After upgrading to V9.01 I'm seeing some machines now say " Device Signature Error - A valid device signature is required to perform the action." while trying to run recon. I've re-enrolled the machine, it works for a day or so but then reverts back to this message.
Question
Device Signature Error - A valid device signature is required to perform the action.
+27I've changed it up a bit for mine... but you can always ssh directly into those machines. Worse case scenario it takes about an hour to grab those units. Personally I've now moved to reenrolling all together instead of the quick add as that's been giving me some issues as well.
Hi Chris
What's your workflow to fix this your end?
I'm curious because I don't want to ssh in to 29 machines if I can help it.
Also I'm getting this after new builds and it would be good to have some kind of hot fix.
Do you know if there is a way to put enroll credentials in a script rather than doing just the jam enroll -prompt
+27Well, I suppose you could script it with the 'sleep' command. You'll also have to define and 'echo' your
JSS admin
JSS password
SSH admin
SSH password
as defined within your script. Personally I still think that manually attaching to these 29 units will be quicker than writing and testing a script to do it. Then again, you know your environment and you're the one that has to deal with it. I wish you the very best of luck!
+27... AND the reason why that's kind of a pain is because there seem to be issues with the standard jamf enroll command at the moment.
Thanks Chris but I meant how exactly do that?
As far as I'm aware the jamf binary only enables me to jamf enroll -prompt
Is their a jamf enroll -u "username" -p "password"
Etc
Thanks
@calum
Thanks very much, this seems to work.
Ive created an extension attribute with
ConfigProfiles=`sudo Profiles -L`
echo "<result>$ConfigProfiles</result>"i then create a smart to scope for the error There are no configuration profiles installed in the system domain
Then i create a policy to install my custom quickadd package and all sorted :)
+27Yep, nice solution. My issue was slightly different. And, unfortunately I was having enough issues that I just instructed our help desk to sort those few users out who had the Device Signature issue. If I find any more I'll be writing a script and will be happy to share. I'm also glad that you're quick add package is working. Ours wasn't last I checked. Fortunately I've resolved more of our major issues and can move back to these things!
i spoke too soon... machines are still showing There are no configuration profiles installed in the system domain
and is pointing towards the JSS throwing out a corrupt certificate to the machine!
They key was to
- delete /Library/Keychains/apsd.keychain 2.reboot 3.then install my custom quickadd package and all worked.
still thinking how i can do this for all the machine hmmmmm
if its possible to delete apsd.keychain and then run a command to recreate it without rebooting then this is useful
+23I ran into this yesterday on a machine as well. I just did a remote recon on it and it seemed to resolve the issue...
I'm having constant issues with this and my config profiles in my Extension attribute profiles -L show an error. When I look at the machine the MDM enrollment profile is invalid.
Doing another recon doesn't fix it for me and I can see when I do a jamf manage the previous entries do not get removed.
+13We are using 9.2 on our test JSS and have the same situation here.
As a work around, go to:
Computer Management / Security
Uncheck Enable certificate-based authentication
+20Seeing this here too, on my test JSS. :( Hope there's a fix in the works...
+14bountyman, if you uncheck that option, machines will then be unable to receive APNs and remote OS X commands.
+23the best thing to do is open a ticket withJAMF. the more examples they have the better off they are to find a resolution.
+23well said tkimpton.
+14As jwoljda said, the best thing to do is log a call do Jamf can track the issue.
We have well over 1000 active machines. Here is to hoping we get a fix soon.
been there called support on phone for a week, logged again to no avail. I feel for you, that harsh over 1000 machines!
i noticed that when i went in to the computer record of the troublesome machine on the JSS the Autorun data and delete tabs weren't showing and was pointing to a problem with the computer record.
Eventually after 10 minutes the tabs appeared and i deleted the machine off the JSS and captured it through the Recon app again remotely and it worked.
We used recon for new machines to make the MAC known in JSS this workaround solved it for us for now.
+23I had to change the SQL DB to turn off device signature checking and then send a policy out to all the devices. JAMF has a work around that's semi painless.
+6Confirming I have this issue as well. Doesn't happen on every mac though. Pretty much hit and miss.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.