Posted on 04-30-2018 03:29 PM
I have been testing Jamf Pro policies using Mac VMs for about 2 years. This has worked really well for me. The only policies that I cannot test using a VM are polices that require the use of a physical Mac, such as deploying FileVault via Self Service. When I bought my first Intel Mac in 2006, I bought Parallels Desktop. Since then, I have upgraded to every new version of Parallels. I have worked with VMware, and I think it’s a great product. If it existed at the time, I just didn’t know about it back in 2006. I thought about moving to VMware a few years ago, but I never had the incentive to do it. When Jamf Pro 10.3 was released, I could no longer enroll a Mac VM running macOS High Sierra. Doing so would either result in a “Profile installation failed” error, or if I used a quick-add package, the installation would fail. We now need a Mac VM that has a valid model ID, and we should have a serial number for the VM. This is why enrollment fails. Jamf Support sent me this article on how to create a VM for Jamf Pro policy testing.
http://www.modtitan.com/2018/03/tip-for-testing-new-jamf-pro-103.html
From what I understood from this article, I needed VMware to get this to work. Since I did not want to invest in two new VMware licenses (one for my MacBook Pro, and another for my iMac), I did some searching to find out if it’s possible to change the serial number and model ID of a Parallels Mac VM.
The Parallels knowledge base has this article for changing the serial number:
https://kb.parallels.com/123455
And this article for changing the model ID:
https://kb.parallels.com/en/123594
To make the necessary changes, we need to right-click the VM from the list, and select Configure. Next, we go to Hardware - Boot Order, and then open Advanced Settings. In the Boot flags field, we enter the text strings that define the serial number of the VM, and the model. Close the configuration window when finished. Boot up the VM, and check System Profiler to make sure that the new serial number and model are there.
I took the serial number of the host Mac, and changed one digit to create a new serial number, and I entered that into the text string. I then copied the model ID of the host Mac into the next text string. After making these changes, I booted up the VM, and saw my changes when I launched System Profiler.
I was then able to enroll my macOS High Sierra VMs into Jamf Pro using the enrollment URL after following this process.
I’m not sure how many people here use Parallels instead of VMware, but I hope this helps anyone facing the same dilemma I was. This requires Parallels Desktop Pro or Parallels Desktop Business.
Posted on 05-01-2018 02:45 PM
Did you have to make all these changes prior to 1st boot?
Answered my own question: No - you don't. But you do have to do both the model ID and serial number change.
Posted on 05-01-2018 03:31 PM
While you’re building up the VM it’s not necessary to change the serial or model. We just need to do this before we enroll the VM into Jamf Pro.
Posted on 05-22-2018 05:43 AM
Hi,
followed the guide (added the device id and serial number flags) but the VM still boots up with the host's data (both s/n and Mac model).
Any idea @howie_isaacks ?
Thank you
Posted on 05-22-2018 03:03 PM
@jacopo.pulici Can you post a screenshot of what you added into the boot flags?
Posted on 08-09-2018 09:35 AM
Does anyone have this working with newer versions of Jamf Pro and macOS, such as JP10.5 and 10.13.6?
Thanks!
Scott
Posted on 08-09-2018 12:16 PM
Thanks for your thoughts and efforts here, Scott. Fwiw, I've been unable to get a Parallels 13 Pro High Sierra 10.13.6 VM enrolled in MDM, and we're using a v10.6.0 JSS from JamfCloud. This is even when using using serial number, hardware identifier, and MAC address from a real and unenrolled MacBook.
The error from jamf mdm and enrollment invitations is "MDMResponseStatus error 500". Would second being glad to hear if anyone else has had success with this configuration.
Very best!
j
Posted on 08-20-2018 02:49 PM
I'm also running into this same issue (the 500 error) and can't find a way around it. I'll keep poking and update if I find anything.
Posted on 08-22-2018 11:07 AM
This has worked really well for me since I posted this thread. I'm not sure why this is a problem for some people, but I'm happy to help.
