Posted on 11-05-2020 01:35 PM
I have been having mixed success with using DEPnotify for our new out-of-the-box Macs lately. I have a DEPNotify package bundled, signed, and added to a PreStage Enrollment. I am also using the latest version of DEPNotify (1.1.5.)
Here is my situation:
After a quick and successful setup by Setup Assistant the DEPNotify app will load and begin the process. We currently request agreement of our EULA; have our staff enter their username, department, and asset tag; and then DEPNotify begins to install our standard apps.
More times than not, once the EULA and registration are entered, DEPNotify will speed through the Jamf registration and app installation progress. Within 30 seconds or so it says that it completed, but nothing has been updated in Jamf or is installed on the computer. The DEPNotify debug logs all show that it has completed successfully- but in actuality it failed.
After many hours of troubleshooting, it seems that the problem lies in the fact that everytime it fails, I notice that Self-Service has not yet been installed yet. I would also guess that maybe the Jamf Binary has also not finished being installed-- which would be a great reason why this would fail. Eventually, usually a minute or two after the failed DEPNotify setup/installation, Self-Service automatically installs and opens.
Our current work around is that once Self-Service loads, the same DEPNotify package can then be called from Self-Service (we run a cleanup script to remove the installation log files, etc. to allow us to run it again) and will install everything properly-- which again leads me to think that a incomplete Jamf Binary installation is the reason why it did not properly work after startup.
My questions are:
- Has anyone also experienced this and what was their best solution?
-Is there a better way to ensure that the Jamf Binary and Self-Service app installs before the setup assistant completes or before the DEPNotify app starts (I would like to avoid using the Enrollment Complete trigger to launch DEPNotify as it has been unreliable for us at times and seems to always be delayed--our teachers are impatient!)?
-To add to the previous question, could there be a way to hold the DEPNotify’s launch until it checks and confirms that Jamf binary is installed, or at the very least, displays a “Getting ready” screen before the EULA appears?
I appreciate everyone's thoughts and experiences. Thanks!
Posted on 11-05-2020 01:39 PM
@pchristl The Enrollment Complete trigger will be more reliable if you turn of Allow Network State Change Triggers in Settings->Computer Management->Check-in. Do that, and have an Enrollment Complete triggered Policy that runs your DEPNotify script after installing theDEPNotify .pkg will guarantee things don't run until after the jamf binary is installed.
Posted on 11-05-2020 02:14 PM
I always found that the enrollment complete trigger isn't very reliable when you have multiple policies that run on it, even more so if you need one to complete before another.
The way I get around that is by having an enrollment complete script, that checks if setup assistant is complete, and then calls the other policies one after another.
#!/bin/bash
###################################################
# ENROLLEMNT SCRIPT to call must run Jamf policys #
# Created by Michael on 6/9/19 #
###################################################
#
# Check if Setup Assistance Process is Still Running.
# If yes, wait till it finishes so this script will NOT proceed while running the Setup Assistant (Location Settings..etc)
#
SetupAssistance_process=$(/bin/ps auxww | grep -q "[S]etup Assistant.app")
while [ $? -eq 0 ]
do
/bin/echo "Setup Assistant Still Running... Sleep for 2 seconds..."
/bin/sleep 2
SetupAssistance_process=$(/bin/ps auxww | grep -q "[S]etup Assistant.app")
done
# Call self service policy
jamf policy -trigger self_service
#call erase and install policy
jamf policy -trigger erase_and_install
#call DEP notify policy
jamf policy -trigger DEP_Notify
exit 0