Help

Urgent DEP issue

AlistairCarr
New Contributor II

Posted on ‎05-23-2016 02:48 AM

Hi all.

all new Macs are failng to apply the DEP configuration at boot message 'Unable to apply DEP configration' options are try again or cancel.

No errors showing in the JSS (Cloud hosted)

The only thing I can think of is someone has added a new prestage enrollment for DEP (at the apple side) so that devices are automatically assigned. and these machines are in the previous DEP configuration.

Anyone any ideas?

Thanks,

Labels:
0 Kudos
Reply
7 REPLIES 7

jonnydford
Contributor II

Posted on ‎05-23-2016 03:10 AM

Log into the DEP portal, there might be some terms and conditions you'll need to accept.

Also, thanks to @owen.pragel for this:

Step 1: Enable the Debug Log In Terminal run the following 3 commands: sudo defaults write /Library/Preferences/com.apple.MCXDebug debugOutput -2 sudo defaults write /Library/Preferences/com.apple.MCXDebug collateLogs 1 sudo touch /var/db/MDM_EnableDebug Step 2: Re-enroll the DEP Computer Without Wiping In Terminal run the following 4 commands: sudo rm /var/db/.AppleSetupDone sudo rm -rf /var/db/ConfigurationProfiles/ sudo rm /Library/Keychains/apsd.keychain Reboot the machine and re-enroll via DEP Log is written to: /Library/Logs/ManagedClient/ManagedClient.log
0 Kudos
Reply

AlistairCarr
New Contributor II

Posted on ‎05-23-2016 03:45 AM

Hi,

No terms and conditions to accept.

2nd Part, I can't get to that screen as it wont move past the DEP as part of initial setup :(

0 Kudos
Reply

chriscollins
Valued Contributor

Posted on ‎05-23-2016 05:59 AM

@AlistairCarr for that second suggestion you can get through the setup by just not connecting it to the network/internet during the initial setup, create a local user, then connect to the Internet and do all the steps he outlined to get some logs.

0 Kudos
Reply

AlistairCarr
New Contributor II

Posted on ‎05-23-2016 06:54 AM

Managed to get the following logs

So I've downloaded the quick add .pkg

The installer fails, BUT the device enrols

looking in the policy logs i see this for the MDM profile install

Running script Enable MDM...
Script exit code: 6
Script result: Getting management framework from the JSS...
Enabling MDM...
verbose: Attempting to install the mdm profile at the computer level.
Error installing the computer level mdm profile: profiles install for file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user:'root' returned 1 (The operation couldn’t be completed. (InternalError error 1.))
Problem installing MDM profile.
Problem detecting MDM profile after installation.
Error running script: return code was 6.

0 Kudos
Reply

JustDeWon
Contributor III

Posted on ‎05-23-2016 08:15 AM

I'm following this thread.. Having the same issue when attempting to enroll El Capitan imaged machines. Unable to install the MDM profile. Yosemite works fine though..

0 Kudos
Reply

swapple
Contributor III

Posted on ‎05-23-2016 08:21 AM

DEP for us came late in the game so machines already enrolled in Casper are getting notifications that DEP wants to install the profile. We have profiles restricted from the local user (rethinking this) and it appears that restriction does not allow the MDM profile to install. Once I remove that, then it can install and the logged in user cannot highlight it and click the minus to remove it.

0 Kudos
Reply

pat_best
Contributor III

Posted on ‎05-23-2016 08:41 AM

the last time I had an issue where recon worked but the MDM profile would not install, I resolved it by updating my APN cert and restarting tomcat. I think my error looked a little different than yours though... My APN cert was not expired. JSS 9.82

0 Kudos
Reply