0

Apple DEP/Apple Device Enrollment Debug Log

Posted on 16th June 2020

When building DEP Pre-Stage enrollments, you may wish to have eyes on some advanced logging output. We can turn on Debug mode for DEP/ADE on a per-machine basis by doing the following to that machine.

  1. Boot the machine into recovery mode after you have completed a clean install of the OS. (CMD + R at boot).
  2. Once booted, go to Utilities -> Terminal.
  3. Run the following 4 commands:
    • defaults write /Volumes/Macintosh\ HD/Library/Preferences/com.apple.apsd EnableDetailedLogging -bool TRUE
    • defaults write /Volumes/Macintosh\ HD/Library/Preferences/com.apple.MCXDebug debugOutput -2
    • defaults write /Volumes/Macintosh\ HD/Library/Preferences/com.apple.MCXDebug collateLogs 1
    • touch /Volumes/Macintosh\ HD/var/db/MDM_EnableDebug
  4. Quit Terminal and reboot the machine and begin your enrollment process. You will see a new log that will output to /Library/Logs/ManagedClient/ManagedClient.log

Once you have generated the log, you can disable the debugging mode by opening terminal while normally booted and logged into the OS.

  • sudo rm -f /var/db/MDM_EnableDebug
  • sudo rm -f /Library/Preferences/com.apple.MCXDebug.plist

Hopefully this helps you easily discover what is causing your enrollment process to fail.

6

Generating Manual Manifests for Jamf PreStage Enrollment Packages

Posted on 11th June 2020

It has been a long time coming that in Jamf and Apple land, that we can pre-install packages to the Mac during the enrollment process (DEP, now called Apple Device Enrollment). In our environment, we are switching from the old, bind to the AD domain method and allow password syncs to break even while using Nomad era, to the new (re-branded Nomad) Jamf Connect (See: https://www.jamf.com/products/jamf-connect/). Naturally, we would like to reply the Jamf Connect Login before anything else and use it’s Notify script to streamline the install progress and provide the user information as the installs complete.

The specific error that you see under the Management Commands for the specific computer you are trying to enroll is “No manifest could be created for the package.”

Jamf Pro 10.19-10.21 have an issue that seems related to PI-007954 where Jamf Admin is not automatically calculating the size of the package and creating a correct manifest for it. The manifest is required in order for macOS to install the packages defined in PreStage Enrollments. Since this does not get generated automatically correctly, we must manually build one and upload it for each package we are going to use during the PreStage Enrollment.

There was not much information about this in the community forums on Jamf Nation, nor from Jamf themselves. After talking to support, here is what you need to do: