Re-imaged Macs and DEP

bmarks
Contributor II

We appear to be having an issue with Macs and DEP. If we take a Mac that has been enrolled via DEP, erase and re-install macOS via Recovery Mode and then boot it, it does not appear to pull any info from Casper during any subsequent boots. We never see the "this is managed by... " page and we can proceed with Setup Assistant as if there was no DEP. This does not appear to happen with new Macs out of the box.

9 REPLIES 9

mahughe
Contributor

try deleting the device and let it re-enroll w/o a current record in the jss..

bmarks
Contributor II

This does not appear to have any effect. I can see them in the scope of the PreStage Enrollment config, and they go back to having no name and with "assigned" in the status column instead of "completed" but they still don't boot to the DEP Setup Assistant page.

mpermann
Valued Contributor II

@bmarks in my limited testing, I found that it helps to edit the PreStage and uncheck the device in question and save the PreStage. Then edit the PreStage again and recheck the device and save it. That's helped but I've also run into the situation where the "this is managed by" page will not appear unless I go back in the Setup Assistant a few times. It's really pretty frustrating that DEP isn't more reliable.

jgwatson
Contributor

Not that this will help, but we are also seeing this issue. We are using the latest version of JAMF locally hosted.

Vincent
New Contributor II

Hi , I had the same issue with DEP when i need to restart a prestage enrollment on the same computer . The solution i have found is :
Create a dmg disk image (with disk utility) from another brand new computer save it on a usb disk and restore it each time i need to re-enrollment on the same computer . Then on JSS Prestage Enrollment scope I uncheck & save and then check & save on scope .

bmarks
Contributor II

I got some info from our account manager, and one of these commands via single user mode seems to have fixed it:

/sbin/fsck -fy
/sbin/mount -uw /
rm -rf /var/db/ConfigurationProfiles/
rm /Library/Keychains/apsd.keychain
exit

I haven't tried them one by one yet, but the "Configuration Available" screen was immediately displayed in the Setup Assistant after running these commands on the one Mac I have tested so far.

bmarks
Contributor II

It looks like you may need to run both of them at the same time. We tried running them one at a time and the original issue persisted.

csa
New Contributor III

Having the same issue also. We were following the same steps as @mainiervi to get the managed by... screen again as recommended by support. However, we are now seeing that the JAMF agent installs but does not enroll give a general security error in the jamf.log. Manually enrolling the mac then kicks off the build script just fine. Have raised the incident to support and its been escalated. BTW: removed everything from Pre-Stage Enrollment policy with no luck. Appreciate if anyone has any ideas on this. This is the message in the log:

Enrolling computer... Fri Aug 04 11:24:28 MacBook Air jamf[470]: Error Domain=com.jamf.jamfsecurity.error Code=-25300 "The specified item could not be found in the keychain." UserInfo={NSLocalizedDescription=The specified item could not be found in the keychain.} Fri Aug 04 11:24:28 MacBook Air jamf[470]: There was an error. Error enrolling computer: Invalid Message - The message could not be parsed.

djwojo
Contributor

We ran into this again recently - @bmarks steps worked for us. Very odd and opening a jamf case.