- Jamf Nation Community
- Products
- Jamf Pro
- QuickAdd.pkg and manual enrollment failing on new ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-19-2022 07:39 PM
We have just received our first M2 mac and it seems off the bat that there are some issues with enrolling it - usually during enrollment from our JAMF site (that we carry out with M1 and Intel macs) we could profiles installed onto the machines but with M2 I see for the first time it needs a QuickAdd package installed that completes installation. This always fails and then when I try manually enrolling with sudo jamf enroll -prompt I get the message -
An error occurred while enrolling computer: The jamf binary could not connect to the JSS because the web certificate is not trusted. Checking in the background for policies that use the Enrollment Complete trigger
Enroll return code: 70
We are currently using the in built JAMF CA cert...would this be causing it?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2022 01:06 PM
Hey guys I found the solution - it looks like my push certs had expired and renewing this got us back on track
Reply
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-19-2022 09:34 PM
Are you enrolling your machines using DEP?
Reposting from https://community.jamf.com/t5/jamf-pro/can-an-m1-chip-be-manually-enrolled-w-out-dep/m-p/231313/high...
@JAMFNoob wrote:We have just received our first M2 mac and it seems off the bat that there are some issues with enrolling it - usually during enrollment from our JAMF site (that we carry out with M1 and Intel macs) we could profiles installed onto the machines but with M2 I see for the first time it needs a QuickAdd package installed that completes installation. This always fails and then when I try manually enrolling with sudo jamf enroll -prompt I get the message -
An error occurred while enrolling computer: The jamf binary could not connect to the JSS because the web certificate is not trusted. Checking in the background for policies that use the Enrollment Complete trigger
Enroll return code: 70
We are currently using the in built JAMF CA cert...would this be causing it?
Also are you seeing errors in Management > Management Commands on the machines?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-19-2022 09:39 PM
Are you on-prem? Is your Jamf version above 10.39.1?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2022 01:06 PM
Yes it's on-prem version 10.30.0-t1622838506
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2022 01:08 PM
Not Apple DEP but just the user enroll via our local JAMF environment (log on from device, assign to user and then enroll)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2022 02:20 PM
Quickadd packages can't be used with any version of macOS basically from 10.15 and up. It's doubly impossible on Monty(12.x) because you can only interactively install configuration profiles as the profiles binary(what the Quickadd is using in a script) can no longer install profiles. The error you're seeing probably means the trust profile wasn't installed so your JSS isn't trusted on that Mac.
You need to enroll using both the MDM profile and a trust profile. Of course ADE(DEP) would make this one hundred times easier.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2022 02:48 PM
Thanks for the response - we do have an Apple School Manager that we use to deploy certain apps...would it be easy to set up DEP enrollment using this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-21-2022 05:14 AM
To start with where were was this particular Mac purchased from? Apple Ecommerce, authorized reseller, etc.?
Getting things setup for ADE enrollment is easy-ish, but it really depends on your skill/experience level. Once it's setup and you have time to learn the processes then getting new machines setup will get easier and easier. Right now for instance all I do for my M1 and M2 Macs is unbox, asset tag and hand off to the user to setup. They turn it on, go through some of the setup assistant screens and then it's enrolled. Some background and foreground automation with policies and DEPNotify finish things up.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2022 01:06 PM
Ahh yes I used to do DEP enrolls at my previous job with mobile phones however they we had an authorised reseller whereby our phones would automatically populate in our ABM. I don't think we do have this setup currently with our current supplier
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2022 01:06 PM
Hey guys I found the solution - it looks like my push certs had expired and renewing this got us back on track
Reply
