- Jamf Nation Community
- Products
- Jamf Pro
- Re: Mac Re Enrollment Issue
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2023 07:32 AM
I had a Mac that lost its connection with JAMF. I ran the following command on the machine, sudo Jamf enroll -prompt, and the machine started reporting into JAMF. The issue is that it will not push down any new Configuration Profiles and the "Management Commands" option is missing. I have tried to run the following commands to see if I could resolve any of these issues but nothing helped.
sudo jamf -removeFramework
sudo jamf reenroll -prompt
sudo profiles renew -type enrollment
I also tried to do a manual enrollment but since the old "MDM Profile" is still on the machine it will not install a new one and I can't remove the old "MDM Profile" since it was enrolled with DEP.
Is the only option I have is wipe the device?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2023 08:06 AM
I used this method to remove a non-removable MDM. This requires to be hands on the machine and booting the recovery mode and disabling SIP.
- Boot the Mac to Recovery Mode. If the mac is filevault enabled, then either have the user log In or have another user account that is able to bypass the login in the recovery mode.
- Open the Terminal application from utility menu
- In Terminal, run csrutil disable to disable System Integrity Protection
- Restart the Mac into Recovery Mode again
- Open Disk Utility, right click on Macintosh HD, and mount the disk. If the disk is FileVault-protected, you will need to select a FV-enabled account and unlock the disk with the password.
- Open Terminal, and navigate to Volumes: cd /Volumes
- Run ls to display the list of drives. By default it would be labeled Macintosh HD
- Navigate into the drive with cd Macintosh\ HD
- Navigate to the ConfigurationProfiles folder with cd var/db/ConfigurationProfiles
- Run pwd to confirm that you are in the directory /Volumes/Macintosh HD/var/db/ConfigurationProfiles
- Run rm -rf * to delete all files and folders in ConfigurationProfiles
- Run mkdir Settings to re-create the required Settings folder
- Run touch Settings/.profilesAreInstalled to re-create the required file
- Run csrutil enable to re-enable System Integrity Protection
- Reboot to the user’s desktop
- Open Terminal and run sudo profiles renew -type enrollment
You can either run the above to enroll or user-initiate enroll.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2023 07:37 AM
@Mwhitten Wipe it
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2023 08:06 AM
I used this method to remove a non-removable MDM. This requires to be hands on the machine and booting the recovery mode and disabling SIP.
- Boot the Mac to Recovery Mode. If the mac is filevault enabled, then either have the user log In or have another user account that is able to bypass the login in the recovery mode.
- Open the Terminal application from utility menu
- In Terminal, run csrutil disable to disable System Integrity Protection
- Restart the Mac into Recovery Mode again
- Open Disk Utility, right click on Macintosh HD, and mount the disk. If the disk is FileVault-protected, you will need to select a FV-enabled account and unlock the disk with the password.
- Open Terminal, and navigate to Volumes: cd /Volumes
- Run ls to display the list of drives. By default it would be labeled Macintosh HD
- Navigate into the drive with cd Macintosh\ HD
- Navigate to the ConfigurationProfiles folder with cd var/db/ConfigurationProfiles
- Run pwd to confirm that you are in the directory /Volumes/Macintosh HD/var/db/ConfigurationProfiles
- Run rm -rf * to delete all files and folders in ConfigurationProfiles
- Run mkdir Settings to re-create the required Settings folder
- Run touch Settings/.profilesAreInstalled to re-create the required file
- Run csrutil enable to re-enable System Integrity Protection
- Reboot to the user’s desktop
- Open Terminal and run sudo profiles renew -type enrollment
You can either run the above to enroll or user-initiate enroll.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-01-2023 03:32 AM
Thanks a megaton. 🤗
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2023 11:43 PM
This method fails on step 9. "cd: var: No such file or directory" message appears.
Navigating to the /var/db/ConfigurationProfiles and following the other steps also not working.
