0

Apple DEP/Apple Device Enrollment Debug Log

Posted on June 16, 2020

When building DEP Pre-Stage enrollments, you may wish to have eyes on some advanced logging output. We can turn on Debug mode for DEP/ADE on a per-machine basis by doing the following to that machine.

  1. Boot the machine into recovery mode after you have completed a clean install of the OS. (CMD + R at boot).
  2. Once booted, go to Utilities -> Terminal.
  3. Run the following 4 commands:
    • defaults write /Volumes/Macintosh\ HD/Library/Preferences/com.apple.apsd EnableDetailedLogging -bool TRUE
    • defaults write /Volumes/Macintosh\ HD/Library/Preferences/com.apple.MCXDebug debugOutput -2
    • defaults write /Volumes/Macintosh\ HD/Library/Preferences/com.apple.MCXDebug collateLogs 1
    • touch /Volumes/Macintosh\ HD/var/db/MDM_EnableDebug
  4. Quit Terminal and reboot the machine and begin your enrollment process. You will see a new log that will output to /Library/Logs/ManagedClient/ManagedClient.log

Once you have generated the log, you can disable the debugging mode by opening terminal while normally booted and logged into the OS.

  • sudo rm -f /var/db/MDM_EnableDebug
  • sudo rm -f /Library/Preferences/com.apple.MCXDebug.plist

Hopefully this helps you easily discover what is causing your enrollment process to fail.

0

Generating Manual Manifests for Jamf PreStage Enrollment Packages

Posted on June 11, 2020

It has been a long time coming that in Jamf and Apple land, that we can pre-install packages to the Mac during the enrollment process (DEP, now called Apple Device Enrollment). In our environment, we are switching from the old, bind to the AD domain method and allow password syncs to break even while using Nomad era, to the new (re-branded Nomad) Jamf Connect (See: https://www.jamf.com/products/jamf-connect/). Naturally, we would like to reply the Jamf Connect Login before anything else and use it’s Notify script to streamline the install progress and provide the user information as the installs complete.

The specific error that you see under the Management Commands for the specific computer you are trying to enroll is “No manifest could be created for the package.”

Jamf Pro 10.19-10.21 have an issue that seems related to PI-007954 where Jamf Admin is not automatically calculating the size of the package and creating a correct manifest for it. The manifest is required in order for macOS to install the packages defined in PreStage Enrollments. Since this does not get generated automatically correctly, we must manually build one and upload it for each package we are going to use during the PreStage Enrollment.

There was not much information about this in the community forums on Jamf Nation, nor from Jamf themselves. After talking to support, here is what you need to do:

read more
0

iPhone 8 (Plus) and iPhone X – Opinion

Posted on September 13, 2017

I have not spent much time in the consumer end of the technology market in the last few years due to my enterprise role I currently have, but did manage to follow the developments leading to the release of Apple’s new products yesterday.

I still remember 10 years ago. I was living in New York City, and Apple had announced that they were making a smart phone. Even with the success of the classic ipod (not so classic at the time), it was hard to imagine what the new phone would look like. I remember people posting online (pre-reddit?) mockups of what it would look like. Basically, it was suppose to look like an iPod with a slightly bigger screen and all the other things needed to make it a phone. Various mockups can be found here. The mockup I remember the most, is the third one; the Blackberry look alike. read more

4

Insignia NS-PCY5BMA Bluetooth 4.0 – El Capitain

Posted on January 21, 2016

Insignia NS-PCY5BMAOSX El Captain has been full release now for a handful of months and has even had a few updates since it’s release. Current version is now at 10.11.2. As we have seen with past OSX upgrades and the Insignia NS-PCY5BMA Bluetooth 4.0, edits have to be done in order for the system to recogize the bluetooth dongle. However, changes in 10.11 have also brought a slight change to the patch needed in order to get functionality restored for the dongle.

This guide will only cover what is needed to get the dongle recognized by El Capitan. For more indepth information on how to get this to work in Yosemite with Handoff, please look at my previous article: http://www.dersoldat.org/?p=1286

Edit Kext to Recognize the Dongle

To get the builtin Kext for the Broadcom BCM20702A0 to recognize the Insignia dongle, we need to add the devices Product and Vendor ID to the kext file. The kext that we need to modify is /System/Library/Extensions/IOBluetoothFamily.kext. Make a copy of it and place it on the Desktop. Once it is copied, right click on it and select “Show Package Contents” to reveal the folder “Contents”. Open the “Contents” folder and then the “Plugins” folder. In there you will see another Kext called “BroadcomBluetoothHostControllerUSBTransport.kext”.  Right click on that and select “Show Package Contents” and then navigate to “Contents”.

You should now see the “Info.plist” which is where we will make our edits. Open this with TextEdit (You may need to right click and select Other to pick TextEdit) and add the following code:

<key>PID 569 0x0239 VID 6655 0x19FF</key>
<dict>
<key>CFBundleIdentifier</key>
<string>com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport</string>
<key>Dongles</key>
<dict>
<key>Best Buy</key>
<string>NP4.0</string>
<key>Insignia</key>
<string>BT V4.0</string>
</dict>
<key>IOClass</key>
<string>BroadcomBluetoothHostControllerUSBTransport</string>
<key>IOProviderClass</key>
<string>IOUSBHostDevice</string>
<key>idProduct</key>
<integer>569</integer>
<key>idVendor</key>
<integer>6655</integer>
</dict>

This will work for the Insignia model that we have here, but the same edit should work for most that use the same chipset. You just need to find the Product ID and Vendor ID and convert it from Hex to Integer. In our example the Product ID in hex is 0x0239.

Bluetooth should now show the adaptor and it's settings.

Bluetooth should now show the adaptor and it’s settings.

To convert it to an integer, go to this converter and input the Product ID minus the 0x. 0239 should come out as 569. Do the same for the Vendor id which 19ff becomes 6655 (again, omitting the 0x at the beginning).

Once you have the proper IDs in the Info.plist file, you can save it then close all windows. Now, you will need to use a Kext installer to replace the original IOBluetoohFamily.kext that still exists in your /System/Library/Extensions folder.

If the edits are correct, you should be able to reboot the computer and see the Device in the System Information window under Bluetooth.

A huge thanks to Guito Mendez, as he reported back to me about the edit that shows that IOUSBHostDevice has changed in El Capitan.

Handoff Activation

In Yosemite, I was able to to use CAT (Continuity Activation Tool) to allow older and non-support WiFi and Bluetooth cards to support Apple’s handoff. Unfortunately, the current Git version with experimental El Capitan support causes a kernel panic with my system. If you plan to try to use CAT (AT YOUR OWN RISK), then you need to at least make sure that you have a backup of IO80211Family.kext and a suitable way to boot into a recovery enviornment to remove the bad kext.

NOTE: You need to disable Apple’s SIP for you to be able to do a lot of these direct edits with the kexts. Look for documentaiton around that for Clover here at some point, but it is documented in other places already.

If a activation for El Capitan becomes available, I will post accordingly.

0

2015 Ohio LinuxFest

Posted on August 12, 2015

Ohio LinuxFest 2015

Some of you know that I helped this great organization back in the early 2000s. This event marks the 13th year of it’s existence! And to add to the greatness, a good friend of mine Jorge Castro is doing a keynote!

If you are interested in Open Source and Linux, then this event is worth the trip. Plus, it is free for the basic attendance package.

Head over to their website and register!