. "DEP-XXXXXXXX") Once I removed the items from "Account Settings", my prestage worked perfectly.

They way i confirmed was to set up a DEP Prestage with only setting put in the "General Tab". As i moved down the list, i found that adding an account...or using the "Account settings" section to demote users to a standard account was the issue.

0 Kudos

Go to solution
yduchech
New Contributor III

Posted on ‎07-20-2017 05:35 AM

Hi @B-35405 , oh dear ! When do you edit the cert to modify that ?

Hi @TJ.Edgerly , we have already test to delete the items from "Account Settings", but it doesn't work… :/ Hum… I go proceed step by step for testing that.

0 Kudos

Go to solution
yduchech
New Contributor III

Posted on ‎08-23-2017 06:45 AM

Our JSS was in 9.97, after upgrade into 9.100.0, the DEP enrollment completed.

0 Kudos