How to enroll a Mac VM running macOS High Sierra hosted by Parallels Desktop Pro

howie_isaacks
Valued Contributor

I have been testing Jamf Pro policies using Mac VMs for about 2 years. This has worked really well for me. The only policies that I cannot test using a VM are polices that require the use of a physical Mac, such as deploying FileVault via Self Service. When I bought my first Intel Mac in 2006, I bought Parallels Desktop. Since then, I have upgraded to every new version of Parallels. I have worked with VMware, and I think it’s a great product. If it existed at the time, I just didn’t know about it back in 2006. I thought about moving to VMware a few years ago, but I never had the incentive to do it. When Jamf Pro 10.3 was released, I could no longer enroll a Mac VM running macOS High Sierra. Doing so would either result in a “Profile installation failed” error, or if I used a quick-add package, the installation would fail. We now need a Mac VM that has a valid model ID, and we should have a serial number for the VM. This is why enrollment fails. Jamf Support sent me this article on how to create a VM for Jamf Pro policy testing.

http://www.modtitan.com/2018/03/tip-for-testing-new-jamf-pro-103.html

From what I understood from this article, I needed VMware to get this to work. Since I did not want to invest in two new VMware licenses (one for my MacBook Pro, and another for my iMac), I did some searching to find out if it’s possible to change the serial number and model ID of a Parallels Mac VM.

The Parallels knowledge base has this article for changing the serial number:

https://kb.parallels.com/123455

And this article for changing the model ID:

https://kb.parallels.com/en/123594

To make the necessary changes, we need to right-click the VM from the list, and select Configure. Next, we go to Hardware - Boot Order, and then open Advanced Settings. In the Boot flags field, we enter the text strings that define the serial number of the VM, and the model. Close the configuration window when finished. Boot up the VM, and check System Profiler to make sure that the new serial number and model are there.

6eadb0a3c671480eb3e8d8c4b4c7e08b

I took the serial number of the host Mac, and changed one digit to create a new serial number, and I entered that into the text string. I then copied the model ID of the host Mac into the next text string. After making these changes, I booted up the VM, and saw my changes when I launched System Profiler.

I was then able to enroll my macOS High Sierra VMs into Jamf Pro using the enrollment URL after following this process.

d9fb06a4a91546ce89278396eb45c3c7

I’m not sure how many people here use Parallels instead of VMware, but I hope this helps anyone facing the same dilemma I was. This requires Parallels Desktop Pro or Parallels Desktop Business.

36 REPLIES 36

prbsparx
Contributor II

Did you have to make all these changes prior to 1st boot?

Answered my own question: No - you don't. But you do have to do both the model ID and serial number change.

howie_isaacks
Valued Contributor

While you’re building up the VM it’s not necessary to change the serial or model. We just need to do this before we enroll the VM into Jamf Pro.

jacopo_pulici
Contributor

Hi,
followed the guide (added the device id and serial number flags) but the VM still boots up with the host's data (both s/n and Mac model).
Any idea @howie_isaacks ?
Thank you

howie_isaacks
Valued Contributor

@jacopo.pulici Can you post a screenshot of what you added into the boot flags?

scottlep
Contributor

Does anyone have this working with newer versions of Jamf Pro and macOS, such as JP10.5 and 10.13.6?

Thanks!
Scott

Wagener
New Contributor

Thanks for your thoughts and efforts here, Scott. Fwiw, I've been unable to get a Parallels 13 Pro High Sierra 10.13.6 VM enrolled in MDM, and we're using a v10.6.0 JSS from JamfCloud. This is even when using using serial number, hardware identifier, and MAC address from a real and unenrolled MacBook.

The error from jamf mdm and enrollment invitations is "MDMResponseStatus error 500". Would second being glad to hear if anyone else has had success with this configuration.

Very best!

j

timmy
New Contributor III

I'm also running into this same issue (the 500 error) and can't find a way around it. I'll keep poking and update if I find anything.

howie_isaacks
Valued Contributor

This has worked really well for me since I posted this thread. I'm not sure why this is a problem for some people, but I'm happy to help.

leslie
Contributor II

Also get MDMResponseStatus:500 when trying to enroll a 10.13.1 Parallels VM in Jamf Pro 10.6

After reviewing some comments here found a couple shell records in mobile devices. Removed those and old computer record based on hardware UUID and was able to get the MDM profile (complete enrollment) installed on the VM.

howie_isaacks
Valued Contributor

Again, I'm happy to help anyone who can't get this to work. I recently upgraded to Parallels 14. For some reason, my older VMs that were upgraded last last year stopped checking in and working with the JSS. I deleted them, and created new Mac VMs from scratch. Both of the new VMs worked using my instructions above.

kburns
New Contributor III

This worked for me as well. The first enrollment I attempted (prior to these instructions), created a mobile device with the UUID of the VM instead of a computer record. After I followed these instructions, and deleted the created mobile device, I was able to install the MDM profile/enroll the device.

