Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

How to enroll a Mac VM running macOS High Sierra hosted by Parallels Desktop Pro

I have been testing Jamf Pro policies using Mac VMs for about 2 years. This has worked really well for me. The only policies that I cannot test using a VM are polices that require the use of a physical Mac, such as deploying FileVault via Self Service. When I bought my first Intel Mac in 2006, I bought Parallels Desktop. Since then, I have upgraded to every new version of Parallels. I have worked with VMware, and I think it’s a great product. If it existed at the time, I just didn’t know about it back in 2006. I thought about moving to VMware a few years ago, but I never had the incentive to do it. When Jamf Pro 10.3 was released, I could no longer enroll a Mac VM running macOS High Sierra. Doing so would either result in a “Profile installation failed” error, or if I used a quick-add package, the installation would fail. We now need a Mac VM that has a valid model ID, and we should have a serial number for the VM. This is why enrollment fails. Jamf Support sent me this article on how to create a VM for Jamf Pro policy testing.

http://www.modtitan.com/2018/03/tip-for-testing-new-jamf-pro-103.html

From what I understood from this article, I needed VMware to get this to work. Since I did not want to invest in two new VMware licenses (one for my MacBook Pro, and another for my iMac), I did some searching to find out if it’s possible to change the serial number and model ID of a Parallels Mac VM.

The Parallels knowledge base has this article for changing the serial number:

https://kb.parallels.com/123455

And this article for changing the model ID:

https://kb.parallels.com/en/123594

To make the necessary changes, we need to right-click the VM from the list, and select Configure. Next, we go to Hardware - Boot Order, and then open Advanced Settings. In the Boot flags field, we enter the text strings that define the serial number of the VM, and the model. Close the configuration window when finished. Boot up the VM, and check System Profiler to make sure that the new serial number and model are there.

I took the serial number of the host Mac, and changed one digit to create a new serial number, and I entered that into the text string. I then copied the model ID of the host Mac into the next text string. After making these changes, I booted up the VM, and saw my changes when I launched System Profiler.

I was then able to enroll my macOS High Sierra VMs into Jamf Pro using the enrollment URL after following this process.

I’m not sure how many people here use Parallels instead of VMware, but I hope this helps anyone facing the same dilemma I was. This requires Parallels Desktop Pro or Parallels Desktop Business.

Like Comment
Order by:
SOLVED Posted: by prbsparx

Did you have to make all these changes prior to 1st boot?

Answered my own question: No - you don't. But you do have to do both the model ID and serial number change.

Like
SOLVED Posted: by howie_isaacks

While you’re building up the VM it’s not necessary to change the serial or model. We just need to do this before we enroll the VM into Jamf Pro.

Like
SOLVED Posted: by jacopo.pulici

Hi,
followed the guide (added the device id and serial number flags) but the VM still boots up with the host's data (both s/n and Mac model).
Any idea @howie_isaacks ?
Thank you

Like
SOLVED Posted: by howie_isaacks

@jacopo.pulici Can you post a screenshot of what you added into the boot flags?

Like
SOLVED Posted: by scottlep

Does anyone have this working with newer versions of Jamf Pro and macOS, such as JP10.5 and 10.13.6?

Thanks!
Scott

Like
SOLVED Posted: by Wagener

Thanks for your thoughts and efforts here, Scott. Fwiw, I've been unable to get a Parallels 13 Pro High Sierra 10.13.6 VM enrolled in MDM, and we're using a v10.6.0 JSS from JamfCloud. This is even when using using serial number, hardware identifier, and MAC address from a real and unenrolled MacBook.

The error from jamf mdm and enrollment invitations is "MDMResponseStatus error 500". Would second being glad to hear if anyone else has had success with this configuration.

Very best!

j

Like
SOLVED Posted: by timmy

I'm also running into this same issue (the 500 error) and can't find a way around it. I'll keep poking and update if I find anything.

Like
SOLVED Posted: by howie_isaacks

This has worked really well for me since I posted this thread. I'm not sure why this is a problem for some people, but I'm happy to help.

Like
SOLVED Posted: by leslie

Also get MDMResponseStatus:500 when trying to enroll a 10.13.1 Parallels VM in Jamf Pro 10.6

After reviewing some comments here found a couple shell records in mobile devices. Removed those and old computer record based on hardware UUID and was able to get the MDM profile (complete enrollment) installed on the VM.

Like
SOLVED Posted: by howie_isaacks

Again, I'm happy to help anyone who can't get this to work. I recently upgraded to Parallels 14. For some reason, my older VMs that were upgraded last last year stopped checking in and working with the JSS. I deleted them, and created new Mac VMs from scratch. Both of the new VMs worked using my instructions above.

