Yes, its the management account name and password. Whatever is stored in the computer record in the JSS for the management account isn't matching up with the actual account on the Mac. If you know the local account name/password, you can update the information in the record in the JSS, refresh Casper Remote and it will try using the new information. If you don't know it, you'll need to have it reset to something else on the device and have the JSS updated simultaneously.
There was a bug in an earlier version of the JSS (9.7 something?) that would cause a problem with a password if it had a '!' in it. If you, like me, rotate to a random password, you might have hit that. During a recent check, I found that 65% of my computers had a bad management account pw.
The script below tries to execute a second policy (custom trigger 'reset_password') which rotates the password. If it fails, then this script deletes the management account and re-enrolls the computer using CasperCheck's installer (you do run CasperCheck, right?).
#!/bin/sh
quickadd_installer="/var/root/quickadd/casper.pkg"
changePWPolicy=`jamf policy -event reset_password`
echo "STATUS: $changePWPolicy"
if [[ $changePWPolicy == *"Error"* ]]; then
echo "Management Account needs Fixing"
if [ -f "$quickadd_installer" ]; then
/usr/local/jamf/bin/jamf deleteAccount -username CASPER -deleteHomeDirectory
/usr/sbin/installer -pkg "$quickadd_installer" -target /
else
echo "QuickAdd is not available. Danger, Will Robinson! Danger!"
fi
else
echo "All Looks good. Closing"
fi
I don't have the ! in my password, i have a @ though.
I do not see where in the JSS i can change/update the management account name/password ??
where in the JSS i can change/update the management account name/password ??
If you know the password, select the computer record to view it's inventory. Under the general tab, look at the general information and notice the small EDIT button under it. You can enter a known name/password there.
When viewing the computer details, under the first "General" tab, look for an "Edit" button. Click that and you'll see fields for the Management account details. If you don't see the Edit button, it means you don't have the privileges to edit that information.
hi team,
I am also facing the similar kind of issue.
I am trying to connect a machine where it throws an error "An incorrect username/password is entered for this computer".
I could able to edit the machine objects management account and reset the password . But still i am unable to connect through casper remote console.
any further steps do i have missed it out here? please help
regards,
senthil
Is there a way to do the "General tab click Edit" via the command-line. Maybe using some API call? We have a use scenario where the management password gets changed during a re-image, but the database doesn't get updated. I would like to script updating the database, so we don't have to retrain all of our staff with any change in the process.
@musat The management account password is stored in a SHA-256 hashed format, not plain text, when accessed via the API. I won't say its impossible to update that field via the API, but I don't think anyone's been successful at doing that yet.