Troubleshoot Mac Enrollment

  • Updated
Follow

There are a few variables that may cause the Robot Cloud installer to fail during enrollment. In most cases the cause is environmental, meaning there is something network related prohibiting the enrollment from completing. In other cases, it could be due to a preexisting application or configuration on the workstation. Use this document to help determine the cause of the failure.

If you are using the Robot Cloud installer for the first time in a new environment, please contact us with the desired name and static IP of the location.

 

Check Functionality

Sometimes the installer will produce a warning but compensates and succeed despite the warning. Run the two commands below in Terminal to confirm everything is working.

sudo jamf manage
sudo jamf recon

If both commands succeed and complete without error then no additional troubleshooting is required. If enrollment fails on multiple workstations, but the above commands still work, there may still be a network or workstation configuration issue that should be addressed.

If either of the commands above fail, check your Network (see below) or try uninstalling Robot Cloud and attempt to run the installer again.

 

Check Your Network

As a cloud service, there are certain ports that must be open in each environment for Robot Cloud to work properly. A firewall or software proxy can interfere with communication, causing an enrollment failure. Launch Terminal and test connectivity using the command line instructions below. When running these commands check your responses. If you find that any of these ports are closed then firewall or proxy changes will need to be made before enrollment can continue.

  1. If you receive the response Connection to server-your-testing [tcp/https] succeeded! the port is open.
  2. If you receive the response Unable to connect to remote host, the port is closed.
  3. For gateway.push.apple.com 5223, you will get no response if it is open — and no error.

SPECIAL NOTE: No Apple IPs should be blocked. Outbound communication with 17.0.0.0/8 should be allowed for all devices.

Enrollment Ports

nc -z m.robotcloud.net 443
nc -z gateway.sandbox.push.apple.com 2195
nc -z gateway.sandbox.push.apple.com 2196
nc -z gateway.push.apple.com 5223

Management Port

nc -z d3ee49752kqxh6.cloudfront.net 443 

Attempt a Manual Enrollment

If the functionality checks failed, the network ports are confirmed open, and a fresh uninstall/reinstall did not solve the problem, then it's time to attempt a manual enrollment using Terminal. Run this command:

sudo jamf enroll -prompt -verbose | tee -a /Users/Shared/enrollment.log

You will be prompted for an enrollment username and password, as well as the SSH username and password for a local user on the workstation.

JSS Username: enroll
JSS Password: enroll
SSH Username: (check System Preferences > Sharing to see what accounts are authorized for Remote Login)
SSH Password: (type in the password of the authorized account)

This process will attempt to enroll the workstation and provide verbose output to the Terminal window and a local enrollment.log file in the Users > Shared folder. If the failure is identified, but the solution is not apparent, please contact us and send us a copy of the enrollment.log for audit.

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.