Enrolled via DEP: No (?? - YES!)

jsantiago
New Contributor II

I am testing no-touch app installs and configuration with DEP Mac devices in JAMF.
I have a DEP Mac that I registered with JAMF and initially the device info did note that YES it was enrolled via DEP. After testing many settings I wiped the MAC and deleted the entry in JAMF so it can be configured as a new machine. However, thereafter, in the JAMF computer info, the info states that NO it was not enrolled via DEP. The thing is I have a smart group to add devices enrolled via DEP so now this workstation cant be added and the policies i have created that are tied to the smart group do not apply to this machine.
What is the trick to get JAMF to recognize that this mac was enrolled via DEP?
I also have one error come up: Command requires DEP enrollment: UserList <MDMClientError:74>
Thanks!
74fc4931b414474886202ebde4bc1fb2

2 ACCEPTED SOLUTIONS

chriscollins
Valued Contributor

I can't address why that is showing as no but my recommendation is to build your smart group around the criteria "Enrollment Method = PreStage enrollment: <name of prestage enrollment>" instead of using that Enrolled via DEP criteria. It will always be accurate. We set our smart group with that as the criteria and enrolled within the last day.

Also I just checked and I am pretty sure jamf gets that status of Enrolled via DEP from the profiles command.

sudo profiles status -type enrollment

I just checked and on a lot of machines that were enrolled via DEP its saying NO even though it was so the underlying profiles command might be giving back bad info.

View solution in original post

jsantiago
New Contributor II

I believe I found the solution to the "Enrolled via DEP: No" issue.
In this case I was getting the following error: Command requires DEP enrollment: UserList <MDMClientError:74>
So I triggered DEP on an already configuered mac by running the following:

For lower than 10.13.4: sudo /usr/libexec/mdmclient dep nag

For 10.13.4 and higher: sudo profiles renew -type enrollment

This cleared all the profiles and re-registered it.
Now JAMF see "Enrolled via DEP:" as YES.

Still @chriscollins method is more reliable since it wont depend on this, which I just realized can break.

View solution in original post

15 REPLIES 15

chriscollins
Valued Contributor

I can't address why that is showing as no but my recommendation is to build your smart group around the criteria "Enrollment Method = PreStage enrollment: <name of prestage enrollment>" instead of using that Enrolled via DEP criteria. It will always be accurate. We set our smart group with that as the criteria and enrolled within the last day.

Also I just checked and I am pretty sure jamf gets that status of Enrolled via DEP from the profiles command.

sudo profiles status -type enrollment

I just checked and on a lot of machines that were enrolled via DEP its saying NO even though it was so the underlying profiles command might be giving back bad info.

jsantiago
New Contributor II

Thanks @chriscollins !
That would solve my issue. Cheers

jsantiago
New Contributor II

I believe I found the solution to the "Enrolled via DEP: No" issue.
In this case I was getting the following error: Command requires DEP enrollment: UserList <MDMClientError:74>
So I triggered DEP on an already configuered mac by running the following:

For lower than 10.13.4: sudo /usr/libexec/mdmclient dep nag

For 10.13.4 and higher: sudo profiles renew -type enrollment

This cleared all the profiles and re-registered it.
Now JAMF see "Enrolled via DEP:" as YES.

Still @chriscollins method is more reliable since it wont depend on this, which I just realized can break.

ben_hertenstein
Release Candidate Programs Tester

A similar issue has been bugging me all day while preparing computers for incoming students. Thanks @chriscollins and @jsantiago

carrie
New Contributor

sudo profiles renew -type enrollment
sudo profiles status -type enrollment

Enrolled via DEP: No

still not working and ...

Enrollment Method: User-initiated - no invitation
I enrolled via the https://<jamfserver>/enroll

a_holley
Contributor

@jsantiago that worked for me, thanks! Just a note, I had to approve the MDM profile again which was ok because the machine was on my testing bench, but it won't work for our 600+ remote computers...

mhegge
Contributor III

Brand new Mojave iMacs (2, three more to go but am holding off...) - JAMF pro 10.12

Same issue: UserList <MDMClientError:74>

Enrolled via DEP: No

Devices are enrolled, have received all of their Policies and Config Profiles

All methods used above have had zero affect

tjgriffin
New Contributor III

I’m getting the same.
I run the profiles command and see no change in the JSS.

I’ve also removed the keychain.aspd file like some other discussions suggest.

Any help would be great.

mhegge
Contributor III

This is not resolved. Please update.

arnokenis
New Contributor III

I am starting to see this too, I have 60 computers with this issue and counting. Seeing it's been going on since 2018 I don't think this is ever solved?

hung_cheng
New Contributor

Same problem..

I also tried the below commands and it still doesn't work when I run the sudo jamf recon.

sudo profiles renew -type enrollment
sudo profiles status -type enrollment

Enrolled via DEP: No

still not working and ...

Enrollment Method: User-initiated - no invitation
I enrolled via the https://<jamfserver>/enroll

Any idea or update on this?

hcodfrie
Contributor

Are you admin on that machine?

hung_cheng
New Contributor

Yes. I have the admin account under the laptop.

Cyberbof
New Contributor II

Same error on Mac OS 10.14 or 13, please correct this. Server under Ubuntu 20.04

dlevendo
New Contributor III

In my experience with this issue, you need to be logged into the machine with an Admin account to run the "sudo profiles renew -type enrollment" command.  If you aren't logged in as Admin, the notification to update profiles doesn't show.