JAMF Pro Enrollment Issue After Computer Migration

zake
New Contributor III

Hello,

I recently migrated an employee to a new laptop. I used migration assistant to migrate the files over to the new machine. I ensured I removed all MDM profiles with the old machine to ensure certificate from the previous machine don't land on the new computer.

The new computer was DEP device so it enrolled it self before the migration started

The migration was successful however the new computer isn't taking management tasks. Check screenshot of management commands pending.
16cbf0ae9ccc41d38730529cb8e34fe5

These commands have been pending for days now. Odd thing, the computer updates inventory and check in entirely fine

Here's what I tried

Command Run
sudo jamf recon
sudo jamf manage
sudo jamf policy
sudo jamf enroll -prompt (to see if the CA certificates will help)

1 ACCEPTED SOLUTION

larry_barrett
Valued Contributor

Sudo jamf removeMDMprofile
Sudo jamf removeFramework
Sudo rm /var/db.AppleSetupDone

Restart and go through setup assistant again. I did not test this.

View solution in original post

5 REPLIES 5

zake
New Contributor III

Any ideas?

larry_barrett
Valued Contributor

Sudo jamf removeMDMprofile
Sudo jamf removeFramework
Sudo rm /var/db.AppleSetupDone

Restart and go through setup assistant again. I did not test this.

mainelysteve
Valued Contributor II

@zake If Larry's suggestion above doesn't work then try issuing a sudo profiles -N while logged in as the user. If it still has an mdm profile then you'll need to remove it using the command above. Using the profiles -N command ensures the machine still reports a DEP enrollment.

You may need to nuke the contents of /var/db/ConfigurationProfiles/Store/ as well as /Library/Keychains/apsd.keychain before trying another re-enrollment if the management command to remove the mdm profile doesn't work.

sudo profiles -N worked like a charm. Thank you!

rstasel
Valued Contributor

Just ran into this. Seems to be caused by running Migration Assistant and migrating everything (rather than just migrating user account). Causes overwriting of something that breaks the configuration profile functionality. Policies would run okay after re-enrolling, but push didn't work (couldn't remove via "Remove MDM" on Jamf end either.

Had to talk customer through disabling SIP, then Bomgar'ing in and deleting /var/db/ConfigurationProfiles/Store, and reenrolling via "sudo profiles renew -type enrollment". Then customer re-enabling SIP.

Shame apple doesn't give us some possibly sledge hammer to fix this remotely. I get the point of SIP, and agree with it, but when things wedge, it's a pain in the rear.