Re-enrolling Mac with Quickadd but originally enrolled by DEP Issues (High Sierra 10.13.x)

Question

Hey All,

We have an environment consisting of both DEP and non-DEP machines.  Prior to High Sierra, if a machine falls out of management for whatever reason (ie: employee runs suda jamf removeFramework), a QuickAdd.pkg would re-enroll the machine.

I've noticed since High Sierra, if the machine was initially enrolled via PreStage and you try to install the QuickAdd.pkg to fix the binary, or simply reinstall the MDM profile, this machine can no longer receive VPP apps.

When trying to run:sudo jamf mdm

Results:Getting management framework from the JSS...Enabling MDM...Error installing the computer level mdm profile: profiles install for file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user:'root' returned 102 (New profile does not meet criteria to replace existing profile.)Downloading required CA Certificate(s)...Retrying the user level mdm profile install.Error installing the computer level mdm profile: profiles install for file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user:'root' returned 102 (New profile does not meet criteria to replace existing profile.)

Also, now that /var/db/ConfigurationProfiles are protected by SIP, I'm only aware of using the &#034;Remove MDM Profile&#034; command from the JSS computer management tab.  Using that, I can &#034;fix&#034; the issue.

Has anyone else experienced this issue?

crystallized · Answer

I have this problem as well, along with the same issue from enrolling the machine in DEP originally using the DEP nag instead of setup assistant, same thing with not being able to download VPP apps/SIP protecting the good fix. I'm hoping someone has a solution here!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded