- Jamf Nation Community
- Products
- Jamf Pro
- Re: Enrollment Issues - DEP
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Enrollment Issues - DEP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2023 10:03 AM
We are seeing a chronic issue where new and re-enrolling DEP devices, right after MDM enrollment screen, screen goes black or reboots, completely skipping account creation, etc. Boots to login window and blank username and password .
This has been a HUGE issue as we drop ship laptops to users to set up their local accounts, then receive their software for their first day, or when they have had their previous computer replaced.
One of two things happen in the JAMF device recpord
1. Partial record showing DEP - serialnumber. Device is not managed
2. Full device record with what looks like all the info, but device is not communicating
We end up, in most situations, walk user through Recovery. Basically wiping and reinstalling macOS. Sometimes, the proceeding setup is successful, but have had times where it happens again.
JAMF support has not been hugely helpful.The saw our activation could was expired, we updated but are still seeing the issue, even after the 10.48.1 update (JAMF Pro). We are hosted.
They are asking us now to renew the Automated Enrollment token, but we had done this recently so are asking for an explanation or case reasons for suggesting.
Basically, Auto Device enrollment is very unreliable and problematic currently
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2023 10:31 AM
This sounds familiar, although maybe not identical. See the links below. If so, there is a Jamf known product issue: PI111120
https://community.jamf.com/t5/jamf-pro/computer-skipping-user-creation-setup/m-p/293841#M260867
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2023 11:00 AM
What @pbenware1 said. I have been affected by this and resolved by 1) not double-creating my management account (was configured both in UIE and each PreStage), and 2) Un-checking "Location Services" in the "Setup Assistant Options" section of my PreStages (e.g. not skipping that step).
I haven't seen an issue whereby a device completely stopped checking in, however.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2023 02:32 PM
Not clear about your #1 comment. Location services are important to use as we are a remote company. Our Prestage has remained unchanged at least for the past 2 years.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2023 02:38 PM
We have it unchecked 🤔
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2023 02:28 PM
We have seen this also & have been able to fix it by either doing what @jtrant said, or removing the Mac from the scope in the prestage, setting the Mac up, adding it back to the scope, then running:
sudo profiles renew -type enrollment Not ideal though.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2023 02:31 PM
We are a remote company. User cannot access the computer as there is no local account and we will NOT give them the management account credentials. I am aware of manually enrolling as a possible workaround. looking for a solution primarily.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2023 02:29 PM
This has been occurring in Monterey and Ventura. JAMF has NOT identified any PIs to us.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2023 02:37 PM
We do not have Location services checked. There is True Tone checked, but looks like it is marked deprecated.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2023 02:42 PM
Our current prestage settings that have been unchanged for a long time:
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-10-2023 08:28 AM
Curious where you're at with this as I have just started to experience this issue in a way. I am hanging right before account creation and can't proceed. I'm going to start not skipping any screens and I don't create an account in UIE (disabled/deselected)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-28-2023 06:04 AM
we had the same issue, nothing changed on our pre-stage and after the 10.48.1 update, our silicon macs started filing to complete enrollment. jamf support also not helpful... what someone else in this thread mentioned worked for me, we are creating a management account in the prestage and we also had it checked to create the management account in user initiated enrollment. for whatever reason upon enrollment, the management account that was being created appeared to be coming from the UIE setting - even though we are enrolling through ADE. unchecking the "create management account" in UIE fixed the issue for us.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-21-2023 02:56 AM
Hello,
My feedback will be regarding this part:
"We are seeing a chronic issue where new and re-enrolling DEP devices, right after MDM enrollment screen, screen goes black or reboots, completely skipping account creation, etc. Boots to login window and blank username and password"
Not sure if this would help but while ago we saw the same behaviour. Cannot really pinpoint what change caused us to have this issue, but I beleive it could be due to lessening of restrictions for the deployment environment. To make it work we actually figured that we do not need to do almost anything, because if we did it would crash after MDM enrolment screen. The enrolment process for us looks like this now: Install OS > Connect it to Internet > wait, since it will automatically go through setup assistant without us needed to click on anything. If we do any steps manually in setup assistant it will fail and reboot after MDM enrolment screen. The important checkmark for us was the fact that we had the following setting enabled: "Automatically advance through Setup Assistant (macOS 11 or later only)". Beleive the setting was not properly utilised in past due to network restrictions as well as we only recently got bigger fleet of AppleSilicon devices.
Also would recommend making sure management accounts in PreStage and UIE have different names.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-01-2023 10:23 AM
So... I spoke to tier 3 support today about this issue. Jamf is aware of it and it has a PI associated PI11211.
First, create a smart group with no criteria. This should result in the smart group encompassing all devices.
Second, we'll need to change the scoping of all your configuration profiles set to "All computers". So we'll switch from using "All Computers" on your configuration profiles to "Specific computers". Once that is switched, target the new smart group that we created, and choose to deploy to newly assigned devices only. This ensures that computers with the profiles are unaffected by our scoping changes. The core issue stems Jamf sending the profiles to the device before the inventory completes and by switching scoping to a smart group, it forces Jamf to wait for inventory to complete before profile deployment.
