ReEnroller Package not working

ClaudiaP
New Contributor II

I hope someone is able to assist. I am a little bit new to using Jamf but I have been asked to assist with moving about 120 macOS devices from one Jamf instance to another, and we have thought of using the GitHub ReEnroller package as a mechanism to re-enroll devices in the new instance.

I have configured all the details as per described in this guide: https://dazwallace.wordpress.com/2020/08/27/migrating-macos-devices-from-one-jamf-pro-instance-to-an...

I have also followed the ReEnroller help page. The issue is that I can see the package has been deployed to a test macOS devices (manually as Self-service), which appears to be installing successfully, however, after the package is "installed" nothing really happens on the test device. the device is still enrolled into the source Jamf tenant.

is anyone able to share your experience with this tool? are there any further articles or information related to ReEnroller? are there any known issues with ReEnroller on macOS versions such as Monterey?

Please note, I am using a beta version of Jamf Pro as my source instance and the new instance of Jamf as the destination as I cannot touch the existing Jamf prod environment.

any help would be appreciated.

Thanks,

Claudia P.

4 REPLIES 4

Mariaalexander
New Contributor

I just want to tell you that ReEnroller is a tool that is designed to help you transfer macOS devices from one Jamf Pro server to another. If you are experiencing issues with the tool, it's possible that there is a problem with the configuration or setup of the tool. DQ Fan Feedback

Here are a few things you can try to troubleshoot and fix the issue:

  1. Check the configuration: Make sure that you have configured the ReEnroller tool correctly. Double-check the settings and ensure that the source and target Jamf Pro servers are correctly configured.

  2. Check the macOS version: The ReEnroller tool may have compatibility issues with certain versions of macOS. Make sure that the test device is running a compatible version of macOS, and that it's not on a beta version of the OS.

  3. Check the log files: Check the log files of the ReEnroller tool to see if there are any error messages that may help identify the issue.

  4. Check if the device is properly un-enrolled: Make sure that the device is properly un-enrolled from the source tenant and that it's not still registered with the source tenant.

  5. Check the device's profile: Verify that the device's profile is being installed and that it's not failing to install.

  6. Check the device's settings: Make sure that the device's settings are being configured correctly, and that the device is not in any settings that may cause the tool to fail.

AJPinto
Honored Contributor II
  • If your have a authentication required to enroll in your JAMF instance you cant automate the enrolling of a Mac. You will need to enter credentials. 
  • If you don't have authentication setup, you can point your Macs in Apple Business Manager to the new JAMF instance for Automated Device Enrollment. Once that is done just reinstall macOS, and auto advance should enroll in JAMF for you.

 

A lot of these tools that automate enrollment are from before Apple changed enrollment requirements in Big Sur. You used to be able to enroll in MDM with a package (JAMF Called it a quick add package), that package enrollment is long dead per apples design. Moving from one MDM to another, the only correct way to migrate devices is to wipe and load and let them enroll with automated device enrollment.

stevewood
Honored Contributor II
Honored Contributor II

What do the policy logs say in Jamf Pro? 

What do the logs on the device say? (/var/log/jamf.log for example)

I would start there. If the un-enroll script failed then the enrollment package is going to fail.

Try running the un-enroll script from the command line on a device to make sure that works. Does the device remove the MDM profile from the device? If not, what's the error? 

Work in chunks using a test device. You can always re-enroll in the old Jamf Pro server to keep testing.

ClaudiaP
New Contributor II

thanks @stevewood Looking at the logs really helped, I could see the MDM profile was not being removed from the test device when executing the script:

error: Failed to remove MDM through remote command.

I have manually removed the MDM profile; and that triggered the enrolment process with ReEnroller, it took a while, but I can see the device in the destination Jamf instance, however, there are no MDM profiles listed as pending to be installed/accepted on the device. Though, I was able to see a prompt under the Jamf Self Service App asking to go to System Preference and accept the MDM profile. I checked under System Preferences, but nothing is showing up.

The ReEnroller app log is showing ReEnrollment Complete - this should be the last message logged! =.

but it doesn't seem like the device is fully enrolled if the MDM profile can't be accepted, neither I can manage the device settings from the new Jamf instance even if I can see the device as "enrolled".

Other policies and schedules tasks such as software updates, host name changes etc. are being applied on the test device from the destination tenant despite no MDM profiles showing up. 

any thoughts?