Posted on 08-23-2018 02:59 PM
Also get MDMResponseStatus:500 when trying to enroll a 10.13.1 Parallels VM in Jamf Pro 10.6
After reviewing some comments here found a couple shell records in mobile devices. Removed those and old computer record based on hardware UUID and was able to get the MDM profile (complete enrollment) installed on the VM.
Posted on 09-03-2018 11:54 AM
Again, I'm happy to help anyone who can't get this to work. I recently upgraded to Parallels 14. For some reason, my older VMs that were upgraded last last year stopped checking in and working with the JSS. I deleted them, and created new Mac VMs from scratch. Both of the new VMs worked using my instructions above.
Posted on 09-14-2018 09:01 AM
This worked for me as well. The first enrollment I attempted (prior to these instructions), created a mobile device with the UUID of the VM instead of a computer record. After I followed these instructions, and deleted the created mobile device, I was able to install the MDM profile/enroll the device.
Thanks!
Posted on 10-04-2018 03:08 PM
I have to use VMWare Fusion for this. Can anyone assist?
Posted on 10-04-2018 05:09 PM
Posted on 11-06-2018 08:50 AM
Thanks! this did the trick
Posted on 11-14-2018 12:00 PM
The error from jamf mdm and enrollment invitations is "MDMResponseStatus error 500". Would second being glad to hear if anyone else has had success with this configuration.
I had this problem too even after setting the device id and serial number in parallels.
I found the issue though. Look in your mobile device list for [No Name] record and delete that record. Once you do so you will be able to enroll the device.
Posted on 11-20-2018 06:19 AM
Has anyone been successful in getting this to work in Parallels 13? I've tried all the above with no avail. And unfortunately our company only uses Parallels. Thoughts?
Posted on 04-04-2019 02:17 PM
@TexasITAdmin Thanks dude, this was the fix for me.
'I found the issue though. Look in your mobile device list for [No Name] record and delete that record. Once you do so you will be able to enroll the device.'
Posted on 04-04-2019 03:21 PM
Just an FYI... This continues to work for me using Parallels 14. I recently recreated all of my Mac VMs, and I used the steps that I detailed in my original post to enroll the VMs into Jamf Pro.
Posted on 05-13-2019 06:49 AM
Yes this still works.
Add this in the bios settings:
I think the quotes is key to getting this to work.
devices.smbios.serial="Your-Serial#-Here" devices.mac_hw_model="Your-Mac-Model-ID-Here"
Example:
devices.smbios.serial="C01VG0EFHSDP" devices.mac_hw_model="MacBookPro14,3"
Posted on 06-07-2019 05:28 AM
I love you guys!
I came here for the obvious reason. Yet after applying the Boot Flags fix I still wasn't able to enroll.
I admin 7 JSSs, so I tried enrolling in other JSSs. I was able to enroll successfully in 5 of the JSSs. So I had a closer look at the 2 JSSs that weren't cooperating.
Lo and behold there were stray mobile device records sharing the UUID of the VMs. Curiously these mobile device records were not visible by just browsing mobile device records, rather I had to do a search for mobile devices based on UUID for them to appear.
Posted on 06-07-2019 06:28 AM
Great post. Just curious. I didn't think, per Apple's EULA, you were allowed to use MacOS in a VM environment? I believe they lifted that VM ruling for much older Mac Operating systems (going back to like Snow Leopard/Lion now). personal use aside, I know that is a deal breaker in our corporate environment.
Let me know if the VM item has changed from Apple? Links if you have any.
Thanks
Posted on 06-07-2019 06:32 AM
Last I knew VMs are allowed only on non-production builds intended for testing. And are allowed to be run only on Apple hardware.
