We were encouraged to create new Managed Apple IDs to perform administration within School Manager, so whoever has the task to renew the DEP Tokens at any particular time, theirs is the Apple ID used. If that is a known requirement, I missed that documentation. What was the reason for the password reset ?įirstly, we don’t use the main DEP account to generate DEP tokens. If the main DEP account password gets reset the VPP token has to be renewed as this is bound to each other.Īlso once a year you’ve to renew the DEP/VPP tokens so this in general is not an issue I created a Support Ticket via AppleCare Enterprise and got some disappointing answers: So, it seems to be a problem with DEP only. But we were able to add licenses to a software title and sync the changes to the Jamf Pro instance without any problem. We checked Apps & Books too, since the VPP tokens had been generated by the same account. After a big sigh, we started the manual process of generating new DEP Tokens for all of the Jamf Pro instances where the previous token had been generated by the Apple ID that had had the password changed, logging in to each Jamf Pro instance in turn, and uploading the token. Sure enough, DEP synchronisation resumed. That was too much of a coincidence, so I downloaded a new DEP token and uploaded it to the relevant Jamf Pro instance. We have to download a new DEP Token for every MDM location □ These messages were accompanied by error messages in the Jamf Pro, in Settings > Global Management > Device Enrollment Program:Īnd in School Manager, the last sync was shown as several hours ago, exactly around the time the password was changed: Shortly afterwards we started noticing a lot of errors in the JAMFSoftwareServer.log files of all our Jamf Pro instances, such as this:ġ2:01:10 - .: An error occurred during oauth token refres So, we changed the password to a non-personal one and added it to our joint password manager. We decided that since Activation Lock is confined to a specific user in School Manager, the Apple IDs used for assigning DEP Tokens need to be accessible by all members of the team. My colleague works part-time, so the customer had to wait a day before the devices could be unlocked. The only way to unlock the device was for the customer to come to our office (2km away from their office), so that my colleague could enter the password. The account to unlock them showed as the Apple ID used to create the DEP Token. Both iPhones could not be setup because they reported locked with Activation Lock. We had a message from a customer that after they rebuilt two iPhones that were previously enrolled via Automated Device Enrollment (DEP) into their Jamf Pro instance. It shouldn’t matter what the reason for changing the password is, but, for context, this is why: MDM-based Activation Lock In general, we use Managed Apple IDs to log in to Apple School Manager. This is the account that we normally (but not always) use to create DEP Tokens and VPP Tokens. My colleague had cause yesterday to change the password that is associated with the Apple ID that they use to login to Apple School Manager.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |