Help

JAMF Pro Enrollment Issue After Computer Migration

Go to solution
zake
New Contributor III

Posted on ‎12-04-2019 12:01 PM

Hello,

I recently migrated an employee to a new laptop. I used migration assistant to migrate the files over to the new machine. I ensured I removed all MDM profiles with the old machine to ensure certificate from the previous machine don't land on the new computer.

The new computer was DEP device so it enrolled it self before the migration started

The migration was successful however the new computer isn't taking management tasks. Check screenshot of management commands pending.
16cbf0ae9ccc41d38730529cb8e34fe5

These commands have been pending for days now. Odd thing, the computer updates inventory and check in entirely fine

Here's what I tried

Command Run
sudo jamf recon
sudo jamf manage
sudo jamf policy
sudo jamf enroll -prompt (to see if the CA certificates will help)

Reply
1 ACCEPTED SOLUTION

Go to solution
larry_barrett
Valued Contributor

Posted on ‎12-04-2019 12:11 PM

Sudo jamf removeMDMprofile
Sudo jamf removeFramework
Sudo rm /var/db.AppleSetupDone

Restart and go through setup assistant again. I did not test this.

View solution in original post

Reply
5 REPLIES 5

Go to solution
zake
New Contributor III

Posted on ‎12-04-2019 12:02 PM

Any ideas?

0 Kudos
Reply

Go to solution
larry_barrett
Valued Contributor

Posted on ‎12-04-2019 12:11 PM

Sudo jamf removeMDMprofile
Sudo jamf removeFramework
Sudo rm /var/db.AppleSetupDone

Restart and go through setup assistant again. I did not test this.

Reply

Go to solution
mainelysteve
Valued Contributor II

Posted on ‎12-04-2019 01:30 PM

@zake If Larry's suggestion above doesn't work then try issuing a sudo profiles -N while logged in as the user. If it still has an mdm profile then you'll need to remove it using the command above. Using the profiles -N command ensures the machine still reports a DEP enrollment.

You may need to nuke the contents of /var/db/ConfigurationProfiles/Store/ as well as /Library/Keychains/apsd.keychain before trying another re-enrollment if the management command to remove the mdm profile doesn't work.

Reply

Go to solution
abrunner
New Contributor III
In response to mainelysteve

Posted on ‎07-21-2021 09:13 AM

sudo profiles -N worked like a charm. Thank you!

0 Kudos
Reply

Go to solution
rstasel
Valued Contributor

Posted on ‎09-23-2020 05:39 PM

Just ran into this. Seems to be caused by running Migration Assistant and migrating everything (rather than just migrating user account). Causes overwriting of something that breaks the configuration profile functionality. Policies would run okay after re-enrolling, but push didn't work (couldn't remove via "Remove MDM" on Jamf end either.

Had to talk customer through disabling SIP, then Bomgar'ing in and deleting /var/db/ConfigurationProfiles/Store, and reenrolling via "sudo profiles renew -type enrollment". Then customer re-enabling SIP.

Shame apple doesn't give us some possibly sledge hammer to fix this remotely. I get the point of SIP, and agree with it, but when things wedge, it's a pain in the rear.

Reply