Help

Enrolled Computer prompting for Device Enrollment

Go to solution
AdamCraig
Contributor III

Posted on ‎12-17-2019 08:01 AM

I have a user who is repeatedly getting prompted for Device Enrollment. The computer has an approved MDM profile, the device is checking in and running policies, and has all of the expected profiles. Yesterday I manually re-enrolled via our mycompany.jamfcloud.com/enroll site, but this morning the user informed me he is getting the prompt again.

my next thought is to run sudo jamf removeFramework then manually re-enroll again, but wanted to see if there are any other ideas.

8a78d2a36a2148dc8332d3fb5203f608

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
AdamCraig
Contributor III

Posted on ‎01-09-2020 01:29 PM

@txhaflaire that worked, it ended up being a little more involved. Posting my full steps here in case someone else runs into this:
Remove MDM profile via Jamf

Sudo Jamf removeFramework

verify all profiles are gone. Remove profiles that aren’t.

sudo profiles renew -type enrollment

Have user approve the profile

Received error: The mdm server for your organization returned an unexpected status 403

delete the /Library/keychains/apsd.keychain file https://www.jamf.com/jamf-nation/discussions/29413/device-enrollment-installation-failed-the-mdm-server-for-your-organization-returned-an-unexpected-status-403

Actually needed to reboot into safe mode (by holding shift at boot) due to terminal and other apps crashing.

sudo profiles renew -type enrollment

Approved profile, and Jamf start pushing other computer profiles down.

Rebooted back into normal mode and the apps that were crashing were to be working normally.

View solution in original post

5 REPLIES 5

Go to solution
AdamCraig
Contributor III

Posted on ‎12-17-2019 12:27 PM

update: sudo profiles renew -type enrollment just immediately brings up the prompt again and it still fails to install over the currently installed MDM profile.

0 Kudos

Go to solution
ThijsX
Valued Contributor
Valued Contributor

Posted on ‎12-17-2019 12:31 PM

@strayer Are you able to remove the user-approved MDM profile, and then do the "sudo profiles renew -type enrollment" ?

0 Kudos

Go to solution
AdamCraig
Contributor III

Posted on ‎01-09-2020 01:29 PM

@txhaflaire that worked, it ended up being a little more involved. Posting my full steps here in case someone else runs into this:
Remove MDM profile via Jamf

Sudo Jamf removeFramework

verify all profiles are gone. Remove profiles that aren’t.

sudo profiles renew -type enrollment

Have user approve the profile

Received error: The mdm server for your organization returned an unexpected status 403

delete the /Library/keychains/apsd.keychain file https://www.jamf.com/jamf-nation/discussions/29413/device-enrollment-installation-failed-the-mdm-server-for-your-organization-returned-an-unexpected-status-403

Actually needed to reboot into safe mode (by holding shift at boot) due to terminal and other apps crashing.

sudo profiles renew -type enrollment

Approved profile, and Jamf start pushing other computer profiles down.

Rebooted back into normal mode and the apps that were crashing were to be working normally.

Go to solution
UESCDurandal
Contributor II

Posted on ‎01-28-2020 02:18 PM

@strayer Are you on Jamf Pro 10.15.0 or higher? It looks like the issue that requires you to delete the apsd.keychain file was solved with this release.

0 Kudos

Go to solution
UESCDurandal
Contributor II

Posted on ‎01-28-2020 02:24 PM

https://www.jamf.com/jamf-nation/feature-requests/8525/when-device-certificates-signed-apple-iphone-device-ca-are-evaluated-their-validity-dates-should-be-ignored

0 Kudos