Jamf Nation Community

OK - tried to add the following to the vmx file

hw.model = "MacBookPro14,2"
serialNumber = Use your physical macOS Serial number and increment the last numeric digit

With serial increment you mean like normal it is called C02XX23XX3XX - so with increment you mean changing it to C02XX23XX4XX

I have tried that, but the same error appear. If I enter the same serial number as my physical mac the HW model is named correct - but not if I modify the serial

Have you checked hw.model and serialNumber are not referenced anywhere else in the VMX?

@Captainamerica If you are not using for DEP and just need it to enroll. There is a work around I use, it just take a little longer. I am also on VMware fusion 11.

Last known macOS VMware fusion VM that can be enrolled is 10.11.
1. create a macOS 10.11 VM
2. While on 10.11 VM Enroll via "jss.com/enroll"
3. Then upgrade to 10.14 via mac app store.

Works for me every-time, This will not work with DEP, but great for testing policies.

@Cayde-6 Well, Ideally DEP I also would have to work at one point, but right now it is only for testing workflow etc on User initiated enrolling.
Is it important to do all the corrections before first time starting up the VM or should it work also when a VM has been started up before.

@Captainamerica I'd make the corrections before you install macOS on the VM

This is working for me under VMWare Fusion 11.1 with 10.14.5 VMs:

serialNumber.reflectHost = "FALSE"
serialNumber = "INSERT-YOUR-OWN-FAKE-SERIAL-HERE"
hw.model.reflectHost = "FALSE"
hw.model = "MacPro5,1"

But now for some reason, any combination of the above will either cause 10.13.6 VMs on a 10.14.5 Host to kernel panic (with CPU usage maxed out at the number of CPUs assigned to the VM) or fail MDM enrollment similarly to an unmodified VM. I'd have to look at my notes, but I believe it was the serialNumber settings worked/booted (verified serial number in "About this Mac") but then that test failed MDM enrollment.

Anyone figured out what's changed yet? I really need to test OS upgrades from 10.13 to 10.14, and I don't want to go back to standing up a real machine every time I test after enjoying the last several months with virtualized Macs that enroll in JAMF. And yes, I know that I have to quit VMWare inbetween each change (or double-click the VMBundle) to force the changes to take effect.

Got tired of having to manual set Serial Number and Model Identifier...running the below script sort of sysprep's it for VMware.

@ponyboy wasn't aware of "serialNumber.reflectHost = "FALSE", doesn't seem to be needed if the below lines are set.

#!/bin/bash
#
# To use this script, quit VMware Fusion first!!!
#
# You'll be dragging this script into Terminal, then dragging the *.vmx file into Terminal.
# This requires sudo rights, but you already knew that, right? :)
#
#    /path/to/ThisScript.sh /path/to/MyVm.vmwarevm/MyVm.vmx
#
# 20180208 DM

VMXFILE="$1"

echo ""
echo "**********************************************************"
echo "IMPORTANT: To use this script, quit VMware Fusion first!!!"
echo "**********************************************************"
echo ""

echo "Enter your fake Serial Number, up to 12 characters (letters and numbers)."
read SERIALNUMBER

echo "Enter ModelIdentifier for example MacBookPro15,1 or iMacPro1,1"
read MODELIDENTIFIER

# Remove device specific crud

sed -i '' '/ethernet0.addressType/d' "$VMXFILE"
sed -i '' '/ethernet0.generatedAddress/d' "$VMXFILE"
sed -i '' '/ethernet0.generatedAddressOffset/d' "$VMXFILE"
sed -i '' '/uuid.bios/d' "$VMXFILE"
sed -i '' '/uuid.location/d' "$VMXFILE"
sed -i '' '/hw.model/d' "$VMXFILE"
sed -i '' '/serialNumber/d' "$VMXFILE"

# Add Model Identifier and Serial Number

echo "hw.model = $MODELIDENTIFIER" >> "$VMXFILE"
echo "serialNumber = $SERIALNUMBER" >> "$VMXFILE"

exit 0

There are a few things that need to be set. This article has made mine work every time.

@donmontalvo appreciate the helpful script, but a fresh 10.13 VM has been sitting here burning 800% CPU on my MacPro5,1 running 10.14 for 30-40 minutes now. On the plus side, the script makes it so the VM doesn't kernel panic halfway through the boot process, but it does not boot. It gets halfway through the progress bar and just sits with CPU usage pegged for however many VCPUs were assigned.

@sharriston appreciate the article, but I'd been using four of those five parameters already. I'd already tried adding the smbios.reflectHost parameter with no effect.

@ponyboy Try this:

• Delete any record of the VM in your JPS
• Create an OS.dmg using AutoDMG
• Create a template VM via vfuse, following the steps outlined here.
• Add the resulting VM to VMWare & try again, should be good to go.

