Posted on 11-04-2024 09:58 AM
While attemtping to test some changes I made to our ZTP process, I performed erase all content and settings on one of my test Macs, deleted it from Jamf Pro, and then enrolled it through PreStage. Everything worked exactly as it should. The Mac auto-enrolled, got some profiles installed, and all appeared to be good. When the enrollment policy that handles ZTP did not launch, the first thing I did was to look for the Jamf log to see if there were any errors. There was no Jamf log. Next, I checked to make sure that my Mac had indeed successfully enrolled. I saw that the MDM profile along with all the other profiles that this Mac is in scope for were there. I then went to /usr/local and noticed that there was no Jamf binary installed. After 10-11 minutes after enrollment the Jamf binary finally got installed, and the zero touch provisioning process kicked off with an enrollment trigger. I have never seen it take this long for the Jamf binary to get installed. In most cases, the user gets to the desktop and about 2 or 3 seconds later, the ZTP process starts. They don't even have time to start clicking on anything. This is exactly the way I want it. Is anyone seeing a delay in the Jamf binary getting installed? The only change since the last time this was working properly was the recent update to Jamf Pro 11.10.2 over this past weekend.
Posted on 11-05-2024 12:07 AM
Sometimes, issues with network or communication can cause problems during the enrollment process. If you're experiencing this on a single device or seeing the same behavior across all Macs, try enrolling the Mac from a different network. Additionally, it's always a good practice to delete the device from JAMF before you re-enroll it.
Posted on 11-05-2024 07:05 AM
I was doing this at home. My home network is pristine. It isn't blocking anything Jamf or Apple related. This was happening on two Macs. Deleting from Jamf isn't necessary but I did that too. I can't tell users to try from a different network. The whole purpose of "zero touch provisioning" is that we don't want IT to be involved in Mac enrollments and setups. I opened a case with Jamf and I have a call scheduled for this afternoon. The dreaded phrase "product issue" has already entered the conversation.
Posted on 11-05-2024 07:20 AM
"Home network is pristine" is relative - not to be crass. Some folks think that an ISP provided modem/router is "high class". Other folks think having Cisco or Aruba equipment is not enough...
Anyways, how many calls (MDM, App Store, etc.) to apple do you typically do from your residence? There's a limit per WAN addresses that could potentially be the problem.
This could also happen if something is bogging down your Jamf cloud instance - like if you have too many ghost policies, too large database table fields, etc. etc.
Posted on 11-05-2024 09:44 AM
Take a look at PI120752
If you have a Firewall configuration profile, don't scope it at enrollment.