Like
SOLVED Posted: by kburns

This worked for me as well. The first enrollment I attempted (prior to these instructions), created a mobile device with the UUID of the VM instead of a computer record. After I followed these instructions, and deleted the created mobile device, I was able to install the MDM profile/enroll the device.

Thanks!

Like
SOLVED Posted: by mjerome

I have to use VMWare Fusion for this. Can anyone assist?

Like
SOLVED Posted: by JustDeWon

@mjerome Check this thread

Like
SOLVED Posted: by LauriM

Thanks! this did the trick

Like
SOLVED Posted: by TexasITAdmin
The error from jamf mdm and enrollment invitations is "MDMResponseStatus error 500". Would second being glad to hear if anyone else has had success with this configuration.

I had this problem too even after setting the device id and serial number in parallels.

I found the issue though. Look in your mobile device list for [No Name] record and delete that record. Once you do so you will be able to enroll the device.

Like
SOLVED Posted: by monaronyc

Has anyone been successful in getting this to work in Parallels 13? I've tried all the above with no avail. And unfortunately our company only uses Parallels. Thoughts?

Like
SOLVED Posted: by B-35405

@TexasITAdmin Thanks dude, this was the fix for me.
'I found the issue though. Look in your mobile device list for [No Name] record and delete that record. Once you do so you will be able to enroll the device.'

Like
SOLVED Posted: by howie_isaacks

Just an FYI... This continues to work for me using Parallels 14. I recently recreated all of my Mac VMs, and I used the steps that I detailed in my original post to enroll the VMs into Jamf Pro.

Like
SOLVED Posted: by kericson

Yes this still works.
Add this in the bios settings:
I think the quotes is key to getting this to work.

devices.smbios.serial="Your-Serial#-Here" devices.mac_hw_model="Your-Mac-Model-ID-Here"

Example:

devices.smbios.serial="C01VG0EFHSDP" devices.mac_hw_model="MacBookPro14,3"

Like
SOLVED Posted: by gskibum

@howie_isaacks and @kburns

I love you guys!

I came here for the obvious reason. Yet after applying the Boot Flags fix I still wasn't able to enroll.

I admin 7 JSSs, so I tried enrolling in other JSSs. I was able to enroll successfully in 5 of the JSSs. So I had a closer look at the 2 JSSs that weren't cooperating.

Lo and behold there were stray mobile device records sharing the UUID of the VMs. Curiously these mobile device records were not visible by just browsing mobile device records, rather I had to do a search for mobile devices based on UUID for them to appear.

Like
SOLVED Posted: by Kallendal

Great post. Just curious. I didn't think, per Apple's EULA, you were allowed to use MacOS in a VM environment? I believe they lifted that VM ruling for much older Mac Operating systems (going back to like Snow Leopard/Lion now). personal use aside, I know that is a deal breaker in our corporate environment.

Let me know if the VM item has changed from Apple? Links if you have any.

Thanks

Like
SOLVED Posted: by gskibum

@Kallendal

Last I knew VMs are allowed only on non-production builds intended for testing. And are allowed to be run only on Apple hardware.

Like
SOLVED Posted: by gskibum

https://www.apple.com/legal/sla/

(iii) to install, use and run up to two (2) additional copies or instances of the Apple Software within virtual operating system environments on each Mac Computer you own or control that is already running the Apple Software, for purposes of: (a) software development; (b) testing during software development; (c) using macOS Server; or (d) personal, non-commercial use.
Like
SOLVED Posted: by howie_isaacks

I don't see a problem with running Mac VMs on a Mac. Doing this has helped me better serve Apple's customers. Since I can virtualize, I don't have have a lot of hardware just for testing and package creation.

Like
SOLVED Posted: by cwaldrip

Curious. I'm getting the MDMResponseStatus 500 error.

I've removed the machine, based on the UUID, from my Jamf server.

My boot flags are...

devices.smbios.serial=C00A00A0AAA0
devices.mac_hw_model="MacBookPro15,1"

I'm running macOS 10.14.5 and Parallels Desktop for Business 14.1.3.

Anyone have luck with that version combo? Any suggestions?

Like
SOLVED Posted: by kericson

@cwaldrip Make sure it didn't create a fake device record in Jamf. Sometimes it will do this and you have to remove the record under Mobile Drives or Unmanaged Macs.

Like
SOLVED Posted: by gskibum

@cwaldrip

Exactly what @kericson said. I was getting hung up by failed macOS enrollment attempts appearing as incomplete records in mobile devices.

Like
SOLVED Posted: by cwaldrip

@kericson Well, damn. It didn't even occur to me to look under Mobile Devices, even with it being mentioned previously. 🤦🏼‍♂️ We don't manage mobile devices so that's a dusty corner of the server for me.

Found, removed, and it works now. 😁

Like