Macs Enrolling as Unmanaged

jhart_hv
New Contributor II

Since the 10.19 JSS update -or the 10.15.3 macOS update- something has broken where any Macs enrolled show up unmanaged. This applies to both DEP and user-enrolled Macs. I have the management account configured in both the PreStage enrollments and User-Initiated enrollments settings. I end up manually assigning the management account and then it's all good. I didn't have to do this before. Any ideas what might be happening or where to find a log that might say what's going on?

15 REPLIES 15

Dalmatian
Contributor

I'm having the same issue here, same on 10.19 JSS. We just integrated with DEP 2 days ago and tested with the prestage enrollment process, it turned out laptop shows unmanaged.

namesiw
New Contributor

Just saw this for the first time today. Trying to figure out the solution.

gcarmichael
New Contributor III

I have seen the issue since 10.18, I just create a smart group based on enrollment date, find the serials, and then edit each record. Yes its a pain, but I only had to do 60 of the 3800 we have total for Macs so it was not world ending. You could try the

sudo profiles renew -type enrollment

If the machine is in a prestage.

Macpants
New Contributor III

Same thing happened to me after doing an upgrade from 10.14 to 10.15. I used startosinstall with the --eraseinstall tag. The Mac had already been enrolled with ADE.
If anyone figures out why this is happening, I for one would sure appreciate it.

collinslo
New Contributor II

Bumping for exposure.

Our recent macbook purchases with 10.15.3 or higher preinstalled are also enrolling as unmanaged. If anyone has figured out why, that'll be great!

mm2270
Legendary Contributor III

This is a semi old thread, but I've just run into this myself. It is not happening with all Macs. Our DEP enrolled Macs seem to be coming in just fine, but when doing a manual enrollment with the UIE process, the Mac shows as Unmanaged, and I can confirm that not even the Jamf binary is coming down to the device. I can't figure out what's happening with this. We're on Jamf Pro 10.25.1 on prem. Strange issue. And I need to get it resolved ASAP so I can enroll these Macs and have them properly managed.

Has anyone found a solution to this or figured out what the cause was?

luke_michelson
New Contributor III
New Contributor III

@mm2270 I don't know if you have the exact same issue, but I had an enrollment issue with an M1 with my on-prem Jamf Pro site. For me, I was using a usb-c network adapter on an M1 MacBook Pro that was causing the issue. I unplugged it and enrolled over WiFi and it enrolled properly. Just in case, I thought I would share.

mm2270
Legendary Contributor III

@luke.michelson Thanks for your reply. I ended up figuring out what the issue was in my case.

I was moving Macs over from an older POC server to our full production environment. And it turned out that the unenrollment left some certificates installed from the old server in the keychain of the Mac. Apparently during enrollment to production it saw those certs for the old server and had some trouble with them. I would think the enrollment would be smart enough to know that it needed new certs from the server it’s being enrolled in, but apparently not. Deleting that certificate and running enrollment again fixed the issue for me.

Jacek_ADC
Contributor

Hi everyone
I run in the same issue while testing our prestage with M1 MacBooks. I dont know why the are unmanaged and have no clue how to solve it. Testing through wlan. This issue i see the first time with the new m1 MacBooks. Somebody an idea how to solve it.
Terminal command sudo jamf manage doesn't changed something

markopolo
Contributor

@user-faWBxyKMJD I'm in the same boat as you. I believe Jamf needs to fix this because it's silly that we have to custom engineer a solution to push out Rosetta to PreStage M1 Macs (see here: https://www.jamf.com/jamf-nation/discussions/37357/deploy-rosetta-on-m1-machines-before-everything-else). Even if it's Apple's fault for not installing Rosetta by default, as some claim, Jamf should work around this and fix it in new Jamf Pro builds going forward.

happybabyhippo
New Contributor

Can anyone check their M1 Enrollment Profiles to see if the CA Certificate was installed when going through DEP-Prestage enrollment? I don't have much M1 Macs to test with but I believe the CA Cert doesn't get installed hence the macs not being managed.

I tried to manually enroll one of them through our enrollment URL, but I've not seen it check in once since being enrolled (yesterday). Policies are all installed but are not being enforced, and I'm missing commands on the management tab. Is anyone else experiencing this?

faf6515b935f4b39bf67df686eddd99b

8fe10b9729ed4202b19d24bf1703cd31

happybabyhippo
New Contributor

Just to add, I don't see the JAMF Binary installed. There is no /Library/Application Support/JAMF directory.

mpenrod
New Contributor III

Take a look here: https://mrmacintosh.com/big-sur-beta-1-jamf-pro-enrollment-problems-workaround/ I don't think everything has been ironed out yet. I've enrolled a handful of M1 systems and find that if it fails the first time I wipe it and reinstall Big Sur until the Prestage Enrollment works (usually requires rebooting my JAMF Pro server to force a resync with Apple - Yes, Apple School manager reports talking to my JAMF server morning of. Yes, there are probably other ways to do it but there's almost always a patch requiring a reboot anyway).

jp4050
New Contributor II

I just started trying to set up some M1 Mac Airs with PreStage Enrollment and I am still seeing this issue. Has anyone come up with a better fix?

andrew_betts
New Contributor II

Was having the same issue and fairly certain the issue is that you can't skip over 'location services' in prestage.  You have to enable it at set up.  Has worked for us so far on about 5 devices, whereas devices were continually coming up as unmanaged when location services was skipped over and disabled.