Our users on 10.13.4 are getting the following message when approving their MDM Profile...
The problem is, there is no remote session going on. They are trying to approve the MDM profile while sitting right in front of their laptop, using it's own built in keyboard and trackpad. The only way we can get them approved is to login as root user and then it works.
Anyone else seen this and have a fix? I've already removed MDM profiles and re-enrolled into MDM and it makes no difference.
I wonder if it's only allowing the originally created account to approve it. That would be incredibly dumb, but this is Apple and 10.13 we're talking about so insanely stupid ideas aren't exactly unexpected at this point.
I am seeing the same behavior on a machine that does not have any remoting software installed or other tools of the kind.
However, after rebooting, we were able to approve the MDM, so this sounds like a process the machine thinks is trying to automate stuff.
Weird things, indeed.
Has anyone come up with a fix? I'm running into the exact same problem. I run as a non-admin user, and use a separate admin level account when credential prompts for installs and system modifications. I did use those credentials to install the MDM profile, so perhaps it's a mismatch between the account that installed the profile and the account that is trying to approve? If so, that's kludgy as heck. I'll try switching to the admin user interactively and report back how it goes.
I've seen at least 4-5 pieces of software cause this. I was going to start maintaining a list, but found that either a safe boot or a clean user account worked fine. Still, it's a royal PITA to walk clients through yet another hoop.
So I have been seeing this same thing. I assumed this was a new security feature with MacOS whereby remote control can no longer approve MDM management. Is everyone here saying that it's not and it's actually a bug or some other app?
Is there no way I can spin up the update and approve the execution by terminal?
@sdagley Yes, you are correct SD. So I figured out a way around this. We had several conference rooms and with the shelter at home due to Covid, no way to send someone there to click the button. I figured out a way to click the button and then adding the profile was trivial. However once Apple figures it out they will probably block the method. Wow. We are in August already. I hope everyone is ok and healthy.