I've used command sudo jamf removemdmprofile and sudo jamf removeframework to fix certificate expired issue, After that I renerolled my mac with Jamf with web. My mac received all configuration profiles, but self service applicaton and jamf binary can not be pushed on my mac.
Anyone knows how to install that manually?
I tried run sudo jamf policy, but it said command not found.
In case the following proves helpful:
Jamf binary self-heal via Terminal
This is precisely what the redeploy Jamf Managment framework API endpoint is for.
https://developer.jamf.com/jamf-pro/reference/post_v1-jamf-management-framework-redeploy-id
It relies on a working MDM enrollment, since it uses the Install Application MDM command to send the Jamf binary to the device. Unfortunately there is no GUI element in the Jamf Pro UI so the only way to use it is from the API endpoint. Luckily, the the OpenAPI documentation makes this easy. Just go to https://yourJamfserver.com/api/doc/#/jamf-management-framework, authenticate and then enter the computers JSS ID.
@jun_zhang
try creating a package of the existing jamf binary from a blank test machine & then deploy it
or
try creating a quickadd package with jamf recon & just extract the binary & deploy that
of course having an administrative IT account & the ability to vnc/ssh into the machines also helps quite a bit.
@jun_zhang
try creating a package of the existing jamf binary from a blank test machine & then deploy it
or
try creating a quickadd package with jamf recon & just extract the binary & deploy that
of course having an administrative IT account & the ability to vnc/ssh into the machines also helps quite a bit.
Hi Hugonaut,
Would you like to tell me the path of jamf binary?
This is precisely what the redeploy Jamf Managment framework API endpoint is for.
https://developer.jamf.com/jamf-pro/reference/post_v1-jamf-management-framework-redeploy-id
It relies on a working MDM enrollment, since it uses the Install Application MDM command to send the Jamf binary to the device. Unfortunately there is no GUI element in the Jamf Pro UI so the only way to use it is from the API endpoint. Luckily, the the OpenAPI documentation makes this easy. Just go to https://yourJamfserver.com/api/doc/#/jamf-management-framework, authenticate and then enter the computers JSS ID.
Hi TrentO,
I found the pages you machined and create a command. But when I run the curl command on may mac it just give me 401 erorr.
Would you like to give me more details ?
Hi Hugonaut,
Would you like to tell me the path of jamf binary?
@jun_zhang wrote:Hi Hugonaut,
Would you like to tell me the path of jamf binary?
https://jss.company.net:8443/bin/jamf.gz
Hi TrentO,
I found the pages you machined and create a command. But when I run the curl command on may mac it just give me 401 erorr.
Would you like to give me more details ?
401 means that you were not properly authenticated when accessing the API. To authenticate you will need to get a bearer token from the 'api/v1/auth/token' endpoint first. Then you would include this token as 'Authentication: Bearer {{TOKEN}}' as a header with the rest of your API requests. Instructions on how to do this are found here (https://developer.jamf.com/jamf-pro/reference/post_v1-auth-token) and here (https://developer.jamf.com/jamf-pro/docs/client-credentials).
This is a bit convoluted unless you are already familiar with using APIs, so I recommend using your instances API docs directly as it provides a nice graphical interface for making one off API calls. Navigate to https://YourJamfServer.com/api/doc/#/jamf-management-framework (replacing YourJamfServer.com with the URL and possibly port to your jamf instance. This will take you to a page which looks like this.
From there you can login using the fields provided using your username and password and click authorize. This is the equivalent of getting the bearer token I mentioned earlier.
Then scroll down to the "jamf-management-framework" section and click to expand.
Click try it out as seen above and then enter the JSS ID of the computer you want to install the jamf binary on in the ID field. Then click execute.
You will see the result of the command in the Responses section below the execute button.
Hope that helps!
401 means that you were not properly authenticated when accessing the API. To authenticate you will need to get a bearer token from the 'api/v1/auth/token' endpoint first. Then you would include this token as 'Authentication: Bearer {{TOKEN}}' as a header with the rest of your API requests. Instructions on how to do this are found here (https://developer.jamf.com/jamf-pro/reference/post_v1-auth-token) and here (https://developer.jamf.com/jamf-pro/docs/client-credentials).
This is a bit convoluted unless you are already familiar with using APIs, so I recommend using your instances API docs directly as it provides a nice graphical interface for making one off API calls. Navigate to https://YourJamfServer.com/api/doc/#/jamf-management-framework (replacing YourJamfServer.com with the URL and possibly port to your jamf instance. This will take you to a page which looks like this.
From there you can login using the fields provided using your username and password and click authorize. This is the equivalent of getting the bearer token I mentioned earlier.
Then scroll down to the "jamf-management-framework" section and click to expand.
Click try it out as seen above and then enter the JSS ID of the computer you want to install the jamf binary on in the ID field. Then click execute.
You will see the result of the command in the Responses section below the execute button.
Hope that helps!
Thanks TrentO, I think I amlost get the solution.
When I click extue it gives me a curl command. Should I run that command on my Mac or after clicking execut button, the Jamf server will push a installation command to my Mac?
