DEP Enrollment Problems

tomhastings
Contributor II

Yesterday I successfully enrolled one DEP Mac. One. Every other attempt and the machine fails to connect to the MDM.
05cf50c75fb14aa2bb6f38dcd6c4bf6f
I have an open case and have been fighting with network security for months. Just reaching out to the community to see if others are experiencing the same problem. Why would only one Mac successfully enroll while others fail to connect?

7 REPLIES 7

MonkeyBoy
New Contributor
New Contributor

Try on a mobile hotspot, or un-restricted internet connection to see if it's your corporate network or not. Also if your jamf instance is on-prem it could be a certificate issue.

tomhastings
Contributor II

Same results with hotspot. I'm curious about the certificate issue, could you provide more information?
We are using built-in certificates because according to our network security team, publicly signed certificates on servers "never works out well".

tnielsen
Valued Contributor

I had this same problem last week. It's because we updated our certificate on the server. Go to:
Prestage Enrollments
Select your prestage
under options on the left you should see certificates. Delete the certificate from there. It should be blank unless you used a self signed cert. In which case you should update that certificate.

That should be all it is.

tomhastings
Contributor II

So I created a new new pre-stage and scoped three Macs. The first one enrolled, the other two didn't even pick up the pre-stage instruction. Did an erase and install to the two and they stopped at the same screen above.
Removed all three from the pre-stage and created a new one, removed the one from inventory. Erase and install on all three, then let it sit over night. Next morning all three are unable to reach the MDM server.

tomhastings
Contributor II

Problem solved! Jamf Cloud!

ns-ccollins
New Contributor II

@tomhastings What ended up being the solution for this? I'm experiencing the exact same issue and not finding much luck in any of the other discussions.

Our company just jumped on the bandwagon of using Jamf Pro so this was the very first [and last so far] Mac we have successfully deployed using pre-stage enrollment. I've opened a support ticket but am eager to get this resolved.

tomhastings
Contributor II

ns-ccollins, In that environment it all came down to the network security team not following Apple/Jamf best practices. I had Jamf stand-up a cloud demo and everything worked. Flawlessly. I got tied of fighting and left the company. The issue was not resolved at the time I left.

Working in three other environments that host on premises and had a successful DEP workflow the best advice I can give you is to make sure you have the network security team on-board with your project. Provide them all the documentation that Apple and Jamf publish.
Apple and Jamf are more than happy to have their security experts speak to the network security team to overcome any concerns.