Urgent DEP issue

AlistairCarr
New Contributor II

Hi all.

all new Macs are failng to apply the DEP configuration at boot message 'Unable to apply DEP configration' options are try again or cancel.

No errors showing in the JSS (Cloud hosted)

The only thing I can think of is someone has added a new prestage enrollment for DEP (at the apple side) so that devices are automatically assigned. and these machines are in the previous DEP configuration.

Anyone any ideas?

Thanks,

7 REPLIES 7

jonnydford
Contributor II

Log into the DEP portal, there might be some terms and conditions you'll need to accept.

Also, thanks to @owen.pragel for this:

Step 1: Enable the Debug Log In Terminal run the following 3 commands: sudo defaults write /Library/Preferences/com.apple.MCXDebug debugOutput -2 sudo defaults write /Library/Preferences/com.apple.MCXDebug collateLogs 1 sudo touch /var/db/MDM_EnableDebug Step 2: Re-enroll the DEP Computer Without Wiping In Terminal run the following 4 commands: sudo rm /var/db/.AppleSetupDone sudo rm -rf /var/db/ConfigurationProfiles/ sudo rm /Library/Keychains/apsd.keychain Reboot the machine and re-enroll via DEP Log is written to: /Library/Logs/ManagedClient/ManagedClient.log

AlistairCarr
New Contributor II

Hi,

No terms and conditions to accept.

2nd Part, I can't get to that screen as it wont move past the DEP as part of initial setup :(

chriscollins
Valued Contributor

@AlistairCarr for that second suggestion you can get through the setup by just not connecting it to the network/internet during the initial setup, create a local user, then connect to the Internet and do all the steps he outlined to get some logs.

AlistairCarr
New Contributor II

Managed to get the following logs

So I've downloaded the quick add .pkg

The installer fails, BUT the device enrols

looking in the policy logs i see this for the MDM profile install

Running script Enable MDM...
Script exit code: 6
Script result: Getting management framework from the JSS...
Enabling MDM...
verbose: Attempting to install the mdm profile at the computer level.
Error installing the computer level mdm profile: profiles install for file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user:'root' returned 1 (The operation couldn’t be completed. (InternalError error 1.))
Problem installing MDM profile.
Problem detecting MDM profile after installation.
Error running script: return code was 6.

JustDeWon
Contributor III

I'm following this thread.. Having the same issue when attempting to enroll El Capitan imaged machines. Unable to install the MDM profile. Yosemite works fine though..

swapple
Contributor III

DEP for us came late in the game so machines already enrolled in Casper are getting notifications that DEP wants to install the profile. We have profiles restricted from the local user (rethinking this) and it appears that restriction does not allow the MDM profile to install. Once I remove that, then it can install and the logged in user cannot highlight it and click the minus to remove it.

pat_best
Contributor III

the last time I had an issue where recon worked but the MDM profile would not install, I resolved it by updating my APN cert and restarting tomcat. I think my error looked a little different than yours though... My APN cert was not expired. JSS 9.82