401 means that you were not properly authenticated when accessing the API. To authenticate you will need to get a bearer token from the 'api/v1/auth/token' endpoint first. Then you would include this token as 'Authentication: Bearer {{TOKEN}}' as a header with the rest of your API requests. Instructions on how to do this are found here (https://developer.jamf.com/jamf-pro/reference/post_v1-auth-token) and here (https://developer.jamf.com/jamf-pro/docs/client-credentials).
This is a bit convoluted unless you are already familiar with using APIs, so I recommend using your instances API docs directly as it provides a nice graphical interface for making one off API calls. Navigate to https://YourJamfServer.com/api/doc/#/jamf-management-framework (replacing YourJamfServer.com with the URL and possibly port to your jamf instance. This will take you to a page which looks like this.
From there you can login using the fields provided using your username and password and click authorize. This is the equivalent of getting the bearer token I mentioned earlier.
Then scroll down to the "jamf-management-framework" section and click to expand.
Click try it out as seen above and then enter the JSS ID of the computer you want to install the jamf binary on in the ID field. Then click execute.
You will see the result of the command in the Responses section below the execute button.
Hope that helps!
Here is the screenshot.
@jun_zhang wrote:Hi Hugonaut,
Would you like to tell me the path of jamf binary?
https://jss.company.net:8443/bin/jamf.gz
Thanks a lot.I've downloaded that gz files. Would you like to tell me how to install jamf binary with that gz file?
Thanks a lot.I've downloaded that gz files. Would you like to tell me how to install jamf binary with that gz file?
@jun_zhang wrote:Thanks a lot.I've downloaded that gz files. Would you like to tell me how to install jamf binary with that gz file?
@jun_zhang
Similar to a zip / compressed image file, once downloaded, use the following to extract into your current user profile folder;
gunzip -fq ~/jamf.gz ~/jamf
Or if you are copying from your Downloads, back into the Jamf binary original location;
gunzip -fq ~/Downloads/jamf.gz /usr/local/jamf/bin/jamf
Thanks TrentO, I think I amlost get the solution.
When I click extue it gives me a curl command. Should I run that command on my Mac or after clicking execut button, the Jamf server will push a installation command to my Mac?
If you get a success message after executing then there is no need to do anything further. The MDM command will have already sent. You can check the machine in Jamf Pro to see pending MDM commands.
Here is the screenshot.
Looks like it succeeded, so the MDM command to install Jamf should be pending
Hi guys
I am trying the same via api, but nothing happens on my testmacbook and in the api i receive als following statement
Response body
{
"httpStatus": 401,
"errors": []
}
Response headers
cache-control: no-cache,no-store,max-age=0,must-revalidate
content-length: 42
content-type: application/json;charset=UTF-8
date: Wed,06 Dec 2023 12:51:42 GMT
expires: 0
pragma: no-cache
server: Jamf
strict-transport-security: max-age=63072000; includeSubDomains;
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
I am just quite new with api. We do not really use it so much, but I am pretty sure I do the right thing.
I have exactly the same output when i do it via coderunner from my macbook
{
"httpStatus" : 401,
"errors" : [ ]
}
Additional information, there is no pending command on the testmacbook
Hi guys
I am trying the same via api, but nothing happens on my testmacbook and in the api i receive als following statement
Response body
{
"httpStatus": 401,
"errors": []
}
Response headers
cache-control: no-cache,no-store,max-age=0,must-revalidate
content-length: 42
content-type: application/json;charset=UTF-8
date: Wed,06 Dec 2023 12:51:42 GMT
expires: 0
pragma: no-cache
server: Jamf
strict-transport-security: max-age=63072000; includeSubDomains;
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
I am just quite new with api. We do not really use it so much, but I am pretty sure I do the right thing.
I have exactly the same output when i do it via coderunner from my macbook
{
"httpStatus" : 401,
"errors" : [ ]
}
Additional information, there is no pending command on the testmacbook
Honestly, the endpoint is there.... Why is there not a management button on the computer with "Redeploy JAMF Binary" and then have the same prompt as the Renew MDM Profile button... This is frustrating that you need to jump through API hoops to do something so simple. Why doesn't JAMF make ALL the actions available on a host available that are already in the API??? (BTW, used the swagger interface as suggested to do this, but it shouldn't be necessary)
401 means that you were not properly authenticated when accessing the API. To authenticate you will need to get a bearer token from the 'api/v1/auth/token' endpoint first. Then you would include this token as 'Authentication: Bearer {{TOKEN}}' as a header with the rest of your API requests. Instructions on how to do this are found here (https://developer.jamf.com/jamf-pro/reference/post_v1-auth-token) and here (https://developer.jamf.com/jamf-pro/docs/client-credentials).
This is a bit convoluted unless you are already familiar with using APIs, so I recommend using your instances API docs directly as it provides a nice graphical interface for making one off API calls. Navigate to https://YourJamfServer.com/api/doc/#/jamf-management-framework (replacing YourJamfServer.com with the URL and possibly port to your jamf instance. This will take you to a page which looks like this.
From there you can login using the fields provided using your username and password and click authorize. This is the equivalent of getting the bearer token I mentioned earlier.
Then scroll down to the "jamf-management-framework" section and click to expand.
Click try it out as seen above and then enter the JSS ID of the computer you want to install the jamf binary on in the ID field. Then click execute.
You will see the result of the command in the Responses section below the execute button.
Hope that helps!
This just saved me a world of headaches, thank you so much.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.