DEP - 10.13 - Machine needs restart before it will enrol

New Contributor II

We currently enrol our MacOS devices via DEP (utilising a PreStage Enrolment). Everything works fine apart from once a machine has completed its Apple Setup the machine does not automatically enrol into our server. A simply restart of the machine fixes this issue.

Currently running JSS 9.101.0, with the client machine having a clean version of 10.13 installed.


Valued Contributor III

We only use DEP on a few machines currently but we are seeing the same behaviour, it enrolls in MDM and gets the configuration profiles but the JAMF binary does not install until first restart, nothing else is required just restarting the machine.
Our server is internally visible only and behind quite a bit of security gear so perhaps that is relevant.

New Contributor II

This issue is still evident, I have brought up a development server and configured it the same as our live server. the development server does not exhibit the issue so I am thinking this rules out a network/config issue.

This leads me to think the issue is being caused by a managed device that is asking my JSS to do something that it doesn't like. Just to try and reduce the amount of possible causes we are now using the simplest PreStage enrolment policy as possible

A more in depth look into he issue has revealed that

  1. Device is picked up by DEP when going through Apple Setup.
  2. Once Apple Setup is completed the device has a record in our JSS but is showing up as unmanaged. MDM profile is installed but no other additional profiles are
  3. At this point nothing else happens, the Jamf binary does not get installed which in turn means the machine remains unmanaged and no additonal profiles are installed.
  4. As soon as the machine comes round after a restart the Jamf binary is installed and the machine shows up as managed in our JSS. At this point no profiles are installed.
  5. As soon as the device comes round after another restart the additional configuration profile is installed.

If I assign this device to our development server none of the above issues occur.

I am currently working on this with Jamf but after a couple of months we have made not been able to improve/resolve issue!

I realise I am leaving out quite a bit of information at the moment but I was mostly wondering if anybody else is having this issue?

Any suggestions would be greatly appreciated

New Contributor II

@EHoug I am Having this same issue did you ever figure this out???