It also might be important that any Mojave or newer VM you build is built in a modern version of VMWare. I was attempting to insert the values into the VMX file of a Mac Guest VM originally built with Mojave on VMware Fusion 8.5, then upgraded to 11.5. Building a clean guest VM and having the values inserted into the VMX file ahead of time permitted a successful MDM enrollment. (This VM guest is not in a DEP scenario.)

@donmontalvo Thank you for the initial workings of that script, I elaborated on it. For the lazy, provides a fake serial number generator random, and a model Identifier too:

https://github.com/zackn9ne/make_jamf_vm

@sharrington I followed those you steps in the link you posted and still cannot get the Prestage Enrollment to work on initial boot. (it's taking me directly to the "Data & Privacy" screen.) Using VMware Fusion 11.5.3 and the macOS10.15 installer.

The serial number is scoped to a Prestage Enrollment:

And I added the following lines to the .vmx file:

serialNumber.reflectHost = "FALSE" serialNumber = "[MBPSERIALNUMBER]" hw.model.reflectHost = "FALSE" hw.model = "MacBookPro11,5" smbios.reflectHost = "FALSE"

Am I missing anything?

Thanks!

@kcsantos I will say that with Catalina I also have been having a harder time getting them to enroll via prestage when I move them between my test and production instance. I've had to completely reset up the VM. Not sure if thats your issue but I also have seen this.

This is slowly killing me. I had just setup VMs for the first time last fall. I was trying to enroll them in Jamf so I can do proper testing with them, however, it wouldn't work. When I contacted Jamf Support the one person told me that Apple prevents VMs from enrolling into a MDM. I suspect he didn't know there was a workaround for this as I didn't know myself.

So the question I have is can I now perform those steps on my "already created" VMs, or, does it have to be done on new ones? Thanks in advance!

Here is my process for making Fusion VMs that can be enrolled from DEP. Great for testing... Mind you you need to salvage a actual mac serial and model name. I use a few old machines that died. I had our warehouse hold the machines so they dont end up recycled, repaired and back online somewhere in the world. I later learned its no issue to enroll multiple macs with the same serial. (thing multi booting) so now I just need 1 serial/model. I keep multiple versions of the VM (10.15.4, 10.15.3, 10.14.6, 10.13.6)

1. Download/install all the needed bits
   a. VMware Fusion 11.5
   b. Latest AutoDMG: https://github.com/MagerValp/AutoDMG/releases
   c. Install vfuse pkg: https://github.com/chilcote/vfuse/releases/tag/2.2.4
   d. Homebrew: https://brew.sh/ 1. this is all CLI, installs from command on website /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" 2. Convert shallow HB History to unswallow with this command: (Im not sure this is required anymore actually) git -C "$(brew --repo homebrew/core)" fetch --unshallow
   e. qemi: https://github.com/chilcote/vfuse/compare/83ef2118a9d2...379036a09e80 1. installs from HomeBrew CLI brew install qemu

2. Use AutoDMG to make a "never booted" DMG of the MacOS installer
   a. Open AutoDMG (run app)
   b. Drag the Mac OS installer to the app
   c. Apply updates as needed
   d. Click Menu Bar > Window > Advanced
   e. Set Volume name and drive disk. (Sets VM HDD size, PITA to do once your in the VM)
   f. Click build, this will take 5-20mins depending on disk IO and CPU count
   g. It will save a file at 8-18gb depending on OS that looks like this: "osx-10.15-19A603.apfs.dmg"

3. Use vfuse CLI to convert the "never booted" dmg into a vmware VM file to use with Fusion or Esxi.

   1. If everything is installed correctly the command should just run from CLI without issues
      EXAMPLE COMMAND:
      sudo vfuse -i /Volumes/Scratch/osx-10.15-19A603.apfs.dmg --use-qemu -n VMNAME-s SERIAL --hw-model MacBookPro11,3 --snapshot --snapshot-name NeverBooted

      -You can use "Random" for the serial, but you can only "user enroll" the machine not DEP
      -To get the machine DEP enrolled at initial setup, you need a real mac serial number that’s assigned in ABM
      -Match the model of the serial to the actual apple model number
      -What works good here is to salvage a serial and model from a machines that been damaged in your org and not getting used otherwise. Make sure it doesn't get repaired and put back online. I use older 2013-2015 stuff without issue.

@ScottSimmons I tried your steps posted but am getting hung up at 2f. I'm getting the following error:

The save file operation failed to connect to the open and save panel service.

See the screenshot below:

FWIW, i'm running macOS 10.15.3

@sharriston I went through the setup options in the VM to take a peep at the Serial Number and model... do the following details in my About This Mac page look weird to you? My Serial Number has the quotes included, and the Mac model isn't populating.

I'm almost certain now it's something in my .vmx file, but I'm using the format I posted previous, so idk.

I finally got this working by following the steps @ScottSimmons posted on 4/10/2020, with a couple of additions at the start...

