Skip to main content

TLDR: If Jamf Connect's password countdown isn't updating or Kerberos tickets aren't being received, turn off iCloud+ Private Relay.


We recently solved a puzzling issue affecting a small number of users. After password changes, their Jamf Connect Menu Bar wouldn't refresh the expiration countdown (even showing negative numbers) and they weren't receiving Kerberos tickets, despite the new passwords working correctly in Entra and AD.


After hours of investigation - trying different Jamf Connect versions, reinstalls, profile changes, and terminal commands like klist and kinit - we discovered the culprit: iCloud Private Relay was rerouting traffic, preventing proper domain resolution needed for Kerberos tickets.


The simple fix: turn off iCloud Private Relay and restart Jamf Connect. Both issues resolved instantly!

What version of Jamf Connect is installed on the device?

What version of Jamf Connect is installed on the device?


In my experience it didn’t matter which version was installed. We are running 2.29 in general, but in our many attempts to fix the issue we even tried the latest version as I write this which is 2.44

We experienced the same issue. Try to run defaults delete com.jamf.connect.state CustomShortName on the device, and then try to connect again in Jamf Connect. 

We experienced the same issue. Try to run defaults delete com.jamf.connect.state CustomShortName on the device, and then try to connect again in Jamf Connect. 


Thanks for the suggestion. We fixed our issue as it came down to iCloud Private Relay being on. In our testing even a fresh machine setup as the affected user worked perfectly on initial setup but once they signed into their iCloud account things stopped working. As soon as Private Relay was disabled it worked again

Reply


Terms & ConditionsCookie settings