Help

Not Self Enrollment possible

MZKMR
New Contributor II

Posted on ‎05-23-2017 02:18 AM

Hello the have the problem that the self enrollment is not possible.
DEP and Configurator is ok. Any ideas for this Problem.

Greetings Jörg Hoos

94e25113f48141289d716c8ad440e307
846ee3818c74483e9e586190c8a890c5

Labels:
0 Kudos
Reply
4 REPLIES 4

MZKMR
New Contributor II

Posted on ‎05-23-2017 02:19 AM

 
0 Kudos
Reply

MZKMR
New Contributor II

Posted on ‎05-23-2017 02:19 AM

 
0 Kudos
Reply

PeterClarke
Contributor II

Posted on ‎05-23-2017 02:29 AM

Yes - First idea, would be to go to 'Global Management', and check that 'User Initiated Enrolment', for your platform (e.g. OS X) has the tick-box, check to ALLOW user initiated enrolment..

Second idea is to check: (in Casper) System Settings, JSS User Accounts & Groups, Privileges to see if you have set ON allow Enroll computers and Mobile Devices - you might have, or intend that restricted to a tech group.
it Needs to be 'ON' for those individuals or groups, who should have this right.

0 Kudos
Reply

mike_paul
Contributor III
Contributor III

Posted on ‎05-23-2017 09:43 AM

It also could very likely be due to the changes in iOS for untrusted certificate issuers. Is your JSS using an SSL certificate created using the wizard in the JSS? If so, this is likely it.

If your going through User Initiated Enrollment with built in CA created SSL cert and you don't back out of the enrollment process after installing the CA and go to Settings > General > About > Certificate Trust Settings and do the manual trust it will fail.

If you are going through DEP or Configurator and supervising it automatically does the extra trust settings.

You can read more about these changes and the steps needed to resolve them here: Changes in User-Initiated Enrollment with Untrusted Certificate Authority Signed SSL Certs
and
Enhancements to certificate security for mobile device management (MDM) enrollment

0 Kudos
Reply