Jamf Nation Community

jsantiago · ‎07-17-2018

I am testing no-touch app installs and configuration with DEP Mac devices in JAMF.
I have a DEP Mac that I registered with JAMF and initially the device info did note that YES it was enrolled via DEP. After testing many settings I wiped the MAC and deleted the entry in JAMF so it can be configured as a new machine. However, thereafter, in the JAMF computer info, the info states that NO it was not enrolled via DEP. The thing is I have a smart group to add devices enrolled via DEP so now this workstation cant be added and the policies i have created that are tied to the smart group do not apply to this machine.
What is the trick to get JAMF to recognize that this mac was enrolled via DEP?
I also have one error come up: Command requires DEP enrollment: UserList <MDMClientError:74>
Thanks!

chriscollins · ‎07-17-2018

I can't address why that is showing as no but my recommendation is to build your smart group around the criteria "Enrollment Method = PreStage enrollment: <name of prestage enrollment>" instead of using that Enrolled via DEP criteria. It will always be accurate. We set our smart group with that as the criteria and enrolled within the last day.

Also I just checked and I am pretty sure jamf gets that status of Enrolled via DEP from the profiles command.

sudo profiles status -type enrollment

I just checked and on a lot of machines that were enrolled via DEP its saying NO even though it was so the underlying profiles command might be giving back bad info.

View solution in original post

jsantiago · ‎07-17-2018

I believe I found the solution to the "Enrolled via DEP: No" issue.
In this case I was getting the following error: Command requires DEP enrollment: UserList <MDMClientError:74>
So I triggered DEP on an already configuered mac by running the following:

For lower than 10.13.4: sudo /usr/libexec/mdmclient dep nag

For 10.13.4 and higher: sudo profiles renew -type enrollment

This cleared all the profiles and re-registered it.
Now JAMF see "Enrolled via DEP:" as YES.

Still @chriscollins method is more reliable since it wont depend on this, which I just realized can break.

View solution in original post

chriscollins · ‎07-17-2018

I can't address why that is showing as no but my recommendation is to build your smart group around the criteria "Enrollment Method = PreStage enrollment: <name of prestage enrollment>" instead of using that Enrolled via DEP criteria. It will always be accurate. We set our smart group with that as the criteria and enrolled within the last day.

Also I just checked and I am pretty sure jamf gets that status of Enrolled via DEP from the profiles command.

sudo profiles status -type enrollment

I just checked and on a lot of machines that were enrolled via DEP its saying NO even though it was so the underlying profiles command might be giving back bad info.

jsantiago · ‎07-17-2018

Thanks @chriscollins !
That would solve my issue. Cheers

jsantiago · ‎07-17-2018

I believe I found the solution to the "Enrolled via DEP: No" issue.
In this case I was getting the following error: Command requires DEP enrollment: UserList <MDMClientError:74>
So I triggered DEP on an already configuered mac by running the following:

For lower than 10.13.4: sudo /usr/libexec/mdmclient dep nag

For 10.13.4 and higher: sudo profiles renew -type enrollment

This cleared all the profiles and re-registered it.
Now JAMF see "Enrolled via DEP:" as YES.

Still @chriscollins method is more reliable since it wont depend on this, which I just realized can break.

ben_hertenstein · ‎07-25-2018

A similar issue has been bugging me all day while preparing computers for incoming students. Thanks @chriscollins and @jsantiago

carrie · ‎10-11-2018

sudo profiles renew -type enrollment
sudo profiles status -type enrollment

Enrolled via DEP: No

still not working and ...

Enrollment Method: User-initiated - no invitation
I enrolled via the https://<jamfserver>/enroll

a_holley · ‎07-24-2019

@jsantiago that worked for me, thanks! Just a note, I had to approve the MDM profile again which was ok because the machine was on my testing bench, but it won't work for our 600+ remote computers...

mhegge · ‎12-12-2019

Brand new Mojave iMacs (2, three more to go but am holding off...) - JAMF pro 10.12

Same issue: UserList <MDMClientError:74>

Enrolled via DEP: No

Devices are enrolled, have received all of their Policies and Config Profiles

All methods used above have had zero affect

tjgriffin · ‎12-13-2019

I’m getting the same.
I run the profiles command and see no change in the JSS.

I’ve also removed the keychain.aspd file like some other discussions suggest.

Any help would be great.

mhegge · ‎01-03-2020

This is not resolved. Please update.

arnokenis · ‎05-20-2020

I am starting to see this too, I have 60 computers with this issue and counting. Seeing it's been going on since 2018 I don't think this is ever solved?

hung_cheng · ‎09-07-2020

Same problem..

I also tried the below commands and it still doesn't work when I run the sudo jamf recon.

sudo profiles renew -type enrollment
sudo profiles status -type enrollment

Enrolled via DEP: No

still not working and ...

Enrollment Method: User-initiated - no invitation
I enrolled via the https://<jamfserver>/enroll

Any idea or update on this?

hcodfrie · ‎09-07-2020

Are you admin on that machine?

hung_cheng · ‎09-07-2020

Yes. I have the admin account under the laptop.

Jamf Nation Community

Enrolled via DEP: No (?? - YES!)