PPPC Issue - The profile must originate from a user approved MDM server

jrosedietcher
New Contributor III

Hey All,

I'm running into an issue with PPPC where I can't install a profile because it must originate from a user approved MDM server? ad4102c247ac44dab83ed030b824d609

We don't use DEP here, but I've re-enrolled my machine to test with via UIE, clicked approve in system prefs, segmented profiles (I was planning on combining it with a kext profile for the same app), and I'm not sure what I'm doing wrong. Attached is a screenshot of what the PPPC payload looks like. bbc5e0d334804599aac4d8922f1a54ad

Any help would be greatly appreciated so my team doesn't have to head here and click for every machine: 7bba77f463884a0d98d2bb3a5ec13105

1 ACCEPTED SOLUTION

sshort
Valued Contributor

@jrosedietcher

when I scope it to the computer, it fails in the log

I read that to mean the logs in the Jamf web interface, but is there an error somewhere else you got? You can check out profile installation errors by clicking on the History section of a client machine.

33ecac49ee1343d89abe8760205997f9

View solution in original post

15 REPLIES 15

jrosedietcher
New Contributor III

bump, hoping someone has an answer for this

mporter
New Contributor II

Are you installing this profile manually, or scoping it to the computer?

jrosedietcher
New Contributor III

when I scope it to the computer, it fails in the log. When I install manually, I get the first attached error message.

mporter
New Contributor II

Ah gotcha, yeah you wouldn't be able to able to install it manually.. have you tried to remove the text in the code requirement? Also if you want to just test you could use the PPPC Utility: https://github.com/jamf/PPPC-Utility

sshort
Valued Contributor

@jrosedietcher What's the Jamf log failure message? The first error message is expected for an attempted manual installation. DEP isn't required to install the profile, so long as you meet the requirements for UAMDM (and based on your description of clicking approve in sys prefs to allow the enrollment profile means it's good to go).

Is it just this specific PPPC profile that fails? Does another PPPC profile install successfully?

jrosedietcher
New Contributor III

thanks for the replies!

@mporter I've tried removing the text in the code requirement field but it says required and will error out if I I try to save without anything. I'll check that utility out, thanks!

@sshort I haven't tried other PPPC profiles as this is the first time I've had to create something to check those boxes in accessibility. I can try another one with a different app to see what works. Which log are you referring to? jamfsoftwareserver.log or the one in the Jamf Pro GUI?

sshort
Valued Contributor

@jrosedietcher

when I scope it to the computer, it fails in the log

I read that to mean the logs in the Jamf web interface, but is there an error somewhere else you got? You can check out profile installation errors by clicking on the History section of a client machine.

33ecac49ee1343d89abe8760205997f9

jrosedietcher
New Contributor III

@sshort Got it. Turns out I've had the wrong code requirement in that field. 3012f39d56154f1a90a46e94da5c5205

I thought I read the code signature correctly but I'll have to adjust it and try again. Thank you!

scottd-
New Contributor

Was there ever a resolution to this? I'm having the same issue and am curious to know if you got it working. Thanks!

kerouak
Valued Contributor

just started having this issue too...
It's been installing fine, then all of a sudden...!!!

Garci4
New Contributor III

Seeing this as well with one of our users.

Randydid
Contributor II

Bump. I have this one too.

mike_paul
Contributor III
Contributor III

Hello, I have only seen the error message "The profile must originate from a user approved MDM server" when attempting to install a PPPC profile manually on a computer, which is not supported, it must be installed via an MDM server to a computer with User Approved MDM enabled.

What error does your MDM install command show in the Jamf Pro GUI for not installing?

dulban
New Contributor III

I'm getting this too now but only on a few Macs.

r0b
New Contributor II

Just ran into this issue on a machine, it was because the MDM profile installed on the macOS device had not been approved by the user. Asked them to go into System Preferences>Profiles and notice the profile with a yellow warning triangle, approve it and just like that everything started working again. I believe in this case the user was given a replacement machine with a fresh install of Catalina rather than their previous machine which was upgraded from Mojave, where the profile approval happened automatically.