Vmware fusion - Virtual mac unable to enroll

Captainamerica
Contributor II

I have created an MacOs mojave for running on VMware fusion 11 and corrected serial number and hardware model of the VM, so it matches an real mac

However, when enrolling the MDM profile it still shows the "Profile installatoin failed" with error "MDMresponseStatus: 500 error. And I have checked entries in jamf and it does not contain this computer

Anyone have some working VMware mojave running and how this is done ?. Just want to test some basic about workflows etc, so It is not for DEP

41 REPLIES 41

Cayde-6
Release Candidate Programs Tester

VMware Fusion doesn't create the serial number and model number correctly for Mac VMs. MDM Profiles not being able to install macOS profiles because it can't tell if its a Mac, and stops enrolment because the serial number isn't correct.

This can be fix by adding the following TWO lines into the VMX file for the VM:
hw.model = "MacBookPro14,2"
serialNumber = Use your physical macOS Serial number and increment the last numeric digit

Steps:
Stop the VM,
Right Click on the VM,
Press 'Option',
This changes 'Show in Finder' to 'Open config in editor window'

Add the 2 lines above to the bottom of the file:
hw.model = "MacBookPro14,2"
MacBookPro14,2 = MacBook Pro 13-inch 2017,
MacBookPro12,1 = MacBook Pro Retina 13-inch 2015,
serialNumber = Use your physical macOS Serial number and increment the last numeric digit
Save the file,

Start the VM
Once it is all loaded, Click the Apple icon > About this Mac
Click on 'System Report'
Check the 'Serial Number (System)' and 'Model Identifier' have been picked up.

Captainamerica
Contributor II

OK - tried to add the following to the vmx file

hw.model = "MacBookPro14,2"
serialNumber = Use your physical macOS Serial number and increment the last numeric digit

With serial increment you mean like normal it is called C02XX23XX3XX - so with increment you mean changing it to C02XX23XX4XX

I have tried that, but the same error appear. If I enter the same serial number as my physical mac the HW model is named correct - but not if I modify the serial

Cayde-6
Release Candidate Programs Tester

Have you checked hw.model and serialNumber are not referenced anywhere else in the VMX?

cprimero
New Contributor III

@Captainamerica If you are not using for DEP and just need it to enroll. There is a work around I use, it just take a little longer. I am also on VMware fusion 11.

Last known macOS VMware fusion VM that can be enrolled is 10.11.
1. create a macOS 10.11 VM
2. While on 10.11 VM Enroll via "jss.com/enroll"
3. Then upgrade to 10.14 via mac app store.

Works for me every-time, This will not work with DEP, but great for testing policies.

Captainamerica
Contributor II

@Cayde-6 Well, Ideally DEP I also would have to work at one point, but right now it is only for testing workflow etc on User initiated enrolling.
Is it important to do all the corrections before first time starting up the VM or should it work also when a VM has been started up before.

Cayde-6
Release Candidate Programs Tester

@Captainamerica I'd make the corrections before you install macOS on the VM

ponyboy
New Contributor III

This is working for me under VMWare Fusion 11.1 with 10.14.5 VMs:

serialNumber.reflectHost = "FALSE"
serialNumber = "INSERT-YOUR-OWN-FAKE-SERIAL-HERE"
hw.model.reflectHost = "FALSE"
hw.model = "MacPro5,1"

But now for some reason, any combination of the above will either cause 10.13.6 VMs on a 10.14.5 Host to kernel panic (with CPU usage maxed out at the number of CPUs assigned to the VM) or fail MDM enrollment similarly to an unmodified VM. I'd have to look at my notes, but I believe it was the serialNumber settings worked/booted (verified serial number in "About this Mac") but then that test failed MDM enrollment.

Anyone figured out what's changed yet? I really need to test OS upgrades from 10.13 to 10.14, and I don't want to go back to standing up a real machine every time I test after enjoying the last several months with virtualized Macs that enroll in JAMF. And yes, I know that I have to quit VMWare inbetween each change (or double-click the VMBundle) to force the changes to take effect.

donmontalvo
Esteemed Contributor III

Got tired of having to manual set Serial Number and Model Identifier...running the below script sort of sysprep's it for VMware.

@ponyboy wasn't aware of "serialNumber.reflectHost = "FALSE", doesn't seem to be needed if the below lines are set.

