Help

Enrollment failed - "different server url"

Go to solution
abnaau
New Contributor III

Posted on ‎11-11-2022 04:36 AM

Have a Mac that's lost contact with Jamf...

Trying to update the MDM profile with "sudo profiles renew -type enrollment" but end up with a "different server URL" error.  (I guess the prestage changed)

sudo jamf removemdmprofile didn't work - maybe because the machine has Ventura?

When I ran jamf policy I got "device signature error"

After running jamf removeframework the "bad" MDM profile persists. ... 

 

Is the only solution to wipe the device or have I missed something?

0 Kudos
Reply
2 ACCEPTED SOLUTIONS

Go to solution
abnaau
New Contributor III

Posted on ‎11-23-2022 02:58 AM

Got word from Jamf it's a product issue. 

PI110564" Running 'sudo profiles renew -type enrollment' fails to renew MDM profile and throws the 'Enrolling with management server failed' error." as a result The Mac prompts to update management configuration, end user accepts, and Mac thows the error: "Enrolling with management server failed. Update to MDM profile contains different server URL." There is no workaround to renew an existing MDM profile other than to send an Unenroll Device command and re-enroll via Terminal. Macs impacted by this issue (with non-removable MDM profiles installed) will need to erase to trigger re-enrollment into Jamf Now to re-establish MDM communication. End users can always take a Time Machine backup prior if they want to avoid data loss.

View solution in original post

Reply

Go to solution
khurram
Contributor III
In response to abnaau

Posted on ‎06-22-2023 07:07 PM

1) sudo jamf removeMDMProfile (it won't uninstall the profile from computer but it is done in JAMF)

2)sudo jamf enroll -prompt

 

This fixed the issue.

View solution in original post

0 Kudos
Reply
6 REPLIES 6

Go to solution
JustDeWon
Contributor III

Posted on ‎11-11-2022 11:02 AM

Sounds like the device is apart of ABM, and the Pre-Stage enrollment policy is configured to not allow MDM removal. 

 

I would start there

0 Kudos
Reply

Go to solution
abnaau
New Contributor III
In response to JustDeWon

Posted on ‎11-11-2022 11:37 PM

Not sure what you mean about "there". The issue is device is "unmanaged" and the MDM profile won't resync or update. There's no "there" to start - as changing the prestage wouldn't have effect until the problem is solved anyway. 

I see no way other than wiping the device at this point?

0 Kudos
Reply

Go to solution
JustDeWon
Contributor III
In response to abnaau

‎11-13-2022 10:47 AM - edited ‎11-13-2022 10:51 AM

"There" meaning identifying if that is indeed the Pre-Stage policy that's not allowing the removal of MDM.. To avoid re-image, you could boot into recovery, disable sip, then rebooting and removing the profile via terminal. Re-enable sip, then re-enroll the device since you removed the framework. Running any jamf commands won't work since you removed the framework.

0 Kudos
Reply

Go to solution
abnaau
New Contributor III

Posted on ‎11-23-2022 02:58 AM

Got word from Jamf it's a product issue. 

PI110564" Running 'sudo profiles renew -type enrollment' fails to renew MDM profile and throws the 'Enrolling with management server failed' error." as a result The Mac prompts to update management configuration, end user accepts, and Mac thows the error: "Enrolling with management server failed. Update to MDM profile contains different server URL." There is no workaround to renew an existing MDM profile other than to send an Unenroll Device command and re-enroll via Terminal. Macs impacted by this issue (with non-removable MDM profiles installed) will need to erase to trigger re-enrollment into Jamf Now to re-establish MDM communication. End users can always take a Time Machine backup prior if they want to avoid data loss.

Reply

Go to solution
khurram
Contributor III
In response to abnaau

Posted on ‎06-22-2023 07:07 PM

1) sudo jamf removeMDMProfile (it won't uninstall the profile from computer but it is done in JAMF)

2)sudo jamf enroll -prompt

 

This fixed the issue.

0 Kudos
Reply

Go to solution
khurram
Contributor III

Posted on ‎06-27-2024 10:18 PM

If the management commands from JAMF are Failing/ Pending to apply on the Macbooks then it means the MDM profile on the Macbook has become Expired or Unverified. We have to now remove non-removable MDM profile from the Macbook.

 

 

How to delete the non-removable MDM profile and re-install fresh MDM profile ?

 

  • Follow the steps below to remove corrupted non-removable MDM profile where Jamf management commands failing or pending to apply the Macbook.

 

Here's how to remove a non-removable MDM profile

  1. Boot the Mac into Recovery Mode (hold down command+R during startup).
  2. Go to the Utilities menu and open Terminal and type: csrutil disable. This will disable SIP (System Integrity Protection).
  3. Reboot into the OS.
  4. Open the integrated terminal and type:

cd/var/db/ConfigurationProfiles
rm-rf *
mkdirSettings
touchSettings/.profilesAreInstalled

  1. Reboot.
  2. Boot the Mac into Recovery Mode (hold down command+R during startup).
  3. Go to the Utilities menu and open Terminal and type: csrutil enable. This will re-enable SIP.
  4. Reboot into the OS.

The profile will be now removed and you will be able to re-enroll the Mac to your MDM.

 

From <https://graffino.com/til/remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipe>

 

 

How to install fresh MDM profiles on Macbook ?

 

  • After MDM profiles are removed from Macbook, the JAMF framework is still installed and available for use, so run the following commands to re-install the MDM profile on Macboook

 

  • sudo jamf enroll -prompt
  • This command will require username/ password from a Jamf user who is authorised to add enroll Macbook in Jamf, most IT staff usually has this access
0 Kudos
Reply