Thanks!

mjerome
New Contributor II

I have to use VMWare Fusion for this. Can anyone assist?

JustDeWon
Contributor III

@mjerome Check this thread

LauriM
New Contributor

Thanks! this did the trick

TexasITAdmin
New Contributor III
The error from jamf mdm and enrollment invitations is "MDMResponseStatus error 500". Would second being glad to hear if anyone else has had success with this configuration.

I had this problem too even after setting the device id and serial number in parallels.

I found the issue though. Look in your mobile device list for [No Name] record and delete that record. Once you do so you will be able to enroll the device.

monaronyc
Contributor

Has anyone been successful in getting this to work in Parallels 13? I've tried all the above with no avail. And unfortunately our company only uses Parallels. Thoughts?

B-35405
Contributor

@TexasITAdmin Thanks dude, this was the fix for me.
'I found the issue though. Look in your mobile device list for [No Name] record and delete that record. Once you do so you will be able to enroll the device.'

howie_isaacks
Valued Contributor

Just an FYI... This continues to work for me using Parallels 14. I recently recreated all of my Mac VMs, and I used the steps that I detailed in my original post to enroll the VMs into Jamf Pro.

KyleEricson
Valued Contributor

Yes this still works.
Add this in the bios settings:
I think the quotes is key to getting this to work.

devices.smbios.serial="Your-Serial#-Here" devices.mac_hw_model="Your-Mac-Model-ID-Here"

Example:

devices.smbios.serial="C01VG0EFHSDP" devices.mac_hw_model="MacBookPro14,3"

gskibum
Contributor III

@howie_isaacks and @kburns

I love you guys!

I came here for the obvious reason. Yet after applying the Boot Flags fix I still wasn't able to enroll.

I admin 7 JSSs, so I tried enrolling in other JSSs. I was able to enroll successfully in 5 of the JSSs. So I had a closer look at the 2 JSSs that weren't cooperating.

Lo and behold there were stray mobile device records sharing the UUID of the VMs. Curiously these mobile device records were not visible by just browsing mobile device records, rather I had to do a search for mobile devices based on UUID for them to appear.

Kallendal
New Contributor III

Great post. Just curious. I didn't think, per Apple's EULA, you were allowed to use MacOS in a VM environment? I believe they lifted that VM ruling for much older Mac Operating systems (going back to like Snow Leopard/Lion now). personal use aside, I know that is a deal breaker in our corporate environment.

Let me know if the VM item has changed from Apple? Links if you have any.

Thanks

gskibum
Contributor III

@Kallendal

Last I knew VMs are allowed only on non-production builds intended for testing. And are allowed to be run only on Apple hardware.

gskibum
Contributor III

https://www.apple.com/legal/sla/

(iii) to install, use and run up to two (2) additional copies or instances of the Apple Software within virtual operating system environments on each Mac Computer you own or control that is already running the Apple Software, for purposes of: (a) software development; (b) testing during software development; (c) using macOS Server; or (d) personal, non-commercial use.

howie_isaacks
Valued Contributor

I don't see a problem with running Mac VMs on a Mac. Doing this has helped me better serve Apple's customers. Since I can virtualize, I don't have to have a lot of hardware just for testing and package creation.

cwaldrip
Valued Contributor

Curious. I'm getting the MDMResponseStatus 500 error.

I've removed the machine, based on the UUID, from my Jamf server.

My boot flags are...

devices.smbios.serial=C00A00A0AAA0
devices.mac_hw_model="MacBookPro15,1"

I'm running macOS 10.14.5 and Parallels Desktop for Business 14.1.3.

Anyone have luck with that version combo? Any suggestions?

KyleEricson
Valued Contributor

@cwaldrip Make sure it didn't create a fake device record in Jamf. Sometimes it will do this and you have to remove the record under Mobile Drives or Unmanaged Macs.

gskibum
Contributor III

@cwaldrip

Exactly what @kericson said. I was getting hung up by failed macOS enrollment attempts appearing as incomplete records in mobile devices.

cwaldrip
Valued Contributor

@kericson Well, damn. It didn't even occur to me to look under Mobile Devices, even with it being mentioned previously. 🤦🏼‍:male_sign: We don't manage mobile devices so that's a dusty corner of the server for me.

Found, removed, and it works now. 😁

donmontalvo
Esteemed Contributor II

For anyone who came to their senses and dropped crappy Parallels for more enterprise capable VMware Fusion...