#!/bin/bash
#
# To use this script, quit VMware Fusion first!!!
#
# You'll be dragging this script into Terminal, then dragging the *.vmx file into Terminal.
# This requires sudo rights, but you already knew that, right? :)
#
#    /path/to/ThisScript.sh /path/to/MyVm.vmwarevm/MyVm.vmx
#
# 20180208 DM

VMXFILE="$1"

echo ""
echo "**********************************************************"
echo "IMPORTANT: To use this script, quit VMware Fusion first!!!"
echo "**********************************************************"
echo ""

echo "Enter your fake Serial Number, up to 12 characters (letters and numbers)."
read SERIALNUMBER

echo "Enter ModelIdentifier for example MacBookPro15,1 or iMacPro1,1"
read MODELIDENTIFIER

# Remove device specific crud

sed -i '' '/ethernet0.addressType/d' "$VMXFILE"
sed -i '' '/ethernet0.generatedAddress/d' "$VMXFILE"
sed -i '' '/ethernet0.generatedAddressOffset/d' "$VMXFILE"
sed -i '' '/uuid.bios/d' "$VMXFILE"
sed -i '' '/uuid.location/d' "$VMXFILE"
sed -i '' '/hw.model/d' "$VMXFILE"
sed -i '' '/serialNumber/d' "$VMXFILE"

# Add Model Identifier and Serial Number

echo "hw.model = $MODELIDENTIFIER" >> "$VMXFILE"
echo "serialNumber = $SERIALNUMBER" >> "$VMXFILE"

exit 0
--
https://donmontalvo.com

sharriston
Contributor III

There are a few things that need to be set. This article has made mine work every time.

dvasquez
Valued Contributor

The information at the shared link works like a dream. 

Thank you!

ponyboy
New Contributor III

@donmontalvo appreciate the helpful script, but a fresh 10.13 VM has been sitting here burning 800% CPU on my MacPro5,1 running 10.14 for 30-40 minutes now. On the plus side, the script makes it so the VM doesn't kernel panic halfway through the boot process, but it does not boot. It gets halfway through the progress bar and just sits with CPU usage pegged for however many VCPUs were assigned.

@sharriston appreciate the article, but I'd been using four of those five parameters already. I'd already tried adding the smbios.reflectHost parameter with no effect.

bentoms
Release Candidate Programs Tester

@ponyboy Try this:

  • Delete any record of the VM in your JPS
  • Create an OS.dmg using AutoDMG
  • Create a template VM via vfuse, following the steps outlined here.
  • Add the resulting VM to VMWare & try again, should be good to go.

gabester
Contributor III

It also might be important that any Mojave or newer VM you build is built in a modern version of VMWare. I was attempting to insert the values into the VMX file of a Mac Guest VM originally built with Mojave on VMware Fusion 8.5, then upgraded to 11.5. Building a clean guest VM and having the values inserted into the VMX file ahead of time permitted a successful MDM enrollment. (This VM guest is not in a DEP scenario.)

Zackn9ne
New Contributor

@donmontalvo Thank you for the initial workings of that script, I elaborated on it. For the lazy, provides a fake serial number generator random, and a model Identifier too:

https://github.com/zackn9ne/make_jamf_vm

kcsantos
New Contributor III

@sharrington I followed those you steps in the link you posted and still cannot get the Prestage Enrollment to work on initial boot. (it's taking me directly to the "Data & Privacy" screen.) Using VMware Fusion 11.5.3 and the macOS10.15 installer.

The serial number is scoped to a Prestage Enrollment:
57fb380bd4f34960804c8f188df2bb06

And I added the following lines to the .vmx file:

serialNumber.reflectHost = "FALSE" serialNumber = "[MBPSERIALNUMBER]" hw.model.reflectHost = "FALSE" hw.model = "MacBookPro11,5" smbios.reflectHost = "FALSE"

Am I missing anything?

Thanks!

sharriston
Contributor III

@kcsantos I will say that with Catalina I also have been having a harder time getting them to enroll via prestage when I move them between my test and production instance. I've had to completely reset up the VM. Not sure if thats your issue but I also have seen this.

bcbackes
Contributor III

This is slowly killing me. I had just setup VMs for the first time last fall. I was trying to enroll them in Jamf so I can do proper testing with them, however, it wouldn't work. When I contacted Jamf Support the one person told me that Apple prevents VMs from enrolling into a MDM. I suspect he didn't know there was a workaround for this as I didn't know myself.

So the question I have is can I now perform those steps on my "already created" VMs, or, does it have to be done on new ones? Thanks in advance!

