WiFi won't connect after reboot and iOS device password is lost/forgotten

jlister
New Contributor II

Hello,

I have a bit of a conundrum here and I'll give a scenario:
A user that has an iOS device, managed via JAMF through DEP, forgets their password on the device.
In some attempt to 'fix' it, they reboot the device before calling support to wipe the passcode.
After the device is rebooted, it will NOT not attach to a wireless network until the user logs in.
But, if the user can't remember the password to log in, the device won't attach to the WiFi to talk to the MDM server and have it's passcode reset. As far as I know, nothing can be done until the device is manually wiped completely using Configurator. Is there any other way to get around this? Ideally, I'd like to have the device attach to a WiFi network after reboot BEFORE a user logs in.

As per this example, it's an iPad with iOS 10.3.2 on JSS 9.98

9 REPLIES 9

MattAebly
Contributor II
Contributor II

Hey Jonathan,

It sounds like this is a Shared iPad where users are logging in with a Managed Apple ID, correct? If so, if you are at the login screen for the iPad, just double tap the home button and you will be able to connect to WiFi from there without logging in.

jlister
New Contributor II

Hello Matt,

No, the iPad is not shared. No Apple ID is even used on it. The logon screen is the basic 6-digit password to unlock the device.
I believe this is something by design from Apple. They used to have this flawed design in their macOS as well, where it would not connect to WiFi until a user logged in. They've changed that for macOS in 10.3(?) but not for iOS. Enough people like me complained about the catch-22 it made. In macOS, if you were trying to authenticate your network logon credentials, it would need to be connected to the network to do so - obviously. But, it wouldn't connect you to the network (via WiFi) until you logged in. The only workaround was to connect to a wired network. This was because the WiFi SSID and password were stored in the user's profile. But the user's profile was locked and not even macOS could access it until that user logged in.

mmcallister
Contributor II

Have you tried connecting it to ethernet and sending a command to clear the passcode? https://www.jamf.com/jamf-nation/discussions/12444/ethernet-connection-for-ipads

jlister
New Contributor II

Thanks Matthew!

It's still a cumbersome manual process; drive to the remote location, locate user/device, plug in everything, log into MDM, reset, then quickly leave before you lose your mind listening to their complaints about having a locked down device.
Yet, it works, and at least the user won't lose all their settings/info on the iOS device. Maybe one day Apple will fix this as they did in macOS, but I'm not holding my breath.

jchurch
Contributor II

another option is Tethered Caching . Check out the Apple support article

bentoms
Release Candidate Programs Tester

@jlister Are you deploying the SSID to the devices via jamf?

If not, try it.. should then connect at passcode screen.

jlister
New Contributor II

Yes, the iOS devices are all configured on WiFi via JAMF.

Tethered caching looks like a neat new trick! I'd be interested in trying that one.
Still no timeout, config or "remote" option available, though?

jlister
New Contributor II

Hello again,

I am revisiting this as the solution Matt McAllister gave https://www.jamf.com/jamf-nation/discussions/12444/ethernet-connection-for-ipads no longer works! It did the trick for a while, but since one of the recent iOS updates, it won't connect the device to LAN unless the device is unlocked. But, the whole point of doing this is to push a JAMF unlock command through LAN when WiFi is not accessible because of iOS security . Argh! Any updated ideas to circumvent this?

Summary of issue:
As an example, a user forgets their iPad lock screen credentials. If the user reboots the iPad, it will disable WiFi until the iPad lock screen credentials are entered. But, if you can't unlock the iPad, you can't connect to any network to allow JAMF to clear the passcode. Connecting to LAN, using the link given above, was a helpful way to get the JAMF command through. Now, even that doesn't work. To note: No AppleID is used in any case here.

jlister
New Contributor II

Ok, for those who found this post, here is the most recent update for the issue:
https://www.jamf.com/jamf-nation/discussions/27478/supervised-ios-11-3-devices-will-be-capable-of-be...