Category filter

Common errors while enrolling Mac in Apple Business Manager

Whilst attempting to enroll Mac in Apple Business Manager through the Hexnode portal, there are a few common errors one is liable to come across.

1. Profile Installation Failed

Profile Installation failed while enrolling Mac in ABM

Description

This is a common error message that occurs during device activation.

Solution

Here are some possible remedies for this error:

  • Make sure there is an adequate number of MDM Licenses in order to manage your devices.
      1. Sign in to your Hexnode UEM portal, head on to Admin > License > Total device count.

      1. If the maximum limit on the number of enrolled devices has been reached, you’ll need to upgrade the license to manage more devices.

Total number of devices enrolled in Hexnode UEM
  • Ensure that the Server Token has not expired.
      1. After signing in to your Hexnode UEM portal,
        navigate to Admin > Apple Business/School Manager > Apple DEP.
      2. Switch to the DEP Accounts tab and check the date of license expiration.

    Licence expiration dates of Apple DEP accounts in Hexnode UEM
  • In case the Server Token has expired,
      1. Sign in to your Apple Business Manager account.
      2. Click on the account name at the bottom of the left side panel and navigate to Preferences > choose your MDM server. Click on Download Token to download a new DEP Token from your server.
      3. Head on to Admin > Apple Business/School Manager > Apple DEP > DEP Accounts.
      4. Click on the edit icon that appears when you move the cursor to the right of the respective DEP account.
      5. Upload the new token in the Upload Token field and click Save.

    Upload Token in Edit DEP Account
  • Verify that you have pushed the DEP Policy to your macOS device.
      1. You can push the DEP Policy to your macOS device(s) by signing in to your Hexnode UEM portal.
        Go to Admin > Apple Business/School Manager > Apple DEP.
      2. Select DEP Devices > Choose the required device(s) > Click the Associate DEP Profile button.

    Now, you need to wipe your device to re-enroll them into your Hexnode UEM account.

  • Check if the Pre-approved settings have been enabled in both Enrollment settings and Apple DEP settings.
    On your Hexnode UEM portal,
      1. Go to Admin > Enrollment.
      2. If you have enabled the option Pre-approved Devices only under Enrollment Restrictions,
          1. Head on to the Admin > Apple Business/School Manager > Select Apple DEP > DEP Accounts.
          2. Click on the edit icon that appears when you move the cursor to the right of the respective DEP account.
          3. Check the option Add as Pre-approved Device > Click Save.

      Add as Pre-approved device in Edit DEP Account
  • Ensure that there are no pending OS updates on any of the macOS devices that you are trying to enroll. If there are pending OS updates, you’ll have to remove the required devices from your Apple Business Manager account before executing the OS update.
      1. Go to Apple Business Manager and sign in to your account.
      2. Click Devices. Search and select the required devices from the list. You can filter devices based on their source, order numbers, device types, etc.
      3. Next, click on the database icon.
      4. Select the Unassign option to unassign devices from the MDM server.
      5. After unbinding the device from the MDM server, complete the pending OS updates on your macOS device.
      6. Go back to your Apple Business Manager account and re-assign the devices to the MDM server.
      7. Now, sign in to your Hexnode UEM portal and navigate to Admin > Apple Business/School Manager > Apple DEP > DEP Devices > Click the Sync with DEP button.

    Sync device with DEP for Mac

2. Even after successful sync, the device does not get listed on the DEP Devices page on the Hexnode portal

Solution

Perform the following methods to resolve this syncing issue:

  • Check whether the DEP token is expired. Renew the DEP token, and then factory reset the devices.
  • If the DEP token is not expired, ensure that any new terms and conditions released by Apple are accepted from the ABM portal. If Apple’s terms are not accepted, renew the token again (even if the token is still valid) and accept the conditions. Now, perform the sync action again.
  • Ensure that you have not enrolled the device in the MDM server using an enrollment method other than DEP. If any other method is used, remove the device from management and reset your device to factory settings. From your Hexnode UEM portal, go to Admin > Apple Business/School Manager > select Apple DEP > click the Sync with DEP button.

3. Cancelled

Description

Error message during device activation.

Solution

  • Check your network connectivity.
  • Try restoring the device. Restoring a device reloads the configurations into it. Then, try re-enrolling the device after restoring it successfully.

