- Jamf Nation Community
- Products
- Jamf Pro
- Re: Mojave Upgrade Creates Unverifed MDM Profile
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2019 06:20 AM
I'm seeing an issue where once we apply the Mojave update to a machine, the MDM profile then gets listed as unverified and other pushes (IE apps and other profiles) don't come down until I remove the MDM and re enroll the machine. Then of course I have to navigate to the profiles section of system preferences and approve the new verified mdm profile. Is this normal behavior or is there a work around?
I've tried removing the MDM profile then doing a sudo jamf manage command, however I get an error saying "Error installing the computer level mdm profile: profiles install for file: '/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user 'root' returned -915 (Unable to contact the SCEP server at"https://ourserver.com:8443//CA/SCEP".)
Not sure If maybe I'm doing something wrong.
Gabe Shackney
Princeton Public Schools
Gabe Shackney
Princeton Public Schools
Princeton Public Schools
Solved! Go to Solution.
Labels:
- Labels:
-
jamf binary
-
Usage Management
Reply
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-07-2020 08:31 PM
I am finding both of these commands run in this order is fixing the issue for me -- we have been struggling with known issue PI-000489 and this post helped me. Not sure if it has fixed our EDU profile yet, but I will report back.
sudo jamf trustjss
sudo jamf mdm -userLevelMdm
Saves us from disabling SIP, DEP re-enrollment trickery
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2019 08:11 AM
So after some playing around I also found that we could use the command sudo jamf trustjss but I don't know yet whether it works to correct this issue until I do another machine.
Also I found that running sudo jamf mdm -userLevelMdm fixes another part of this problem that was causing our EDU profiles from getting through.
I'll post more info if I find out anything more.
Edit: Looks like just running the above user mdm command fixes this issue. the trustjss may not be needed.
Gabe Shackney
Princeton Public Schools
Gabe Shackney
Princeton Public Schools
Princeton Public Schools
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-07-2020 08:31 PM
I am finding both of these commands run in this order is fixing the issue for me -- we have been struggling with known issue PI-000489 and this post helped me. Not sure if it has fixed our EDU profile yet, but I will report back.
sudo jamf trustjss
sudo jamf mdm -userLevelMdm
Saves us from disabling SIP, DEP re-enrollment trickery
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-08-2020 06:40 AM
What OS were they upgraded from? I found this happened occasionally when machines were upgraded from Sierra to High Sierra (specifically 10.13.4 which brought user-level MDM). The only consistent variable was a hardware change (e.g. repair or Time Machine restore) that changed the GUID.
