Prestage enrollment not applying when requiring setup authentication

RicevilleIT
New Contributor II

Wondering if anyone has had this happen. Prestage enrollments for laptops have been working great until I checked the Require Authentication check box in the Prestage enrollment to require the user to sign in during computer setup.

When the user enters their Open Directory credentials, the computer completes the setup without a hitch and is user ready. However in the JSS it will not apply the post-enrollment policy or any policies that I have set up, the policies are nothing special they go through and couple of scripts, applies management, and auto installs iWork and iLife.

Without requiring authentication, the post setup policies ( I have a few) will trigger within 5 minutes of setup, I left a computer on, never to go to sleep, over a weekend to see if it needed more time to apply and it never did.

In terminal I can run sudo jamf recon and that goes through successfully and in the JSS the computer is listed as DEP-(SerialNumber) but does not have any policies waiting to be triggered.

Smart groups will not pick up the machine, I created a smart group with query of computer name "like" DEP and nothing is populated. In Casper Remote, the computer is not listed so I can not force the policies if I wanted.

Its weird as the computer is listed in the JSS, it shows the computer details, that its MDM capable with the user that set it up, but its doesn't seem to be recognized by the JSS to allow any ongoing management.

I tried this with both a new policy and an existing policy on 3 different laptops. On all 3, they worked without require authentication check, but did not work when require authentication was checked. I am not having any issues with policies for iPads when requiring authentication however.

Is their a step I am missing here to get this to work as expected or is something awry?

2 REPLIES 2

TJ_Edgerly
New Contributor III

Does the computer show up as "Managed"?

I ran into this a few weeks back when i was moving my test machine to other DEP instances and found that the computer would enroll, but only as un-managed. I had to un-assign the device, refresh the JSS assignments, re-assign in the DEP portal and finally refresh the JSS assignment one more time. After that, my test machine showed up as managed and my "enrollment Complete" triggers starting working.

OS: 10.12.1
JSS: 9.96
Model: 2015 macbook

RicevilleIT
New Contributor II

Mine does show up as unmanaged.

Gave what you suggested a try and no change in what I am seeing, thanks for the insight and idea to correct the problem. Much appreciated!