Hey All,
We have an environment consisting of both DEP and non-DEP machines. Prior to High Sierra, if a machine falls out of management for whatever reason (ie: employee runs suda jamf removeFramework), a QuickAdd.pkg would re-enroll the machine.
I've noticed since High Sierra, if the machine was initially enrolled via PreStage and you try to install the QuickAdd.pkg to fix the binary, or simply reinstall the MDM profile, this machine can no longer receive VPP apps.
When trying to run:
sudo jamf mdm
Results:
Getting management framework from the JSS...
Enabling MDM...
Error installing the computer level mdm profile: profiles install for file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user:'root' returned 102 (New profile does not meet criteria to replace existing profile.)
Downloading required CA Certificate(s)...
Retrying the user level mdm profile install.
Error installing the computer level mdm profile: profiles install for file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user:'root' returned 102 (New profile does not meet criteria to replace existing profile.)
Also, now that /var/db/ConfigurationProfiles are protected by SIP, I'm only aware of using the "Remove MDM Profile" command from the JSS computer management tab. Using that, I can "fix" the issue.
Has anyone else experienced this issue?
