I wiped the macbook, I reenrolled into jamf

NealW
New Contributor II

I wiped the device and I reenrolled through self enroll by going to mycompany.jamfcloud.com/enroll, I installed and approved the mdm profile but when I go to search inventory I see the computer but it is not managed

 

NealW_0-1652477873819.png

 

 

How do I resolve this? I'm not able to remove the profile on the macbook, I tried a bunch of sudo jamf commands but it won't turn on the management of this machine. 

6 REPLIES 6

NealW
New Contributor II

This is an Apple M1 2020 macbook with latest version of monterey 

PhillyPhoto
Valued Contributor

What does running "sudo jamf recon" in Terminal do? When you look at the MDM Profile in System Preferences, does it show "Verified" in green?

mainelysteve
Valued Contributor II

Additionally check in /usr/local and see if the binary is installed. You could also wipe it once more and try enrollment again. In order to remove a non-removable MDM profile requires several steps and it's much simpler and easier to wipe and reinstall. 

While probably unnecessary you could also try installing rosetta2 before enrolling. Open terminal and paste this in: 

/usr/sbin/softwareupdate --install-rosetta --agree-to-license

 

AJPinto
Honored Contributor II

If a device does not enroll correctly it will not manage. I would check for the JAMF binaries (/usr/local) and the JAMF utilities (/Library/Application Support/JAMF). I am going to bet enrollment did not go correctly. If you want the long list of everything that should be on the Mac after an enrollment see the link below.

Components Installed on Managed Computers - Jamf Pro Administrator's Guide | Jamf

 

If the binaries are present you can try to run sudo jamf manage in terminal. If that does not work or the binaries are missing remove the MDM profile, remove the inventory record from JAMF, and try to enroll in to JAMF again. If the issue persists reinstall macOS and try again.

 

You can also try running sudo profiles renew -type enrollment and see if that helps. This will tell the mac to rerun its MDM enrollment processes if the problem is just the MDM side on the Mac it may help.

NealW
New Contributor II

the problem is I can remove it from Jamf Pro console but I can't remove it from the MacBook without wiping it. It seems quite involved to remove the mdm profile?

 

I tried to do the Jamf manage but it didn't work last Friday, I havn't tried the sudo profiles renew -type command yet

 

I decided to wipe the device but since it's a trial, I'm waiting for my trial to be extended

AJPinto
Honored Contributor II

If you have the MDM profile set to not be removable by the user it is rather involved to remove. It is possible but you must disable SIP and run a terminal command to remove all profiles. If it was not so many steps to remove MDM profiles user would remove them to get away from management. 

 

Good luck friend