Enrollment failed - "different server url"

abnaau
New Contributor III

Have a Mac that's lost contact with Jamf...

Trying to update the MDM profile with "sudo profiles renew -type enrollment" but end up with a "different server URL" error.  (I guess the prestage changed)

sudo jamf removemdmprofile didn't work - maybe because the machine has Ventura?

When I ran jamf policy I got "device signature error"

After running jamf removeframework the "bad" MDM profile persists. ... 

 

Is the only solution to wipe the device or have I missed something?

2 ACCEPTED SOLUTIONS

abnaau
New Contributor III

Got word from Jamf it's a product issue. 

PI110564" Running 'sudo profiles renew -type enrollment' fails to renew MDM profile and throws the 'Enrolling with management server failed' error." as a result The Mac prompts to update management configuration, end user accepts, and Mac thows the error: "Enrolling with management server failed. Update to MDM profile contains different server URL." There is no workaround to renew an existing MDM profile other than to send an Unenroll Device command and re-enroll via Terminal. Macs impacted by this issue (with non-removable MDM profiles installed) will need to erase to trigger re-enrollment into Jamf Now to re-establish MDM communication. End users can always take a Time Machine backup prior if they want to avoid data loss.

View solution in original post

khurram
Contributor III

1) sudo jamf removeMDMProfile (it won't uninstall the profile from computer but it is done in JAMF)

2)sudo jamf enroll -prompt

 

This fixed the issue.

View solution in original post

5 REPLIES 5

JustDeWon
Contributor III

Sounds like the device is apart of ABM, and the Pre-Stage enrollment policy is configured to not allow MDM removal. 

 

I would start there

abnaau
New Contributor III

Not sure what you mean about "there". The issue is device is "unmanaged" and the MDM profile won't resync or update. There's no "there" to start - as changing the prestage wouldn't have effect until the problem is solved anyway. 

I see no way other than wiping the device at this point?

"There" meaning identifying if that is indeed the Pre-Stage policy that's not allowing the removal of MDM.. To avoid re-image, you could boot into recovery, disable sip, then rebooting and removing the profile via terminal. Re-enable sip, then re-enroll the device since you removed the framework. Running any jamf commands won't work since you removed the framework.

abnaau
New Contributor III

Got word from Jamf it's a product issue. 

PI110564" Running 'sudo profiles renew -type enrollment' fails to renew MDM profile and throws the 'Enrolling with management server failed' error." as a result The Mac prompts to update management configuration, end user accepts, and Mac thows the error: "Enrolling with management server failed. Update to MDM profile contains different server URL." There is no workaround to renew an existing MDM profile other than to send an Unenroll Device command and re-enroll via Terminal. Macs impacted by this issue (with non-removable MDM profiles installed) will need to erase to trigger re-enrollment into Jamf Now to re-establish MDM communication. End users can always take a Time Machine backup prior if they want to avoid data loss.

khurram
Contributor III

1) sudo jamf removeMDMProfile (it won't uninstall the profile from computer but it is done in JAMF)

2)sudo jamf enroll -prompt

 

This fixed the issue.