Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

MDM Enrolling 10.14 Clients on VMWare Fusion 11.0.3

Is there an easy way to do this? I read an article about using a tool called vfuse, but it didn't seem to like the newer version of Fusion. I get an error 500 from the profile enroll window.

It seems like its just setting the hw.model and serialNumber field in the .vmx file anyhow?

So far I've set the model to one that should work (but I didn't have the serial number for), but it doesn't work, I poured through our surplus models and found a serial of a machine that was disposed of - but it didn't work.

I set the hw.model to the exact same one that the serial number came off of, but then the VM kernel panics on startup (probably because the model isn't compatible with 10.14).

Someone in another post suggested using the host's serial (Macmini7,1) - and incrementing it by one, but that didn't work either.

Thought I would ask on here before contacting VMWare tech support tomorrow.

On a side rant: I don't get why Apple has to do this to me - I manage clients on JAMF and ConfigMgr - and this is not an issue I have on Windows/Linux.

Like Comment
Order by:
SOLVED Posted: by Brad_G

I can't speak to VMWare Fusion 11 but I'm running Fusion v10 on an iMac and using that machines model and serial number works for my 10.12, 10.13, and 10.14 VMs.

Like
SOLVED Posted: by sdagley

@Angelworks You do need a copy of VMware Fusion 10 for vfuse to build a VM (if you're not using the QEMU workaround), but it doesn't have to be a licensed copy, and you can run the VM that's created with Fusion 11.

Like
SOLVED Posted: by mark.mahabir

All working fine here. I don't use vfuse but just install macOS in the normal way. Then edit the .vmx file and add a line similar to:

serialNumber = uJk8Hu6Vb7cD

i.e. 12 random letters and numbers at the bottom. I don't think this has ever not worked for us.

Like
SOLVED Posted: by jwojda

yeah, it sort of works, you gotta use the QEMU workaround listed on the site.

Like
SOLVED Posted: by Angelworks

@mark.mahabir Hmm I tried that exact serial number - I attached a screenshot of the error I get actually. Are you setting the model to anything specific?

Like
SOLVED Posted: by scottb

I edited my .vmx file for VMWare 11.0.3 and here's the area of interest:

serialNumber.reflectHost = "FALSE"
serialNumber = "C03VP0U7XXX"
hw.model.reflectHost = "FALSE"
hw.model = "MacBookPro14,3"

Saved and enrolled into JSS no issues.

Like
SOLVED Posted: by sharriston

This site has been super helpful to me.

Like
SOLVED Posted: by Angelworks

@sharriston That is a very helpful doc - question you might know the answer to though - I've read on other sites you shouldn't use the serial of another enrolled device like that site is suggesting?

Like
SOLVED Posted: by sharriston

So I would definitely recommend that you don't use an enrolled device, you'll have conflicting jamf records and possible dep issues. . We have an old 13" Pro that we aren't currently using and I have just made that my test serial number as the hardware is unusable at this point.

Like
SOLVED Posted: by Angelworks

@sharriston I do have discarded laptops, but none of them so far are dep enrolled - or are new enough to run 10.14 (I found if you put a model number old enough into the vmx config it kernel panics the vm on startup).

Like
SOLVED Posted: by mark.mahabir

@Angelworks No, I never set a model.

We don’t yet use DEP here however.

Like
SOLVED Posted: by scottlep

Besides changing the SN and Model Info, I also had to edit the MAC address in the vmx file for my 10.13 and 10.14 VMs. It seems that the hardware has to appear to be Apple in order to be enrolled via MDM. If you are not familiar with MAC addresses, I believe the first 3 sets of numbers are the hardware manufacturer info, then the second set of three numbers are specific to the computer/device. If the hardware doesn't appear to be from Apple based on the first set of numbers it will fail, in my experience. Similar to how I made the fake serial number, I just grabbed the MAC address from my test computer and changed the last digit by a few characters. After that the VM enrolled with no issues. I have done this with several VMs I have build and never had an issue. This makes sense since the computer has to check in with Apple MDM/APNS during the MDM enrollment....so if it talks to Apple and it doesn't have an Apple MAC address Apple would probably reject it causing the enrollment to fail.

Also, if you attempt to enroll with a non-Apple MAC address and it fails with the error you showed, it usually leaves behind a bad record that either shows as "No Name" or just the serial number. This might even show up under mobile devices instead of computers. In my experience I had to delete the bad records before I could enroll the VM with the new fake Apple MAC Address.

~Scott

Like
SOLVED Posted: by kerouak

I discovered that ; using MacPro5,1 for High Sierra causes a boot loop.

Instead of MacPro5,1, I used a different hardware model ID; MacBookPro8,2, and this worked fine.

Like
SOLVED Posted: by Angelworks

Just to follow up on this issue - working with a co-worker I did solve this.

What happened when I first tried enrolling the VM it got added as a mobile device (even though I got error 500's from the mdm client). After deleting that inventory record - I set the following options in the vmx file:

hw.mode.reflectHost = "FALSE"
hw.model = "blah12,0"

In VMWare Fusion 11 - the default serial number is 12 digits and works just fine. Obviously don't use blah12,0 (maybe that will work?) - I think I just set it to a Macbook model I knew could run 10.14 - and it worked. Keep in mind - its not DEP enrolled, but I don't really need that to simply test policies/packages.

I suspect the core issue is actually a JSS bug - when enrolling the device it doesn't detect it properly as a OSX device and not a IOS device. I'll contact our support rep about it.

Like