We have enrolled more than 40 Macs using QuickAdd package and they all have worked fine. One of the Mac has installed the MDM profile but it is not installing the configuration profiles and also the MDM Capability is No. We have setup smart groups for configuration profiles which just pick up the Macs right after the enrolment but in this case its not working even after Mac was left overnight. Any suggestions.
Solved
Macbook Air MDM Capability = No
Best answer by CasperSally
Not sure if it's what you're seeing, but for us MDM Capable No for us has always come down to serial number being blank, and in one machine serial number was missing one character some how in system profiler. Worth checking.
+17Not sure if it's what you're seeing, but for us MDM Capable No for us has always come down to serial number being blank, and in one machine serial number was missing one character some how in system profiler. Worth checking.
+15The fix for us was as follows (from JAMF Support):
"Finally, if we are using the JSS's Built in CA to generate our SSL certificate could we please refresh this by going to JSS> Settings>Apache Tomcat>Change the SSL certificate used for HTTPS>Generate a certificate from the JSS's built-in CA."
Systems were OK when they next checked in, we didn't need to re-enroll clients.
+38It sounds like your JSS is setup properly, since you have other machines that are working. So I would turn to that specific machine. In the instances where I've had that problem, I've simply enrolled the machine using the JAMF binary:
jamf enroll -promptThat has corrected MDM troubles for me in the past.
@stevewood][/url
we have Ms Office which gets installed automatically after the JSS enrolment is completed so as I mentioned above that MDM profile is being installed successfully so the Ms Office gets installed automatically on JSS enrolment. The problem is that I do have two configuration profiles i.e. WiFi and Dock which is not picking up at all. Also the MDM commands like Lock Computer etc are not available. I had tried the command you mentioned but no luck.
+9We were having similar issues with config profiles and our account team came up with this solution that worked instantly on hundreds of machines through a policy. It will just remove the Casper MDM profile and then reinstall a new one which for us brought down all other config profiles right away as well.
#!/bin/bash
jamf removeMdmProfile
jamf manage@CasperSally][/url
can't believe this, the serial number in the Macbook Air is replaced with string "System Serial#" you were correct.
+17@khurram glad I could help. The one machine we had missing one character in serial had us troubleshooting on and off for way too long.
+3I've tried @tron_jones method, checked the serial number on the machine and what is being reported in the JSS, and re-enrolled the machine using a quickadd pkg.
Are there any other methods for resolving MDM capabilities : No ?
The MDM profile is on the machine...
I'm running 10.11.2.
+3I'm getting same issue enrolling 10.11.3 clients w/ jss v9.82.
What cause our issue was the SSL certs we have is using sha-1. Upgraded to SHA-2 all happy happy .
What threw us out was that 10.10.5 clients are enrolling happily using sha-1.
+8@tron_jones how did you determine what computers needed those commands run via the JSS?
Did you create a static group that you updated every so often by checking the DB or were you able to come up with a smart group?
+7The perfect solution is without doing the action
sudo jamf mdm -userLevelMdm
sudo Jamf manage
MDM Capability: Yes will be changed
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.