'"Device enrollment: ...can automatically configure your Mac" after El Capitan upgrade

tony_schaps
Contributor

5922717d00b844bba61999ad6be22818

A user updated her DEP-enrolled laptop to El Capitan via App Store yesterday, like dozens before it in our organization have been done, and now it pops up the message that usually shows up on machines we've tested to bypass DEP enrollment on first boot, and then they see that message later. In any case, I did a quick jamf enroll in her terminal, though the laptop did not seem to have any problems in the JSS, and that did no good, everything looks fine as before. Before going through too much trouble, is there a quick fix?

Thx

10 REPLIES 10

tony_schaps
Contributor

The obvious response is to click Details and let it install the profile. That seemed to work, but I still don't know just why that computer and why it seemed to be enrolled fine without doing that. Going to leave this open until sure it's resolved.

Thanks

jonnydford
Contributor II

Have you enrolled in DEP recently?

I added all of our Macs to DEP/Pre-Stage Enrolment and they've been prompted with the same message even if they're already enrolled.

russeller
Contributor III

I have been seeing the same behavior at @jonnydford. I thought that if you unchecked the "Make MDM Profile Mandatory" in the PreStage it would not prompt, but it still does. So if you are going to put that Mac into DEP, imaging outside of the DEP process (like NetBoot) will produce this message. I'm at 9.82 still, not sure if 9.9x addresses this.

I haven't done enough testing to see if this prompt shows up for all users (admin and non-admin) and how many times does it show up if you hit skip?

lee_smith
Contributor

I have noticed the same behavior.

Our machines are already enrolled and have the correct profiles. After upgrading to El Cap the device wants to enroll.

I am not sure what the issue is.

russeller
Contributor III

@lee.smith Do you have your users just re-enroll or does it eventually stop nagging them?

jbutler47
Contributor II

Seeing the same thing with El Cap users. Testing with a user who was prompted, enrolled mac again. Will update if prompted again or otherwise.

Not sure if dismissing or following through the notification makes a difference, shall see.

lee_smith
Contributor

@ssrussell

We are starting our summer maintenance. So, we have been doing this for our teachers. It seems to go away after we accept.

We have to ensure we are plugged into the network as one of the Profiles is Wireless. If it isn't, well it causes issues. HA!

laura_perez
New Contributor II

Hi guys,

Did you find a solution for this? We have been using DEP for some computers now and then enrolled them with Recon's network scan. The message just appeared with one user, but it is not disappearing, even after clicking "Skip" this is still an issue. What should we do? It is with Sierra.

Should we re-enroll? Just curious why she is the only user with this issue.

Thanks!!

normanchan
New Contributor II

Also experienced this issue today. I went ahead and re-enrolled the machine using OTA enrollment (jss.com/enroll). Computer ended up being Managed but not MDM Capable. Profiles refused to install afterwards.

jamf[13160]: Error installing the computer level mdm profile: profiles install for file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user:'root' returned 500 (The operation couldn’t be completed. (MDMResponseStatus error 500.))

cbeckman
New Contributor

I am seeing these notifications on Sierra Macs after I used a recon QuickAdd on macs that were originally DEP enrolled to AirWatch (our old MDM.) I am unsure if the alerts are coming from the old management suite or Jamf.

clicking "Details" and then "Allow" gives an error that it couldn't be installed (which makes sense, because we've set our Jamf MDM profile so that you can't remove it.)

Any of you find any answers? Not sure how many times it will keep popping up but if it's consistent it could be a real issue for us.

@normanchan @laura.perez @ssrussell @jonnydford @tony.schaps

EDIT 8/1/2018----

Saw this thread https://www.jamf.com/jamf-nation/discussions/23188/disabling-device-enrollment-notification
As this is already deployed and affecting users, I unassigned all our devices in deploy, but that's not a great long term solution. Would still love to know if any of you found answers. Thanks all!