Since the 10.19 JSS update -or the 10.15.3 macOS update- something has broken where any Macs enrolled show up unmanaged. This applies to both DEP and user-enrolled Macs. I have the management account configured in both the PreStage enrollments and User-Initiated enrollments settings. I end up manually assigning the management account and then it's all good. I didn't have to do this before. Any ideas what might be happening or where to find a log that might say what's going on?
I have seen the issue since 10.18, I just create a smart group based on enrollment date, find the serials, and then edit each record. Yes its a pain, but I only had to do 60 of the 3800 we have total for Macs so it was not world ending. You could try the
sudo profiles renew -type enrollment
If the machine is in a prestage.
This is a semi old thread, but I've just run into this myself. It is not happening with all Macs. Our DEP enrolled Macs seem to be coming in just fine, but when doing a manual enrollment with the UIE process, the Mac shows as Unmanaged, and I can confirm that not even the Jamf binary is coming down to the device. I can't figure out what's happening with this. We're on Jamf Pro 10.25.1 on prem. Strange issue. And I need to get it resolved ASAP so I can enroll these Macs and have them properly managed.
Has anyone found a solution to this or figured out what the cause was?
@mm2270 I don't know if you have the exact same issue, but I had an enrollment issue with an M1 with my on-prem Jamf Pro site. For me, I was using a usb-c network adapter on an M1 MacBook Pro that was causing the issue. I unplugged it and enrolled over WiFi and it enrolled properly. Just in case, I thought I would share.
@luke.michelson Thanks for your reply. I ended up figuring out what the issue was in my case.
I was moving Macs over from an older POC server to our full production environment. And it turned out that the unenrollment left some certificates installed from the old server in the keychain of the Mac. Apparently during enrollment to production it saw those certs for the old server and had some trouble with them. I would think the enrollment would be smart enough to know that it needed new certs from the server it’s being enrolled in, but apparently not. Deleting that certificate and running enrollment again fixed the issue for me.
I run in the same issue while testing our prestage with M1 MacBooks. I dont know why the are unmanaged and have no clue how to solve it. Testing through wlan. This issue i see the first time with the new m1 MacBooks. Somebody an idea how to solve it.
Terminal command sudo jamf manage doesn't changed something
@user-faWBxyKMJD I'm in the same boat as you. I believe Jamf needs to fix this because it's silly that we have to custom engineer a solution to push out Rosetta to PreStage M1 Macs (see here: https://www.jamf.com/jamf-nation/discussions/37357/deploy-rosetta-on-m1-machines-before-everything-else). Even if it's Apple's fault for not installing Rosetta by default, as some claim, Jamf should work around this and fix it in new Jamf Pro builds going forward.
Can anyone check their M1 Enrollment Profiles to see if the CA Certificate was installed when going through DEP-Prestage enrollment? I don't have much M1 Macs to test with but I believe the CA Cert doesn't get installed hence the macs not being managed.
I tried to manually enroll one of them through our enrollment URL, but I've not seen it check in once since being enrolled (yesterday). Policies are all installed but are not being enforced, and I'm missing commands on the management tab. Is anyone else experiencing this?
Take a look here: https://mrmacintosh.com/big-sur-beta-1-jamf-pro-enrollment-problems-workaround/ I don't think everything has been ironed out yet. I've enrolled a handful of M1 systems and find that if it fails the first time I wipe it and reinstall Big Sur until the Prestage Enrollment works (usually requires rebooting my JAMF Pro server to force a resync with Apple - Yes, Apple School manager reports talking to my JAMF server morning of. Yes, there are probably other ways to do it but there's almost always a patch requiring a reboot anyway).
Was having the same issue and fairly certain the issue is that you can't skip over 'location services' in prestage. You have to enable it at set up. Has worked for us so far on about 5 devices, whereas devices were continually coming up as unmanaged when location services was skipped over and disabled.