Scotty
Contributor

Here is my process for making Fusion VMs that can be enrolled from DEP. Great for testing... Mind you you need to salvage a actual mac serial and model name. I use a few old machines that died. I had our warehouse hold the machines so they dont end up recycled, repaired and back online somewhere in the world. I later learned its no issue to enroll multiple macs with the same serial. (thing multi booting) so now I just need 1 serial/model. I keep multiple versions of the VM (10.15.4, 10.15.3, 10.14.6, 10.13.6)

  1. Download/install all the needed bits
    a. VMware Fusion 11.5
    b. Latest AutoDMG: https://github.com/MagerValp/AutoDMG/releases
    c. Install vfuse pkg: https://github.com/chilcote/vfuse/releases/tag/2.2.4
    d. Homebrew: https://brew.sh/ 1. this is all CLI, installs from command on website /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" 2. Convert shallow HB History to unswallow with this command: (Im not sure this is required anymore actually) git -C "$(brew --repo homebrew/core)" fetch --unshallow
    e. qemi: https://github.com/chilcote/vfuse/compare/83ef2118a9d2...379036a09e80 1. installs from HomeBrew CLI brew install qemu

  2. Use AutoDMG to make a "never booted" DMG of the MacOS installer
    a. Open AutoDMG (run app)
    b. Drag the Mac OS installer to the app
    c. Apply updates as needed
    d. Click Menu Bar > Window > Advanced
    e. Set Volume name and drive disk. (Sets VM HDD size, PITA to do once your in the VM)
    f. Click build, this will take 5-20mins depending on disk IO and CPU count
    g. It will save a file at 8-18gb depending on OS that looks like this: "osx-10.15-19A603.apfs.dmg"

  3. Use vfuse CLI to convert the "never booted" dmg into a vmware VM file to use with Fusion or Esxi.

    1. If everything is installed correctly the command should just run from CLI without issues
      EXAMPLE COMMAND:
      sudo vfuse -i /Volumes/Scratch/osx-10.15-19A603.apfs.dmg --use-qemu -n VMNAME-s SERIAL --hw-model MacBookPro11,3 --snapshot --snapshot-name NeverBooted

      -You can use "Random" for the serial, but you can only "user enroll" the machine not DEP
      -To get the machine DEP enrolled at initial setup, you need a real mac serial number that’s assigned in ABM
      -Match the model of the serial to the actual apple model number
      -What works good here is to salvage a serial and model from a machines that been damaged in your org and not getting used otherwise. Make sure it doesn't get repaired and put back online. I use older 2013-2015 stuff without issue.

kcsantos
New Contributor III

@ScottSimmons I tried your steps posted but am getting hung up at 2f. I'm getting the following error:

The save file operation failed to connect to the open and save panel service.

See the screenshot below:

933f33f2c2fe42f2ab3fc2731d52cd32

FWIW, i'm running macOS 10.15.3

kcsantos
New Contributor III

@sharriston I went through the setup options in the VM to take a peep at the Serial Number and model... do the following details in my About This Mac page look weird to you? My Serial Number has the quotes included, and the Mac model isn't populating.

I'm almost certain now it's something in my .vmx file, but I'm using the format I posted previous, so idk.

3ff7248eaa8d4d8fb2cf0cfbadf4cedc

kcsantos
New Contributor III

I finally got this working by following the steps @ScottSimmons posted on 4/10/2020, with a couple of additions at the start...

I learned that I needed to:

  1. Start off by wrapping the macOS installer inside a DMG. (https://techsviewer.com/how-to-install-macos-10-15-catalina-on-vmware-on-windows-pc/)
  2. With that .dmg mounted, Drag the macOS installer inside, into AutoDMG.
  3. Proceed with the rest of the steps posted by @ScottSimmons

I kept ignoring the step to drag the macOS Installer FROM the .dmg ... but after that, everything else worked like a charm. I have VMs registered in DEP and going through the PreStage Enrollment for BOTH macOS Catalina AND Mojave on my brand spankin' new MacBook 16 😆.

Thanks again for y'alls help!

gabester
Contributor III

One thing that is not stated often or clearly enough is that YOU MUST BUILD THE VM WITH THE SERIAL NUMBER embedded. You cannot add/change it later. At least, that’s been my experience with enrolling VMs and while I haven’t tried DEP I hear it’s equally necessary to use a valid S/N there. I recommend one of your broken Macs down for repairs...

Update - I just used @ScottSimmons method with a couple minor hiccups; for example I did not know that AutoDMG will only build a DMG for an OS that you're running on; it rejected my attempt to make a Mojave DMG on a Catalina Mac. Likewise the command string I'd typoed the command string for vfuse. I'm super-excited to see this work, as it means I can roll new VMs for testing with a one-line script - and with the key first snapshot in place! (You don't know how many times I've made a VM or a clone of a snapshot and made my change and then smacked myself in the forehead because it really would have been nice to revert to that snapshot. I'm not sure why that isn't a default behavior when you clone VM - to snapshot its first state.)

dvasquez
Valued Contributor

absolutely and this took me a minute to understand, but the instruction here and that were shared DO indicate that step:

https://travellingtechguy.eu/vmware-dep/

CitizenJ
New Contributor

These are fantastic instructions and I'm really grateful for the work various posters have put in. Does anyone get the following Python error when running vfuse (v3.0.0) to generate the VM from the DMG?

