Enrolling OSX virtual machine into JSS - Issues

wstewart3
New Contributor III

On my Macbook pro, I have made an OSX VM using Vmware Fusion. Initially I was getting an odd failure message and did some digging.

I followed this article:
https://travellingtechguy.eu/vmware-dep/

The odd failure has now gone away, but I am receiving another error. I am getting a error that says:

Could not authenticate to the MDM server. The credentials within the enrollment profile may have expired.

Other macs enroll without issue. Seems to be something to do with using a VM. I would love to have a VM enrolled so that I can do deployment tests and revert back using snapshots instead of having to wipe/reinstall/timemachine back a physical machine.

Does anyone have any suggestions?

18 REPLIES 18

rderewianko
Valued Contributor II

Hello!
Are you passing through hardware that actually exists in the macOS?
I had that problem when I wasn't passing a proper hardware type

wstewart3
New Contributor III

Thanks @rderewianko for the reply!

To clarify, are you using USB or PCI passthrough here? I am not doing any passthrough of any hardware, this is a pretty vanilla VM. Used the default config except I bumped up the memory a bit.

hendersong
New Contributor III

I setup VMWare Fusion using the same link you did. Had an issue with getting a 10.15 VM reaching DEP process when the Host machine was 10.14.x. Updated Host machine to 10.15 and then was able to setup the VM from the steps going to DEP. Also have to make sure to fully shutdown the VM after OS is installed and before going through the setup assistant.

atomczynski
Contributor III

I'm attempting this too.

The host is 13-inch, 2019, Four Thunderbolt 3 ports running 10.15.1

When I modify the VMX file I enter in a serial of a physically broken device that's in our DEP.
I have entered the model of that Mac. Are you suggesting I enter in the model of the host machine?

I'm stuck at the screen where I select the network adapter in setup assistant. Wi-Fi is grayed out and when I select ethernet/DHCP the VM acts as if it does not have a network connection.
I thought that it could be my (network) environment so I build another VM without any mods and attempted to fire it up while at home. Same result (no DHCP).

gabester
Contributor III

Just a note... I had thought I could simply insert the serial number and info into the VMX file after building the Mac Guest VM... but I encountered the error above when attempting MDM enrollment. (I am not in a DEP scenario for this VM.) If I added the serial number info PRIOR to building the Mac Guest VM then MDM enrollment did indeed succeed. I used a bogus serial number in this case, which I'm sure would be problematic for DEP... and that serial number simply took the trailing digit and iterated it by 1.

wstewart3
New Contributor III

Yep that was it. Had to do everything prior to the VM being ran. After that I am now running an enrolled OSX VM on my MBP! This should expedite testing significantly.

cainehorr
Contributor III

Has anybody had any success with this workflow for macOS Catalina 10.15.4+?

adamberns
New Contributor III

@cainehorr I've ran into the same issue as well, have had no luck figuring it out with 10.15.4. I have a write up here of what I have done so far. https://github.com/youseeadam/Install-Catilina-in-VMWare-Fusion Have you had any luck?

shaquir
Contributor III

Hi @adamberns ,
If I recall correctly, the text file (VMX) is extremely case sensitive. I believe I also got an error like your double quote ""FALSE"".

I would recommend not copying and pasting lines from an online guide. Instead, try duplicating a line of the code (try something that contains "FALSE" ) and then manually changing in the data type name. If you see the double quotes again, try a program like BBedit for the VMX file.

adamberns
New Contributor III

@shaquir Yeah, figured that one out last night...

adamberns
New Contributor III

So I ran through the exact same steps I have written on my GitHub, but instead used Mojave, had no issues enrolling. So I hope if I upgrade to 10.15.4, I should still be set.

afarnsworth
Contributor

I am using VMware Fusion and have been able to successfully get the machine to DEP by changing the .vxm file to have the following lines:

serialNumber = "serial_of_valid_mac_in_dep"
hw.model = "MacBookPro15,1"

Maybe try just those two lines instead of what your article referenced?

wstewart3
New Contributor III

Yeah, this is all working...

The issue I ran into was I was trying to edit the VMX file AFTER loading OSX onto it.

You MUST (read MUST twice) add the model and serial numbers prior to booting OSX. Once OSX boots, it seems to store this information elsewhere.

KstephensCDW
New Contributor

Hi, Guys, I am having the issue as the OP, but I am running VMware workstation I have edited the VMX file with hardware models and serial numbers before booting, and this show in the About Mac but I still get:

Could not authenticate to the MDM server. The credentials within the enrollment profile may have expired.
VM extra lines below:

hw.model = "MacBookPro16,3"
serialNumber = "weRTFcftGHbt"
Any ideas?

carlo_anselmi
Contributor III

@KstephensCDW
Following this guide still works perfectly for me with Mojave but – with the very same procedure and setup/changes to .vmx file (serial number and model), DEP does not pickup the machine with latest Catalina 10.15.6. and VMWare Fusion 11.5.6 (16696540)

matthealey
New Contributor II

I'm having the same problem, even with non-DEP devices. I can't enrol a VM using Catalina 10.15.6 and Vmware Fusion 11.5.6. I've followed the guides to the letter... the serial number and model number are showing up in About this Mac correctly. The specific error I'm getting is;

Profile Installation Failed
Could not authenticate to the MDM server. The credentials within the enrollment profile may have expired. Try downloading a new enrolment profile.

In the console, I get this error;

Error Domain=MDMResponseStatus Code=401 "(null)" UserInfo={MDM_Request=CheckIn_Authenticate})

matthealey
New Contributor II

After a bit of troubleshooting, I have managed to get it to work. The key it seems is to remove any trace of the machine from JAMF prior to enrolling. For some reason the device had made an appearance as a device as well as a computer. Not sure how that happened, but once it was removed, I was able to enrol quite happily. Just to clarify, this is a Non-DEP machine we are talking about.

oklair
New Contributor II

@matthealey: This finally solved my problem! I wasted hours trying to figure out what was going on! I never thought the VM could be on the... Device inventory! Removing the VM from the 'Computer' AND 'Device' inventory, and then reenrolling the VM did the trick. Thank you!