Jamf Nation Community

Aaaaaand now that I read further down the thread (maybe I should that before posting things), I see your issue isn't with the device receiving an IP address. Never mind.

@timvenchus we have a powered usb hub set up with all the necessary cables at all times, so if I get an iPad like that, I only look it up in JSS, send clear passcode command and connect it, and voila.

Tried this today on a device and it failed, so i did a bit of testing and think i may have found the issue.

It looks like the MDM root certificate had expired on the device, i checked some more students in his class and they were on and old expired certificate as well.

After getting the student permission to wipe the device, i preceded to inroll the device again and then permanently disable it again with incorrect pin code attempts.

After connecting the iPad via the lighting to usb, usb hub and a usb to ethernet contraption, it work instantly.

does DFU mode can remove MDM mode on iphone and ipad ?

Yes, but the device would simply re-enroll at activation if it's in DEP and assigned to a pre-stage enrollment.

Anyone else seeing that this no longer works in iOS 10.3? I can still get an IP address with my Apple USB Ethernet adapter, but after reboot I can't run any MDM commands until the passcode is entered.

Yes what I'm seeing is that I Can't clear any PassCode's any more on device's with 10.3.1 using a wired connection. Testing on my test device if device is Passcode lock no MDM commands are working, If I unlock the device commands do work. This is going to be a Problem clearing Passcode on devices we need to access.

Just found this also

[http://www.enterpriseios.com/story/2017/04/07/Push_notifications_to_iOS_require_WiFi_link_when_Ethernet_used
](link URL)

There appears to be a bug in iOS (10.3.1) with push notifications and Ethernet. We use the Apple Lightning to USB 3 Camera Adapter and a USB Ethernet adapter to provide network to devices in the field. During a troublesome deployment we discovered that the Apple Push Notification Service (APNS) does not establish a connection if the WiFi radio is off or not joined to a known network. That WiFi network does not need to have valid internet, or even DHCP available, the device will choose a self assigned IP and then the APNS connection will use the Ethernet adapter.

I imagine this has something to do with how APNS behaves when both Cellular and WiFi are available. I'm curious if Apple TV has a similar bug, I imagine not, given the fact the Ethernet is built in and likely a more common scenario. Although a seldom used feature, the Lightning to USB to Ethernet configuration was feature in a past keynote (https://sixcolors.com/post/2016/03/apples-lightning-to-usb-3-adapter-bri...).

MDM commands are triggered by APNS messages which means MDM is not functional in an Ethernet only environment.

It was a tricky one to discover, requiring packet captures, and other network analysis to isolate, I hope this helps someone else in the future.

Radar:
http://www.openradar.me/31494325

Was able to connect locked iPad to MacBook through USB and share MacBook's internet connection. Allowed me to get my 10.3.1 iPad unlocked. Thanks to @Emmert suggestion in https://www.jamf.com/jamf-nation/discussions/23801/rj45-adaptor-for-ipads

so @kuypers does that mean that 10.3.1 and above devices dont work or is there a work around?

As I found the same result as you did, I knew the ipad was communication over ethernet, as it could be pinged, but it wouldn't respond to MDM commands.

This solution works: https://www.howtogeek.com/214259/how-to-reverse-tether-an-iphone-or-ipad-to-your-pc-or-mac/

Correction.... it did work but only for a small few.

With MacOS High Sierra, if Internet Sharing (or Content Caching with Internet Connection) is enabled on your Mac, all you need to do is connect the iPad to your Mac using Lightning cable and (though it might take some time) eventually your iPad should start communicating with the MDM and receive that Clear Passcode command.

Thank you so much @rfaruk .. this has worked perfectly and resolved the issue :-)

Hello,

I manage about 1400 iPad and it does not work for me.
I have an iPad in iOS 11.4.1 locked without wifi :
- I sent the clear passcode command.
- My mac is in high Sierra, I am connected to the wired network, I have enabled connection sharing and caching.
- When I connect the iPad with the cable lightning to my mac it appears on the iPad "unlock the tablet to use the accessory" and nothing happens on the iPad.
- The commands is already in pending in JAMF Pro
It happens very often that students forget their password and that the tablets are locked.
I strongly wish to maintain the homogeinity of the park in ios 11 and therefore do a DFU.
Did I do something wrong?

I am interested in any idea

Thank you in advance

All of our kids' passcodes are the same as their lunch codes, so we have them on file. If a kid were to change their passcode, and then forget it, they will receive a conduct violation for tampering with their passcode. This is kind of a deterrent to keep the kids from messing with them.

If for some reason a kid does change their code and forgets it, we would do as follows:
1. If it's still on Wi-Fi, clear the passcode by JSS.
2. If it's not on Wi-Fi, connect via Ethernet, then clear passcode by JSS.
3. If Ethernet fails, put iPad into DFU and restore the iPad. (The student will be held responsible for any lost class work)

That's it... the kid will get a working iPad back one way or another. FYI, our 1:1 iPad deployment is only for 5th through 8th grades.

@xavier.daleo The behaviour you're seeing is due to a change in the iPad settings (as of iOS 11.3?).

In order to allow iOS devices to use the USB connection (either with the USB->Ethernet adapter, or I'm assuming also with internet sharing), you need to disable the "USB Restricted Mode" (see attached screenshot).

You can find this in the "Restrictions" payload, at the bottom of the "Functionality" tab.