Script to "sysprep" a VMware Fusion virtual machine

--
https://donmontalvo.com

pivotwealth
New Contributor

All this got rather hard to follow, so I thought I'd add a summary (which I've just tested successfully with Parallels 15 Pro, Catalina, and Jamf Pro 10.17.1).

A. You need to set 2 Boot Flags for the VM in Parallels > (target VM) > Settings > Hardware > Boot Order > Advanced Settings:
1. The VM's Serial Number. By default, it will be the same as your host machine's serial (or that of the VM you might have cloned to get your current one). So for each new VM you want to enrol, you need a new serial number. Incrementing the last digit seems to be a reasonable approach; eg:
devices.smbios.serial=C02VW1NQHTD1

  1. The VM's Hardware Model. By default it will say something like "Parallels 15,1". I suggest you use the same as your host machine; eg: devices.mac_hw_model="MacBookPro14,3"

(the quotes don't seem to make a difference)

Here's a screenshot of my working VM's settings:
67f72ccb733d49e4965e0157792c9824

B. If you're reading this, you've probably tried to install MDM and failed already, one or more times (like I did), probably because you didn't have the Boot Flags sorted first.

The result of that is that in Jamf Pro, you will have one or more dodgy items in your Inventory, which you need to delete first.

Go look in:
1. Computers > Search Inventory (all): most likely it will have a Name = {serial number of your host machine}. 2. Devices > Search Inventory (all): it will probably just be called "Mobile Device".

You must delete any of these dodgy zombie machines before you can successfully install MDM on the VM. Possibly, before you can install MDM on any new machine, although I have not confirmed that.

homepup
New Contributor II

Thank you @pivotwealth! Finding all the necessary info in one place and explained worked like a charm. One extra tidbit to know, is that if you plan on reverting to snapshots constantly while conducting your testing, you'll want to take a snapshot AFTER you make the necessary serial number and hardware changes or else reverting will lose those changes and you'll have to start over again with removing all of the zombie entries (don't ask me how I learned this, it was a D'oh! moment).

gstbreese
New Contributor

Parallels 15.1.4 and Catalina 10.15.5.
The boot flags work without quotes, and with made up values:
devices.mac_hw_model=MacVM
devices.smbios.serial=ReeseVM0001

As reported from JAMF Pro: Model: MacVM
Model Identifier:MacVM
Serial Number:ReeseVM0001

It took me a few rounds to determine that quotes around the values were causing problems. Once I took off the quotes it worked.

user-jtRGIpBDZb
New Contributor

I was able to use the boot flags technique (Using quotes around the serial number and model number) to modify a Mac OS 10.13 VM today. I had to upgrade to Parallels Pro Desktop for Mac (doesn't work in the standard edition) to get to change the serial number. However, Jamf Pro thinks the Mac VM is an iOS device! Does anyone know how to get Jamf to recognize my Mac VM as Mac and not an iPhone?

howie_isaacks
Valued Contributor

Sadly, I ran into major issues with my Mac VMs running in Parallels after I upgraded to macOS Big Sur. Parallels support could never find the cause. So I was faced with not being able to get work done, so I switched to VMware Fusion. The interface for VMware isn't as easy to use as Parallels, but it still works really well, and in some ways is more robust. Maybe I will go back to Parallels someday.

user-qirdvZFsWp
New Contributor

@us47700868309 What do you have set for the devices.mac_hw_model? I believe it needs to reflect a real hardware model. For example: devices.mac_hw_model="MacBookPro15,1". You probably need to delete the device from Jamf and re-enroll after too.

@howie_isaacks Are you using the Parallels Desktop version 1.6.1 from the App Store, or did you download the latest version 16.1.3 from the Parallels website? I was running into a similar issue for my Catalina VM, and I think running version 16.1.3 from the Parallels website fixed my issue. My host OS is on BigSur. Using boot flags worked correctly for my BigSur VM but not for my Catalina VM until I switched to v16.1.3.

user-jtRGIpBDZb
New Contributor

I was using the standard edition of Parallels 16, which could not create VMs that worked with Jamf. I upgraded to Parallels Pro v16.1.3.

But that was not all: I had to recreate the VMs with the Pro edition. I now have a Catalina VM and a Mojave VM enrolled in Jamf Pro. For the hw model I just use the same model as my host computer, and change the last digit of the serial number so each device in Jamf has a different serial number.

I had trouble gettin a High Sierra VM to enroll in Jamf until I discovered that there were 2 bogus iOS devices (that had Parallels info in their profiles) that were on Jamf Pro. After deleting those artifacts I was able to enroll the High Sierra VM properly.