Device Signature Error on All macOS Mojave (10.14.6) Machines

Thank you so much! The timing of it and the fact that it only effected the one version of macOS made it seem likely that something very specific caused it as a one time thing. I really appreciate you digging that up and replying with it so quickly!

Hi @sdagley ,

re-rolling each machine is not a viable solution except in very small realities.
We have hundreds of systems out of order, it's a very serious problem that Jamf has to solve very quickly if he wants to see his contract renewed!
Is it possible that these things are not tried before an update is distributed? we are talking about an obvious and blocking problem, not a detail. Such lightness in behavior is inadmissible, it is a sign of lack of attention and seriousness.

@orlandinim I'm simply relaying the info on the problem. You should contact your Jamf rep with your concerns regarding the impact and why the issue wasn't discovered until after JSS 10.40 was released since macOS 10.14.4 or later is still listed in the Minimum Supported section of the 10.40 release notes.

Yeah sorry @sdagley, obviously I wasn't mad at you!
Of course we have already involved our dealer, but I am very annoyed by the current situation caused by Jamf.

Hey all! Utilizing the Jamf Pro API to bring these computers back worked for me.

I've attached a script I wrote to get this done a bit quicker for those of us with hundreds of computers out there inaccessible.

It's written in zsh and utilizes AppleScript to gather your input for instance URL, Username, Password, and a plaintext file generated by copying all serial numbers that I exported using a Smart group targeting computers with a last check in of August 13th-15th, since this is about when the update to 10.40 took place for our instance.

Hope this helps someone running into the same issue!

Hi Everyone,

We're also facing with the same issue. How about performing an OS upgrade on Mojave devices? 

Yes updating the devices to an OS after Mojave, then redeploying the framework remotely or locally fixes the issue.

You'll need to update the devices before you push the redeployment of the framework though, otherwise the issue will persist.
However, we've found that just updating the devices and not re-enrolling does not resolve the issue though.

Hi ETsavaris,

Thank you for your reply! I will give a try to OS upgrade and redeploy the framework as you suggested. By the way, re-enrolling the Mac devices doesn't cause any duplicate recordings in Jamf console does it? Additionally, it doesn't redeploy any configuration or policy, right?

Best Regards.

I've heard of duplicate profiles being created whenever a device is re-enrolled, but I've never seen it personally.
I would be curious to see whether a computer will still be able to have its framework re-deployed via API if its record is deleted from Jamf, and the computer is not under a Prestage.

In regards to your second question, our environment has a mix of Prestage enrolled devices, as well as user-initiated enrolled devices. We've seen that the only thing triggered were any policies set to execute on the "Enrollment Complete" event. All other configuration profiles that were scoped to the computers initially were either retained or were removed/added once the computers checked in again based on what they should have.

We don't use Enrollment Customization though, so I don't know if anything there would be affected or not.

Another thing to note, is if you utilize any kind of computer configuration automation like DEPNotify or the Notify options used in Jamf Connect (In our case DEPNotify) note the computers that were enrolled BEFORE the automation was engineered as they won't have the log files needed to error out the process (a.k.a. /var/tmp/depnotify.log or others.)

We are seeing this exact issue on Monterey, and our Jamf Pro was updated to 10.41 in September. About this time individual machine jamf logs show connection issues to the Jamf server, but the Device Signature error seems to have started around Oct 12/13th. We have 971 managed computers so manually re-enrolling them is not an option.  Currently have a Support ticket open with Jamf about this, but will post a link to this thread in the ticket and ask them if they think it is the same issue.

Did you hear back from Support on your issue? If so, what did they say? We also have hundreds of machines with the same issue.

When we adopted Jamf for our Mac estate (before i got involved) we created an admin account on every enrolled mac. This account was also used as the Management account. As of 10.40 this caused issues, including this one, when we upgraded to 10.41 (we passed on 10.40 as it occurred during a moratorium period).  We have an ongoing case with Jamf Pro and have gone through several suggestions with them, so my suggestion is for you to raise a case directly with them. It's too complex to go into here, as the case is still ongoing.  For example we now have a separate Management account called (not very originally) "jamfadmin". This should have resolved the issue, except it appeared on a newly-enrolled machine just a day or two later.   The latest suggestion was that since our MDM cert is up for renewal in April, we should manually upgrade all certs now.  This is taking time, and the jury's still out as to whether it will fix the issue or not.