Posted on 06-07-2019 06:36 AM
https://www.apple.com/legal/sla/
(iii) to install, use and run up to two (2) additional copies or instances of the Apple Software within virtual operating system environments on each Mac Computer you own or control that is already running the Apple Software, for purposes of: (a) software development; (b) testing during software development; (c) using macOS Server; or (d) personal, non-commercial use.
Posted on 06-07-2019 07:14 AM
I don't see a problem with running Mac VMs on a Mac. Doing this has helped me better serve Apple's customers. Since I can virtualize, I don't have to have a lot of hardware just for testing and package creation.
Posted on 07-16-2019 08:23 AM
Curious. I'm getting the MDMResponseStatus 500 error.
I've removed the machine, based on the UUID, from my Jamf server.
My boot flags are...
devices.smbios.serial=C00A00A0AAA0
devices.mac_hw_model="MacBookPro15,1"
I'm running macOS 10.14.5 and Parallels Desktop for Business 14.1.3.
Anyone have luck with that version combo? Any suggestions?
Posted on 07-16-2019 08:26 AM
@cwaldrip Make sure it didn't create a fake device record in Jamf. Sometimes it will do this and you have to remove the record under Mobile Drives or Unmanaged Macs.
Posted on 07-16-2019 08:30 AM
Posted on 07-16-2019 09:43 AM
@kericson Well, damn. It didn't even occur to me to look under Mobile Devices, even with it being mentioned previously. 🤦🏼♂️ We don't manage mobile devices so that's a dusty corner of the server for me.
Found, removed, and it works now. 😁
Posted on 12-09-2019 03:31 PM
For anyone who came to their senses and dropped crappy Parallels for more enterprise capable VMware Fusion...
Script to "sysprep" a VMware Fusion virtual machine
Posted on 12-29-2019 09:40 PM
All this got rather hard to follow, so I thought I'd add a summary (which I've just tested successfully with Parallels 15 Pro, Catalina, and Jamf Pro 10.17.1).
A. You need to set 2 Boot Flags for the VM in Parallels > (target VM) > Settings > Hardware > Boot Order > Advanced Settings:
1. The VM's Serial Number. By default, it will be the same as your host machine's serial (or that of the VM you might have cloned to get your current one). So for each new VM you want to enrol, you need a new serial number. Incrementing the last digit seems to be a reasonable approach; eg:
devices.smbios.serial=C02VW1NQHTD1
(the quotes don't seem to make a difference)
Here's a screenshot of my working VM's settings:
B. If you're reading this, you've probably tried to install MDM and failed already, one or more times (like I did), probably because you didn't have the Boot Flags sorted first.
The result of that is that in Jamf Pro, you will have one or more dodgy items in your Inventory, which you need to delete first.
Go look in:
1. Computers > Search Inventory (all): most likely it will have a Name = {serial number of your host machine}.
2. Devices > Search Inventory (all): it will probably just be called "Mobile Device".
You must delete any of these dodgy zombie machines before you can successfully install MDM on the VM. Possibly, before you can install MDM on any new machine, although I have not confirmed that.
Posted on 02-12-2020 05:56 AM
Thank you @pivotwealth! Finding all the necessary info in one place and explained worked like a charm. One extra tidbit to know, is that if you plan on reverting to snapshots constantly while conducting your testing, you'll want to take a snapshot AFTER you make the necessary serial number and hardware changes or else reverting will lose those changes and you'll have to start over again with removing all of the zombie entries (don't ask me how I learned this, it was a D'oh! moment).
Posted on 06-15-2020 05:17 AM
Parallels 15.1.4 and Catalina 10.15.5.
The boot flags work without quotes, and with made up values:
devices.mac_hw_model=MacVM
devices.smbios.serial=ReeseVM0001
As reported from JAMF Pro:
Model: MacVM
Model Identifier:MacVM
Serial Number:ReeseVM0001
It took me a few rounds to determine that quotes around the values were causing problems. Once I took off the quotes it worked.
