Jamf Nation Community

bryan_feuling · ‎02-15-2017

I'm trying to get a mobileconfig to download and install using a policy. Here are the steps that I am doing:

Create configuration profile on the JSS
Download the configuration profile
Unsign the profile using Apple Configurator
Put <name>.mobileconfig into /tmp/ folder
Put /tmp/<name>.mobileconfig in Recon
Add postinstall script to recon package (sudo /usr/bin/profiles -I -F /tmp/<name>.mobileconfig)
Save .pkg to Desktop
Add .pkg to JSS
Add JSS package to policy
Run sudo jams policy -id <policy id>

After reading through the different discussions in Jamf nation, here are the different steps I've tried:
chmod 777 <name>.pkg
chmod +x <name>.pkg
<name>.pkg without post install, run an install script through the "Files and Processes Execute Command" payload

I keep getting an installer failed, showing that the package was able to download, but the install was not able to happen.

The attached log is what the /var/log/install.log shows

bryan_feuling · ‎02-15-2017

Figured it out.

I was setting the permissions on the .pkg, not on the .mobileconfig.

In case anyone is having this same issue, here are the steps I did to resolve it.

Download desired Configuration Profile (<name>.mobileconfig) from JSS
Put <name>.mobileconfig in /tmp/ folder
Put <name>.mobileconfig from /tmp/ folder into Casper Composer
Change user permissions of <name>.mobileconfig to a user that will be present on all systems, and set RWX for all
In the postinstall script add: sudo /usr/bin/profiles -I -F /private/tmp/<name>.mobileconfig (if there is a space in the .mobileconfig name it must either be escaped or the whole path must be passed as a string (with quotes)).
Get UUID of <name>.mobileconfig (can be done through Apple Configurator 2)
Run sudo profiles -P on your computer and check to make sure that there are no UUID's that match the UUID of the <name>.mobileconfig that you are wanting to install. 8.1 If the UUID exists through a Configuration Profile push via APNS/JSS, exclude your machine from the Configuration Profile on the JSS, run a sudo jamf recon to remove the Profile, and then check to make sure it is removed. 8.2 If the UUID exists, but it was not passed via APNS/JSS, then run sudo profiles -R -F /tmp/<name>.mobileconfig to remove it from the Profiles list.
Build the <name>.mobileconfig package and run it on your computer to insure it works.

View solution in original post

bryan_feuling · ‎02-15-2017

Figured it out.

I was setting the permissions on the .pkg, not on the .mobileconfig.

In case anyone is having this same issue, here are the steps I did to resolve it.

Download desired Configuration Profile (<name>.mobileconfig) from JSS
Put <name>.mobileconfig in /tmp/ folder
Put <name>.mobileconfig from /tmp/ folder into Casper Composer
Change user permissions of <name>.mobileconfig to a user that will be present on all systems, and set RWX for all
In the postinstall script add: sudo /usr/bin/profiles -I -F /private/tmp/<name>.mobileconfig (if there is a space in the .mobileconfig name it must either be escaped or the whole path must be passed as a string (with quotes)).
Get UUID of <name>.mobileconfig (can be done through Apple Configurator 2)
Run sudo profiles -P on your computer and check to make sure that there are no UUID's that match the UUID of the <name>.mobileconfig that you are wanting to install. 8.1 If the UUID exists through a Configuration Profile push via APNS/JSS, exclude your machine from the Configuration Profile on the JSS, run a sudo jamf recon to remove the Profile, and then check to make sure it is removed. 8.2 If the UUID exists, but it was not passed via APNS/JSS, then run sudo profiles -R -F /tmp/<name>.mobileconfig to remove it from the Profiles list.
Build the <name>.mobileconfig package and run it on your computer to insure it works.

Jamf Nation Community

mobileconfig issues through policy