Prestage Enrolment - Last Sync

simon_brooke
New Contributor III

Hi,

Is anybody having an issue with prestage enrolments not syncing for the last 4 days.

Our devices can be added to the prestage but do not enrol when the device is turned on and connected to the wireless.

Our DEP program is working, and devices are showing in Jamf.

Any ideas?

Thanks
Simon

45 REPLIES 45

dstranathan
Valued Contributor II

I'm experiencing a similar thing. ABM/Jamf think the sync is current, but my PreStages are clearly not in sync (recent changes arent being picked-up at enrollment time). Each time I want to make a PreStage Enrollment change, I have to reimport a new token (even though the current token is fairly new) - or other 'tricks' to get it syncing again. Odd.

I'm doing a lot of Prestage changes and testing right now so this has been a point of friction in my workflow. "Ain't nobody got time for this"

benducklow
Contributor III

@dstranathan - I have had a similar experience about a few weeks ago. The difference was that I could see that the sync failed (within Automated Device Enrollment) and would have to do the whole 'renew the token' bit through ABM... I opened a case and Jamf support basically stated there's no way to identify the root cause of it.. :(

stutz
Contributor

Had this happen to me today. Needed to make some changes to my Prestage profiles and it failed to sync (and stayed like that). Followed @benducklow @dstranathan instructions to renew the token in ABM and got the Prestage profiles to sync almost instantly. Defiantly a bug in the process that needs fixed. Didn't use to error out when making changes to Prestage profiles.

carlo_anselmi
Contributor III

@stutz I am not sure it's the same issue but when it happens here I simply change and save a minor info in the Prestage (such as the contact phone number) and the sync immediately shows as completed. I found this workaround in another post here on JN. Hope it helps.

FrogOnABike
New Contributor II

Thought I'd chip in as had a similar issue to this today.
Our CTO had brought a new M1 Macbook whilst out in the US in the Black Friday sales whilst at a conference and was under strict instructions to WAIT to set it up until I'd enrolled it to our ABM via Apple Configurator on an iPad (that REALLY is a great feature now!)

Spent most of the day running through suggestions on here (bar cert renew one) and swapping it between 2 different PreStages to no avail.

Eventually thought I'd just run through Setup Assistant with a dummy user and try enrollment via command line in OS and that worked as expected so it was definitely able to pickup the profile.
I then issued Wipe Computer command and it reset and ran through re-activation and SA again and this time it actually started the enrollment at the expected point :)

Just to note, if your CTO powered on the Mac and connected it to the internet and didn't wait until the device was in your ABM instance and assigned to a PreStage Profile, that is the problem.

 

Basically, the device will reach out to Apple's Activation Servers and check if it has an Activation Record (to ADE enroll) and it caches that info on the device (so that Mac had an empty Activation Record).  So it will not check again until you can force it via the profile renew -type enrollment command.

To resolve you have several poor options:

  • Setup the device and run the above command, as you did
  • Wipe the device
  • Boot to Recovery and delete the cached Activation Record

 

All of which are not great/easy for a remote end user, which is when this most often happens.