4. A server with the specified hostname could not be found

Description

Error message during device activation.

Solution

  • Check your network connectivity and try again.

5. NOT_ACCESSIBLE

Description

Error message while adding devices to the DEP portal.

Probable Cause

This error occurs if the device is not eligible for ABM enrollment or is already enrolled by another organization.

Solution

  • Check if the device is eligible for DEP enrollment. If not, enroll the device via Apple Configurator.
  • Ensure that the device is not already enrolled or maintained by another organization.

6. Unable to view the MDM servers tab after signing into the ABM portal

Solution

  • Make sure that you log in to ABM with an account with either Administrator or Device Enrolment Manager roles. To assign such roles in ABM, sign in to Apple Business Manager with an account that has the role of Administrator or People Manager. Then, select Roles under People and edit/add the required roles for the respective users.
  • Also, ensure that the admin has agreed to Apple’s terms and conditions.

7. Enrollment with management server failed. Unable to connect to the MDM server for your organization

‘Enrolling with management server failed’ error message when enrolling macOS device in ABM via Apple Configurator

Description

This error message appears when enrolling a macOS device in ABM via Apple Configurator.

Solution

Follow the steps below to resolve the issue:

  1. Revive or restore the Mac by connecting to a secondary Mac with the latest version of Apple Configurator 2 installed.
  2. In the Apple Configurator 2, control-click the DFU icon and choose Advanced > Restart.
  3. On clicking Restart, you will get an option to Prepare the device. Click Prepare.
  4. Option to ’Prepare’ device when attempting to ’Restart’ device in DFU mode via Apple Configurator.

  5. Uncheck the option Add to Apple School Manager or Apple Business Manager in the Prepare Devices window. When asked to choose an MDM server, select the Do not enroll in MDM option.
  6. Wait for the device to finish restarting.
  7. Restarting device popup in Apple Configurator

  8. On restarting the device, the DEP enrollment step will be skipped, and you will be presented with the Setup Assistant screen.
  9. On completing the setup, wipe the Mac again from the device end.

After completing the wipe, the Mac will get successfully enrolled in the MDM server, which was configured earlier in the ABM.

8. Multiple notifications appear mentioning an organization can automatically configure your Mac

Device enrollment notification mentioning an organization can automatically configure Mac

Description

Notifications frequently appear, informing you that a different organization (external or unknown) can automatically configure your Mac.

Probable Cause

This notification pops up if the device is added to multiple Apple Business Manager (ABM) accounts.

Solution

Release the device from the ABM portal of the mentioned organization and restart the device.

9. Profile installation prompt reappears on disenrolled devices

Description

Profile installation prompt appears on the device after a DEP-enrolled device has been disenrolled from Hexnode UEM and is enrolled in another MDM.

System prompt to allow device enrollment

On clicking ‘Allow’, you are redirected to the Hexnode profile installation page with the error message “Your DEP account has been removed from Hexnode. Please add and sync your DEP account to enroll your device.”

Hexnode message to add and sync DEP account

Prompt reappears multiple times, even after dismissal.

Solution

Release the device from the Hexnode MDM server in the ABM portal and assign it to your new MDM. Then, factory-reset (erase) the device for the DEP enrollment settings to get updated at the device end.

If you do not wish to reset the device, follow the below steps:

  1. Boot the Mac into Recovery Mode.
  2. Go to the Utilities menu, open Terminal and type:

  3. cd /Volumes

    Press return and type:

    ls

    On pressing return, you can view the name of your hard drive (Ex: Macintosh HD) as the output. Replace “Macintosh\ HD” with the hard drive name in the command below.

    cd Macintosh\ HD

    Type the following command to locate further the exact position of configuration profiles in the directory.

    cd var/db/ConfigurationProfiles

    To verify your position in the directory structure, type the pwd command and press return. Now, you will view the output as /Volumes/Macintosh HD/var/db/ConfigurationProfiles (or with your hard drive name in place of “Macintosh HD”).

    Note:


    Only proceed with the last commands if you are confident, you are in the correct directory, or data might get lost.

    Enter the commands below once you are in the right directory:

    rm -rf *

    mkdir Settings

    touch Settings/.profilesAreInstalled

  4. Restart the device.
  5. Note:


    After you restart the Mac, you must manually enroll the device in your new MDM.

  • Troubleshooting Guides