Pre-Stage Enrollment Issues

OldManWyler
New Contributor

Hello All,

We are new in our setup of Jamf Pro and had to remove the Prestage Enrollments config so we could get a computer to our current config to test enrolls. After removing the Prestage Enrollment config and readding the computers we are testing with will not re-enroll using this https://learn.jamf.com/bundle/jamf-now-documentation/page/Re-enrolling_a_Computer_Using_Automated_De... as well as a newly wiped machine that is being activated is not going through the pre-enroll process that is configured. Also we are seeing a pop-up now which was not seen before the removing and readding of the Prestage enroll config which states "Confirm Prestage Account Settings Creastion, Prestage account settings creation may take extended time to save. Do not refresh." Click save and it goes through just fine

We ran through a user driven enroll on the computer in hopes it would fix the pre-stage and re-enroll issues we are seeing, it did not. After user enroll initiated a wipe through Jamf and it had us run through the recovery process to reload the OS… We are at a loss on how to get this issue resolved.

 

Any Ideas would be much appreciated.

1 ACCEPTED SOLUTION

stevewood
Honored Contributor II
Honored Contributor II

If I'm reading your post correctly, you deleted a PreStage Enrollment and then re-created it. After doing that, machines that are currently at the desktop (they have gone through Setup Assistant and are at the macOS desktop) will not enroll into Jamf Pro using that PreStage Enrollment when you use:

sudo profiles renew -type enrollment

First question I would have is if you placed a check mark next to the device in the PreStage Enrollment. You need to go to the Scope tab of the PreStage Enrollment and place a check next to the device.

CleanShot 2023-05-30 at 11.21.00.png

If that check is not there, the device will not pickup that it is part of the PreStage. Also, have you verified that all necessary ports are open on your company firewall to allow access to Apple? This article lists the IP range/FQDNs that need to have access. 

As far as the "Confirm Prestage Account Settings" message, if you have set the PreStage to create an account, you will receive that message.

As far as wiping a computer, in order for the device to utilize the Erase All Contents and Settings feature found in macOS 11 and higher, I believe the device needs to have the bootstrap token escrowed and might need to have User Approved MDM. I cannot recall the exact requirements off the top of my head. But that would be why it was wiping and going to recoveryOS to put macOS back on.

View solution in original post

3 REPLIES 3

stevewood
Honored Contributor II
Honored Contributor II

If I'm reading your post correctly, you deleted a PreStage Enrollment and then re-created it. After doing that, machines that are currently at the desktop (they have gone through Setup Assistant and are at the macOS desktop) will not enroll into Jamf Pro using that PreStage Enrollment when you use:

sudo profiles renew -type enrollment

First question I would have is if you placed a check mark next to the device in the PreStage Enrollment. You need to go to the Scope tab of the PreStage Enrollment and place a check next to the device.

CleanShot 2023-05-30 at 11.21.00.png

If that check is not there, the device will not pickup that it is part of the PreStage. Also, have you verified that all necessary ports are open on your company firewall to allow access to Apple? This article lists the IP range/FQDNs that need to have access. 

As far as the "Confirm Prestage Account Settings" message, if you have set the PreStage to create an account, you will receive that message.

As far as wiping a computer, in order for the device to utilize the Erase All Contents and Settings feature found in macOS 11 and higher, I believe the device needs to have the bootstrap token escrowed and might need to have User Approved MDM. I cannot recall the exact requirements off the top of my head. But that would be why it was wiping and going to recoveryOS to put macOS back on.

Hello Stevewood,

Thank you very much for the reply and yes selecting the device did the trick. Learning a new technology is always fun and with this type of helps makes it mnore bareable.

Thanks again!

Chris W

stevewood
Honored Contributor II
Honored Contributor II

Also, if you are stuck, open a support ticket. Support can assist with getting you through this.