Mounting osx-10.15.4-19E287.apfs.dmg
Traceback (most recent call last):
  File "/usr/local/vfuse/bin/vfuse", line 1201, in <module>
    main()
  File "/usr/local/vfuse/bin/vfuse", line 1051, in main
    mount_point, disk_id, volume_kind = mount_dmg(source_dmg)
  File "/usr/local/vfuse/bin/vfuse", line 282, in mount_dmg
    return mount_point, disk_id, volume_kind
UnboundLocalError: local variable 'mount_point' referenced before assignment

I have posted this as an issue (#66) on the vfuse github project so if this is a violation of forum rules, feel free to delete.

sdagley
Esteemed Contributor II

@CitizenJ Nevermind. I read the issue you posted on the vfuse issues page, and my suggestion didn't apply.

donmontalvo
Esteemed Contributor III

@Zackn9ne nice script! Following your GitHub now, awesome stuff. Sorry it took three months to thank you!

--
https://donmontalvo.com

donmontalvo
Esteemed Contributor III

@bcbackes we are able to enroll VMs in Jamf Pro. Opening tic with Apple Enterprise Support to see if that's true.

--
https://donmontalvo.com

CitizenJ
New Contributor

While waiting to hear from the vfuse guy, I went ahead and tried the process listed on the Travelling Tech Guy link that @sharriston kindly provided.

However, at the step that begins “Add the following lines to the .vmx file….” I used the excellent script that @donmontalvo posted earlier in this thread instead of the particular edits to the .vmx that Travelling Tech Guy suggested. I stuck to the remaining steps on that Travelling Tech Guy's page, to the letter, however.

The result is that I have a macOS Catalina guest that enrolled with my very large customer's very large jamf setup. Absolutely no problem. Thanks to all who have contributed to this thread.

gabester
Contributor III

@cjames or anyone else here know - does Parallels "just work" - or does it require similar steps? Mind you I'm a diehard VMWare user but "asking for a friend"...

sdagley
Esteemed Contributor II

@Sterritt The issue is that to do a DEP/ADE enrollment the VM must present itself as an actual Mac, which includes a model ID matching the serial number, so Parallels will require similar configuration changes to make that happen.

donmontalvo
Esteemed Contributor III

@sdagley well heck, we're not using ABM (was DEP) yet, so guess that's why we don't see the problem some others are.

--
https://donmontalvo.com

srobert
New Contributor II

Hi everyone -- anyone has success with ldap authentication with prestage enrollment?

teknikal35
New Contributor III

To build your DEP Mac
sudo /usr/local/vfuse/bin/vfuse -i /Applications/osx_10.14.6-18G103.apfs.dmg -n "MojaveOS_8WP" -s enter Mac Serial number --hw-model MacBookPro15,1

heavymeta80
New Contributor III

@Zackn9ne I have been banging my head against a wall for days on this and your script worked like a charm! Thank you! FYI my host is running Big Sur 11.2.3 and running a Catalina 10.5.7 VM on Fusion 12.1.1 so no compatibility issues here.

DPfrom603
New Contributor

Ok, so, my turn to bang my head against the wall.  Been picking away at this all night with little to no success...  Using newest Fusion (Professional Version 12.2.1 (18811640) ).  VM is Big Sur 11.6.2.   I have edited the .vmx file with everyone's different suggestions, to no avail.  

Screen Shot 2022-01-18 at 10.49.12 PM.png

Using URL enrollment...  https://<instance>.jamfcloud.com/enroll

It will push the MDM Profile, but never the rest...

Screen Shot 2022-01-18 at 10.57.05 PM.png

Any new thoughts around this?   

Thanks!  

//dp

 

Yeah, manually editing the file never worked for me either. Thankfully,
this script works like a charm: https://github.com/zackn9ne/make_jamf_vm

Good luck!

-hm80

DPfrom603
New Contributor

Still no go... I am not sure what the hang up is.... Any further thoughts?   What process do you follow to create end to end? 

Does the script successfully run?  I always choose a random s/n which works for me.  I create a new VM with my OS of choice, immediately shut it down, quit VMWare, run the script, then launch the new VM and enroll it.  

Successfully ran the script.  can confirm in the VM running and with a cat of the .vmx file.     Are you NAT'ing your VM IP or bridging it to the local network?  ( I have tried both, to no avail)

Screen Shot 2022-01-19 at 1.55.19 PM.png

Screen Shot 2022-01-19 at 1.55.56 PM.png