I learned that I needed to:

1. Start off by wrapping the macOS installer inside a DMG. (https://techsviewer.com/how-to-install-macos-10-15-catalina-on-vmware-on-windows-pc/)
2. With that .dmg mounted, Drag the macOS installer inside, into AutoDMG.
3. Proceed with the rest of the steps posted by @ScottSimmons

I kept ignoring the step to drag the macOS Installer FROM the .dmg ... but after that, everything else worked like a charm. I have VMs registered in DEP and going through the PreStage Enrollment for BOTH macOS Catalina AND Mojave on my brand spankin' new MacBook 16 😆.

Thanks again for y'alls help!

One thing that is not stated often or clearly enough is that YOU MUST BUILD THE VM WITH THE SERIAL NUMBER embedded. You cannot add/change it later. At least, that’s been my experience with enrolling VMs and while I haven’t tried DEP I hear it’s equally necessary to use a valid S/N there. I recommend one of your broken Macs down for repairs...

Update - I just used @ScottSimmons method with a couple minor hiccups; for example I did not know that AutoDMG will only build a DMG for an OS that you're running on; it rejected my attempt to make a Mojave DMG on a Catalina Mac. Likewise the command string I'd typoed the command string for vfuse. I'm super-excited to see this work, as it means I can roll new VMs for testing with a one-line script - and with the key first snapshot in place! (You don't know how many times I've made a VM or a clone of a snapshot and made my change and then smacked myself in the forehead because it really would have been nice to revert to that snapshot. I'm not sure why that isn't a default behavior when you clone VM - to snapshot its first state.)

These are fantastic instructions and I'm really grateful for the work various posters have put in. Does anyone get the following Python error when running vfuse (v3.0.0) to generate the VM from the DMG?

Mounting osx-10.15.4-19E287.apfs.dmg
Traceback (most recent call last):
  File "/usr/local/vfuse/bin/vfuse", line 1201, in <module>
    main()
  File "/usr/local/vfuse/bin/vfuse", line 1051, in main
    mount_point, disk_id, volume_kind = mount_dmg(source_dmg)
  File "/usr/local/vfuse/bin/vfuse", line 282, in mount_dmg
    return mount_point, disk_id, volume_kind
UnboundLocalError: local variable 'mount_point' referenced before assignment

I have posted this as an issue (#66) on the vfuse github project so if this is a violation of forum rules, feel free to delete.

@CitizenJ Nevermind. I read the issue you posted on the vfuse issues page, and my suggestion didn't apply.

@Zackn9ne nice script! Following your GitHub now, awesome stuff. Sorry it took three months to thank you!

@bcbackes we are able to enroll VMs in Jamf Pro. Opening tic with Apple Enterprise Support to see if that's true.

While waiting to hear from the vfuse guy, I went ahead and tried the process listed on the Travelling Tech Guy link that @sharriston kindly provided.

However, at the step that begins “Add the following lines to the .vmx file….” I used the excellent script that @donmontalvo posted earlier in this thread instead of the particular edits to the .vmx that Travelling Tech Guy suggested. I stuck to the remaining steps on that Travelling Tech Guy's page, to the letter, however.

The result is that I have a macOS Catalina guest that enrolled with my very large customer's very large jamf setup. Absolutely no problem. Thanks to all who have contributed to this thread.

@cjames or anyone else here know - does Parallels "just work" - or does it require similar steps? Mind you I'm a diehard VMWare user but "asking for a friend"...

@Sterritt The issue is that to do a DEP/ADE enrollment the VM must present itself as an actual Mac, which includes a model ID matching the serial number, so Parallels will require similar configuration changes to make that happen.

@sdagley well heck, we're not using ABM (was DEP) yet, so guess that's why we don't see the problem some others are.

Hi everyone -- anyone has success with ldap authentication with prestage enrollment?

To build your DEP Mac
sudo /usr/local/vfuse/bin/vfuse -i /Applications/osx_10.14.6-18G103.apfs.dmg -n "MojaveOS_8WP" -s enter Mac Serial number --hw-model MacBookPro15,1

@Zackn9ne I have been banging my head against a wall for days on this and your script worked like a charm! Thank you! FYI my host is running Big Sur 11.2.3 and running a Catalina 10.5.7 VM on Fusion 12.1.1 so no compatibility issues here.

Ok, so, my turn to bang my head against the wall.  Been picking away at this all night with little to no success...  Using newest Fusion (Professional Version 12.2.1 (18811640) ).  VM is Big Sur 11.6.2.   I have edited the .vmx file with everyone's different suggestions, to no avail.  

Using URL enrollment...  https://<instance>.jamfcloud.com/enroll

It will push the MDM Profile, but never the rest...

Any new thoughts around this?   

Thanks!  

//dp

Still no go... I am not sure what the hang up is.... Any further thoughts?   What process do you follow to create end to end?