so today i have run into my first issue after updating to Jamf Pro 10.
so i have tested this on multiple devices, and under multiple iOS versions (from 10.3, to 11.1).
i have also told the iPad that to Enable full trust for the root certificate (as its a self signed certificate from the JSS built in authority).
This worked to allow us to install our profile up until the Jamf Pro 10 upgrade.
nothing else has changed about our setup, i have checked all our certificates and they arnt expired.
now when we try to install to install the profile certificate its ticked verified (cause we enabled full trust) but still tells me that Profile installation failed - a connection to the server could not be established
I'm kind of stuck here lads, any help tracking this down would be apreciated
I had the same problem with my test JSS, which uses an in-house certificate SSL certificate. I had installed the in-house CA cert on the iPad, but I had not set the iPad to trust that cert. I came across https://support.apple.com/en-ca/HT204477, followed the instructions to set the trust for the CA cert, and after that I could enroll the iPad - by telling the system several times that "yes, I really want to install the profile"...
@mickgrant I'm having the same problem, occurs when attempting to do a safari based manual enrollment, and for DEP enrolments also, currently testing to see if creatign a new prestage will fix the issue for the DEP one, but I am having issues with the test DEP device right now to follow up.
Been bouncing emails back and forth from support, but yet to isolate the cause of the issue.
We sit on a complex network unfortuantely, which adds alot of difficulty to the problem.
all clients auth against wifi, they then get assigned a vlan, so that we dont get bonjour spam.
Groups of vlans are routed internally to any other vlan and have direct access to the mdm server, but for internet access route through 1 of 5 dedicated internet links, via a firewall proxy, proxy up until our upgrade to jamf pro 10 was configured not to be required for apple enrollment traffic. But in the past would also enroll if configured with proxy, but for the most point, we also use global proxy and within the proxy wpad file we exclude the apple range, which for what it is worth doesnt mean much these days.
I am also starting to suspect Apple is more at fault here, and not jamf pro.
Have you found anything further?
Where abouts are you located?
@mickgrant Just been working with support through out all of today, and we found that the webapp was the cause of our enrolment profiles not installing, and we had to revert the web app back to the previous version to resolve the issue.
What was also observed was that the root.war which builds the webapp on first apache launch, had a date modified date, that was before the install of version 10, which suggests that the installer didn't update us properly.
Reverting back got us enrolling devices again, and I am about to try the same method to revert back to revert forward, which will hopefully get version 10 working for us also. I'll update the results of this. but essentially I would suggest getting in contact with support, and mention this thread.
Further to my problems support found within our jamflogsoftware, our JSS had a smart group in it which, was combining a number of smart groups, and for some reason couldn't locate the naming of the group, as we didn't need this smart group, all we had to do to fix it was to delete the smart group, and this resolved the issue for device enrolment.
Wouldn't surprise me if JSS runs a bit better now too.
We are encountering this identical problem with iOS devices with both DEP and manual enrollment. Was there any one thing that worked, or is our solution right now to revert the webapp and then try the upgrade again? I can't imagine everyone is encountering this otherwise no enrollments would be working!
Jamf newbie here. Our school has just started using Jamf 10. It was installed a couple of days ago, so I'm on a roughly vertical learning curve!
I'm having the same problem with not being able to manually enrol. The certificate is installing with no problem, and I can set it to be trusted under About>Certificate trust settings.
When I come to install the MDM profile. I get the generic "Profile Failed to Install" and the certificate then switches to untrusted.
Support are onto it, and I'm hoping they can come up with a solution. As soon as I hear anything, I'll post it here.
And...we're back! In our case it was a single malformed Smart Group that had as a member a Static Group that no longer existed. Support helped us track it down.
Not sure if this would've prevented that, but I have a feature request here to make it so that groups that are criteria for a Smart Group are tied to unique identifiers instead of simply the text: https://www.jamf.com/jamf-nation/feature-requests/2015/tie-groups-to-group-ids-instead-of-text-names