Mac Pro/Catalina not MDM Capable

ChickenDenders
New Contributor III

I have been having a whale of a time over here. We've got a shipment of ~15 shiny new Mac Pro's and this has been a huge blocker to getting things deployed.

Previously, we've had a fleet of old Trashcan Mac's running 10.124 Sierra, which were enrolled with a Quickadd package. I've since learned that this is no longer supported as of 10.13, if you want the machine to be MDM capable. https://docs.jamf.com/10.25.0/jamf-pro/administrator-guide/User-Initiated_Enrollment_for_Computers.h...

So - I've enabled and configured User-Initiated Enrollment, through the "company.com:8334/enroll" URL, and it appears to be working correctly as far as enrolling goes, except the MDM profile isn't working.

I am taking these computers fresh out of the box, manually doing the initial account creation for our Admin account, then navigating to the URL when I log in to enroll the machine. I am able to install the CA profile, and the MDM profile. Both profiles appear in System Preferences, installed and Verified.

The computer appears in my JSS inventory, but is not MDM capable.

We don't have DEP set up, I'm just manually setting these up at our work bench and will be moving them to user's desks when they're ready to go. Users will be using active directory, which is a whole other hurdle, but for now I'm just logging in with a local admin account and trying to get these things up and running. I thought this would be simple HA HA

Does anybody have any recommendations? Possible areas I could be misconfiguring something?

I've got a ticket open with JAMF but they're still going through their support checklist, double confirming all the troubleshooting steps I have done one day at a time. I am way behind on this deployment now and I'm going crazy. Thanks --

7 REPLIES 7

jkaigler
Contributor II

If they have the new m1 chips you probably need to install rosetta before enrollment

https://www.niallbrady.com/2021/02/02/enrolling-a-mac-book-pro-m1-into-jamf-pro/

jkaigler
Contributor II

Sorry just reread you have Catalina so I am assuming it's not m1 chips

ChickenDenders
New Contributor III

Would that still apply if these are the new Mac Pro desktop workstations, with the big shiny handles?

jkaigler
Contributor II

Only with the apple processors.

sdagley
Honored Contributor II

@ChickenDenders (and @jkaigler) To date the only Macs available with an M1 chip are the MacBook Air, 13-inch MacBook Pro, and Mac mini, so your shiny new Mac Pros are definitely using Intel processors and Rosetta isn't applicable.

You mention the MDM Profile is installing, but is the Jamf binary and the Self Service app being installed after the Mac is enrolled?

And have you verified your APNS certificate is current?

You might want to try running Jamf Environment Test on one of the machines to see if there's anything that would prevent the required communication between the Mac and Jamf Pro.

ChickenDenders
New Contributor III

@sdagley , It does NOT appear that the JAMF binary or Self Service is installing, no.

At this point, I've only tried two machines, but there has been a lot of installing CA/MDM profiles, then removing them, deleting out of Inventory, re-adding... Don't know if I've just hosed things and a wipe is in order. Once I have the correct process locked down, I'm just going to pull another one out of the box so I can Enroll it correctly out of the gate.

That Jamf test utility looks helpful. I'll give that a shot, thanks.

sdagley
Honored Contributor II

@ChickenDenders If you're not getting the jamf binary installed and the Mac isn't reporting as MDM capable I suspect either your APNS cert isn't current, or that Jamf Environment Test is going to show that something in your environment is interfering with APNS connectivity.