After upgrading to V9.01 I'm seeing some machines now say " Device Signature Error - A valid device signature is required to perform the action." while trying to run recon. I've re-enrolled the machine, it works for a day or so but then reverts back to this message.
Page 2 / 5
I've changed it up a bit for mine... but you can always ssh directly into those machines. Worse case scenario it takes about an hour to grab those units. Personally I've now moved to reenrolling all together instead of the quick add as that's been giving me some issues as well.
Hi Chris
What's your workflow to fix this your end?
I'm curious because I don't want to ssh in to 29 machines if I can help it.
Also I'm getting this after new builds and it would be good to have some kind of hot fix.
Do you know if there is a way to put enroll credentials in a script rather than doing just the jam enroll -prompt
Well, I suppose you could script it with the 'sleep' command. You'll also have to define and 'echo' your
JSS admin
JSS password
SSH admin
SSH password
as defined within your script. Personally I still think that manually attaching to these 29 units will be quicker than writing and testing a script to do it. Then again, you know your environment and you're the one that has to deal with it. I wish you the very best of luck!
... AND the reason why that's kind of a pain is because there seem to be issues with the standard jamf enroll command at the moment.
Thanks Chris but I meant how exactly do that?
As far as I'm aware the jamf binary only enables me to jamf enroll -prompt
Is their a jamf enroll -u "username" -p "password"
Etc
Thanks
@calum
Thanks very much, this seems to work.
Ive created an extension attribute with
ConfigProfiles=`sudo Profiles -L`
echo "<result>$ConfigProfiles</result>"i then create a smart to scope for the error There are no configuration profiles installed in the system domain
Then i create a policy to install my custom quickadd package and all sorted :)
why manually when we have the suite? Thats why we got it right?
Yep, nice solution. My issue was slightly different. And, unfortunately I was having enough issues that I just instructed our help desk to sort those few users out who had the Device Signature issue. If I find any more I'll be writing a script and will be happy to share. I'm also glad that you're quick add package is working. Ours wasn't last I checked. Fortunately I've resolved more of our major issues and can move back to these things!
i spoke too soon... machines are still showing There are no configuration profiles installed in the system domain
and is pointing towards the JSS throwing out a corrupt certificate to the machine!
They key was to
- delete /Library/Keychains/apsd.keychain
2.reboot
3.then install my custom quickadd package and all worked.
still thinking how i can do this for all the machine hmmmmm
if its possible to delete apsd.keychain and then run a command to recreate it without rebooting then this is useful
I ran into this yesterday on a machine as well. I just did a remote recon on it and it seemed to resolve the issue...
I'm having constant issues with this and my config profiles in my Extension attribute profiles -L show an error. When I look at the machine the MDM enrollment profile is invalid.
Doing another recon doesn't fix it for me and I can see when I do a jamf manage the previous entries do not get removed.
We are using 9.2 on our test JSS and have the same situation here.
As a work around, go to:
Computer Management / Security
Uncheck Enable certificate-based authentication
Seeing this here too, on my test JSS. 
Hope there's a fix in the works...
bountyman, if you uncheck that option, machines will then be unable to receive APNs and remote OS X commands.
the best thing to do is open a ticket withJAMF. the more examples they have the better off they are to find a resolution.
This is getting piss annoying now
well said tkimpton.
As jwoljda said, the best thing to do is log a call do Jamf can track the issue.
We have well over 1000 active machines. Here is to hoping we get a fix soon.
been there called support on phone for a week, logged again to no avail. I feel for you, that harsh over 1000 machines!
i noticed that when i went in to the computer record of the troublesome machine on the JSS the Autorun data and delete tabs weren't showing and was pointing to a problem with the computer record.
Eventually after 10 minutes the tabs appeared and i deleted the machine off the JSS and captured it through the Recon app again remotely and it worked.
We used recon for new machines to make the MAC known in JSS this workaround solved it for us for now.
Is everyone having to do something to the machine after they image to correct this?
yes...pray
I had to change the SQL DB to turn off device signature checking and then send a policy out to all the devices. JAMF has a work around that's semi painless.
Confirming I have this issue as well. Doesn't happen on every mac though. Pretty much hit and miss.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.