"Your credentials are either missing or wrong. Try again." iPad pre-stage enrollment error

sleach
New Contributor

I'm extremely new to Jamf, mostly dabbling where other people have already set up the environment. We were working on setting up the pre-stage enrollment for our DEP iPads. DEP is working, the LDAP SSL connector is working, but when we get to the Remote Management authentication screen on the iPad, is it not accepting some people's credentials.

The error message is "Your credentials are either missing or wrong. Try again." I've tried logging in with both the format of username, and username@email.com. I've tried resetting/recovering the iPad by connecting it to a computer. Using me as an example, on any iPad I try to enroll with the pre-stage authentication with my credentials, I get the error. But on the same iPad, someone else is able to authenticate properly and have it register.

In the Jamf console, the only way to see the device is under the "Automated Device Enrollment" section in Global Management. It has not yet been assigned a name, and does not appear under devices. The only status I see in the ADE section is that the Prestage Enrollment Status is "Completed - Yesterday at 2:58 PM."

Even after successfully enrolling a device in Jamf using someone else's credentials, resetting the device and trying to enroll it through pre-stage produces the same error.

This seems to be credential related somehow, not device related. I'm not sure where to look for logs to try and see what is going on. The Event Logs under Global Management don't show anything related to pre-stage enrollment.

The only other thing I can think of is that we had 0% success before we removed the option "Install configuration profiles before Setup Assistant" in the pre-stage environment. When we un-checked it, then we started having some successes.

One last note: I just did a test on userA. When he tried to authenticate with userA and password, it threw the error, but when he added userA@email.com, it succeeded. Is it somehow not recognizing my credentials as valid? Is there a way to test that? When I go to the LDAP server and test searching for my userID, it does return the values. It returns both my normal userID, and my userIDadm accounts.
Similarly, when I go to the LDAP server and test searching for userB, only his normal userB shows up, not his userBadm account. Is it possible that even though it says it's succeeding in communicating with LDAP, it's not syncing properly?

c1c74ff8336c4ec19a1f94679a8fb868

fb3662704b8c4074a8e4bf9fafdbf0b7

1 ACCEPTED SOLUTION

sleach
New Contributor

Sorry for the delay, thanks for responding! What it turned out to be is the connection of the user account to their AD entry, if they were missing the email address in AD it would throw this error when trying to authenticate against it. Once AD was filled in, it worked with no issues.

View solution in original post

2 REPLIES 2

cdenesha
Valued Contributor III

Compare the permissions on the accounts to each other in Settings -> System Settings -> Jamf Pro User Accounts & Groups

sleach
New Contributor

Sorry for the delay, thanks for responding! What it turned out to be is the connection of the user account to their AD entry, if they were missing the email address in AD it would throw this error when trying to authenticate against it. Once AD was filled in, it worked with no issues.