Help

APNs and Push Notification Certs Expired - Mass Enrollment Mistake

Chase
New Contributor II

Posted on ‎09-06-2019 01:29 PM

Hi,

Our APNs and Push Notification certificates expired at the end of August, I didn't notice or ignored the notifications. School started and we issued laptops running 10.14. They did a DEP enrollment and got stuck at the pre-enrollment stage. Since then, I have renewed both certs and waited, hopeful that the enrollment with magically continue with the next push notification. Unfortunately it didn't.

Question: What is the most painless way to complete the DEP enrollment into Jamf?

I can see an entry for each of the laptops in Jamf. They are listed as "DEP - <serial number>. I have a username for each of the users which they used during the setup. I know if I used the manual method for enrolling (via our enroll URL) the laptops will enroll successfully. I also, probably, know an administrator username and password for each of these devices. Unfortunately SSH is probably disabled as they didn't run the pre/post enrollment scripts.

Is there a console command that will trigger macOS 10.14 to complete or restart the enrollment?

What should I do?

Thanks,

Jason

0 Kudos
3 REPLIES 3

garybidwell
Contributor III

Posted on ‎09-08-2019 02:28 PM

Did any of devices actually get as far as installing the Jamf binary on enrolment?

0 Kudos

WellsJtech
New Contributor III

Posted on ‎09-08-2019 03:41 PM

Have you tried to delete the enrollment policy log for these machines then running?

sudo jamf policy -event enrollmentComplete

If that doesn’t work you can wipe the Setup Assistant completion with 

sudo rm /var/db/.AppleSetupDone

then reboot and it will run the Apple Setup Assistant again which should start DEP again.

Chase
New Contributor II

Posted on ‎09-10-2019 07:27 AM

> Did any of devices actually get as far as installing the Jamf binary on enrolment?

No. The profile appears in the list and the devices appear in Jamf but the devices are not communicating with the Jamf server.

> Have you tried to delete the enrollment policy log for these machines then running?

I have used that process before for individual systems that are stuck. I was hoping to find a way of resolving the issue that avoided touching all 166 laptops.

We have a manual process that the students can follow which involves use the <instance>.jamfcloud.com/enroll, logging in and downloading the APNs and DEP certs. I'll setup a script that the students can run to remove the .AppleSetupDone file. The jamf binary isn't installed.

If there are any other ideas, I'll try them.

Thanks,

Jason

0 Kudos