Posted on 02-03-2021 12:53 PM
I was able to use the boot flags technique (Using quotes around the serial number and model number) to modify a Mac OS 10.13 VM today. I had to upgrade to Parallels Pro Desktop for Mac (doesn't work in the standard edition) to get to change the serial number. However, Jamf Pro thinks the Mac VM is an iOS device! Does anyone know how to get Jamf to recognize my Mac VM as Mac and not an iPhone?
Posted on 02-04-2021 03:11 PM
Sadly, I ran into major issues with my Mac VMs running in Parallels after I upgraded to macOS Big Sur. Parallels support could never find the cause. So I was faced with not being able to get work done, so I switched to VMware Fusion. The interface for VMware isn't as easy to use as Parallels, but it still works really well, and in some ways is more robust. Maybe I will go back to Parallels someday.
Posted on 02-04-2021 08:18 PM
@us47700868309 What do you have set for the devices.mac_hw_model? I believe it needs to reflect a real hardware model. For example: devices.mac_hw_model="MacBookPro15,1". You probably need to delete the device from Jamf and re-enroll after too.
@howie_isaacks Are you using the Parallels Desktop version 1.6.1 from the App Store, or did you download the latest version 16.1.3 from the Parallels website? I was running into a similar issue for my Catalina VM, and I think running version 16.1.3 from the Parallels website fixed my issue. My host OS is on BigSur. Using boot flags worked correctly for my BigSur VM but not for my Catalina VM until I switched to v16.1.3.
Posted on 02-08-2021 12:34 PM
I was using the standard edition of Parallels 16, which could not create VMs that worked with Jamf. I upgraded to Parallels Pro v16.1.3.
But that was not all: I had to recreate the VMs with the Pro edition. I now have a Catalina VM and a Mojave VM enrolled in Jamf Pro. For the hw model I just use the same model as my host computer, and change the last digit of the serial number so each device in Jamf has a different serial number.
I had trouble gettin a High Sierra VM to enroll in Jamf until I discovered that there were 2 bogus iOS devices (that had Parallels info in their profiles) that were on Jamf Pro. After deleting those artifacts I was able to enroll the High Sierra VM properly.
Posted on 06-08-2022 09:57 AM
Just an FYI to anyone who may still be following this thread... I just went back to using Parallels after having to use VMware Fusion for just over a year. This is still working as of Parallels 17. According to the Parallels support article I referenced above, this works only with the Business and Pro editions of Parallels.
06-08-2022 09:02 PM - edited 06-08-2022 09:04 PM
If you're using an Apple Silicon machine there are some caveats to be aware of. You can't run older OS versions that that installed on the host machine (at least nothing that won't run on the machine natively like Mojave). And by default at the moment (17.1.2) you get a default disk image size that's not resizable and most of the hardware settings aren't changeable. There is a way to create a VM of whatever size you'd like...
1. Open Terminal (Applications > Utilities > Terminal) and execute the following command:
/Applications/Parallels\ Desktop.app/Contents/MacOS/prl_macvm_create --getipswurl
2. A URL will be generated. Download ipsw file available at the link.
3. Once downloaded, execute the following command:
/Applications/Parallels\ Desktop.app/Contents/MacOS/prl_macvm_create <path_to_ipsw> <path_to_macVM> --disksize <bytes>
e.g.
/Applications/Parallels\ Desktop.app/Contents/MacOS/prl_macvm_create ~/Downloads/UniversalMac_12.0_21A5294g_Restore.ipsw ~/Parallels/macOS.macvm --disksize 80000000000
4. As a result, “macOS.macvm” will be created in the defined folder (in case of the example above -- with a disk size of 80GB).
5. Register the virtual machine by opening Parallels Desktop and clicking File > Open and selecting the generated macVM file.
Posted on 06-10-2022 07:15 AM
Thanks for the helpful info! For the most part, I have mainly used Parallels and VMware only for running macOS VMs and sometimes Linux.