MDM Capability No

New Contributor II

Hi Guys,

We have noticed an issue this PM which shows our MDM Capability as "No" after imaging or enrolling via the URL.

Does anybody know what I can check to see what might be causing this?

2 Machines have the same problem now.


EDIT 23/03/16 14:00PM GMT - It seems from comments below that this is an Apple issue, multiple users have reported this to Apple. JAMF have also had multiple reports.

EDIT 24/03/16 11:30AM GMT - Fixed.



Just check this morning and APN is back up and new Mac's are getting the config profile!

View solution in original post

110 REPLIES 110


Can confirm that it works again! Profiles are delivered and Casper reports Yes to MDM capability.


Works for me too.


Think we are back up. I’ve just enrolled a device with DEP and also imaged another both enrolled and receiving profiles


Things are back to normal here as well. Hopefully it stays that way!

Valued Contributor

Same here as well, actually resolved yesterday morning, so it was brief for us.

Valued Contributor

working here as well now. Apple engineer managing our support case confirmed that engineering had resolved the issue.

New Contributor II

now working here in MD


Still not working for me. Did you guys need to do anything on your end? I cant enroll in DEP. My iPads are not receiving commands. They are all stuck in a pending state. I was able to enroll 1 newly imaged MacBook in the JSS while I cant enroll another.

Very strange

Valued Contributor III

I had to blow my problem ones out of the database, remove the framework and re-enroll, not ideal but it works.

Contributor II

Works here in NYC for our computers but iPhone DEP is not. Anyone else experiencing issues with iPhone / iPad DEP?


I cant enroll an iPad in DEP.


Not tried DEP, but when i tried this morning, machines which already had the initial MDM profile on which wasn't working started to work and automatically pulled down the profiles. I didn't need to do anything to get it working again. FYI I don't use DEP.

Esteemed Contributor III

Just got confirmation from our Apple SE:

Hi Don, The issue is now resolved. I will go ahead and close the case at this point, but if you continue to experience issues simply reply to this email and the case will reopen. Regards, XXXXXX XXXXXX AppleCare Enterprise Customer Support Engineering

Contributor II

MDM Capability: Yes - working on my end with enrolling machines.

Don't know about DEP devices or iPads.

Contributor II

Thanks msnowdon... Can anyone else confirm that IOS DEP is not working? We are getting (NSURLErrorDomain error -1012.) and are stuck from moving forward. Tried un-scoping the iPhone from DEP but device refuse to recognize that it is un-scoped from DEP.

New Contributor III

I just walked through DEP setup on an iPad 3 without issues.

Contributor II

smurphyusd346, thanks for your response. Guess our DEP issue is not related to the MDM issue. Will work with JAMF support to solve this.

New Contributor

Still not working for us in PA.

New Contributor III

Working now in MN.

Contributor III

For me Push Diagnostics is successfully making test pushes on some systems, but not on others.

Esteemed Contributor III

FWIW we had a few systems that were not working, didn't do anything, once APNS was back up, they all started working again.


New Contributor

One MacBook Pro. Completely re-imaged, fails all efforts to enable MDM. Multiple recons. Removed hard drive, swapped into alternate MacBook Pro, MDM successful. Original machine with error continues to refuse to install mdm with different hard drive.

Error as follows : Executing Policy MDM enable
Creating directory structure for /Library/Application Support/JAMF/Downloads/
Downloading http://jss.blahblahblah.noneya/CasperShare/Scripts/MdmUserLevel01.command...
Running script MdmUserLevel01.command...
Script exit code: 0
Script result: Getting management framework from the JSS...
Enabling MDM at the user level...
Error installing the user level mdm profile: profiles install for file:'/Library/Application Support/JAMF/CF926C2A-0670-4692-B4DF-E152ED13B630.mobileconfig' and user:'root' returned 1 (The operation couldn’t be completed. (InternalError error 1.))
Problem installing MDM profile.
Problem detecting MDM profile after installation.
Retrieving inventory preferences from https://jss.blahblahblah.noneya:8443/...
Finding extension attributes...
Locating applications...
Locating accounts...
Locating package receipts...
Locating hard drive information...
Searching path: /Applications
Locating software updates...
Locating plugins...
Searching path: /Library/Internet Plug-Ins
Locating printers...
Locating hardware information (Mac OS X 10.11.6)...
Gathering application usage information...
Searching path: /Users
Submitting data to https://jss.blahblahblah.noneya:8443/...
The management framework will be enforced as soon as all policies are done executing.

We discovered all this after re-imaging, deleted the machine from our JSS and then attempted to recon it back. It does pull from our JSS and Self Service does work, but we can't manage the device. I will be contacting our rep tomorrow, to let him know.

Esteemed Contributor III

FWIW, APNS is slow, from what we're hearing from Apple/JAMF, millions of kids returning to school this week, so commands queueing up and delayed. Tool several hours for a list of Configuration Profiles to install on a few test computers. Hope things speed up again by next week.



MDM Capability: NO

This worked for us.

Delete these folders:

/var/db/Configuration Profiles
/Library/Managed Preferences

Login as admin
Open Terminal sudo jamf manage

New Contributor III

Thank you, that did the trick.

New Contributor

Facing MDM capability = "No"issue post formatting any MAC. Prior to formatting, the machines are successfully getting enrolled with MDM capability = Yes. But when same MAC is formatted and enrolled again, we are getting MDM capability = No.
Please suggest a way ahead.

New Contributor III

Same issue as ashish.more. Not sure what is going on here


Same problem here. Enrolled a quick lab of 30 machines, realized students could access system preference panes, mdm capable no on some machines but yes on others. In system preferences under profiles it gives the option to “approve” the mdm profile so I’m assuming this fixes it?

I’m saying assume because it can’t be approved remotely, it says it has to be manually on the computers mouse or trackpad. Ugh

Has anyone tried that and had success? I’ve run commands, been through multiple support emails but still no luck.

Valued Contributor

Hello @Howard.Trevor did you ever figure this out?

I have 124 out of 840 Macs showing as MDM capable no. I have a support ticket with Jamf support opened a few minutes ago. I was hoping to have bounced across a solution that doesn't involve me doing anything manually to these computers.


@mconners the only thing that worked for me was to unmanaged the machine, delete from jamf, run a quick Unix command from ARD, and then enrolled again with a quick add pkg.

My issue was apns problem. Renewed the certificate and for some reason it was saying it was the wrong one. Found that out 1 day before expiration, so I only had to fix anything that was enrolled during that 7 day period.

Valued Contributor

We run into this very occasionally with the odd machine. We are on-premise and ran into it in v9.98, and also now v10.3.0.

Support recommended renewing the APNS certificate. This seems a bit odd as the expiry date of the certificate is often in the next year, but this seems to resolve the issue (until it crops up again a few months later.....)