Skip to main content

We are currently running JSS 9.93 , Self service 9.93 and have only updated a handful of machines to Sierra (10.12).



Immediately, there are all sorts of issues. Everything from profiles not getting installed, tons of "pending" commands, Apps fail to run (google drive specifically the worst), VPN fails, etc. Even self service is having issues checking in..



Is there something I'm missing as far as configuring JAMF for Sierra or vice versa??

@cruess 9.96 is the Sierra compatible version so you need to upgrade your Casper environment.


9.96 is officially supported for Sierra.


Ok, so I've updated to 9.96, Self serv 9.96 for entire system. The issues remain.



For example, on my admin MacBook Pro (10.12) I have 8 pending commands, which I've canceled then restarted the machine and forced check-in, yet they will never complete nor fail. They just sit in pending for hours.



On other machines, we're seeing problems where JAMF says the profile has been removed, but it still shows on the device itself. Even after forcing a reboot/check-in..



The log shows "completed".



This is currently happening on 18 different devices...(that I'm aware of) and probably more.



Luckily, we've blocked all iOS from updating...


We have about 20 Sierra machines enrolled in 9.93 without issues, the only real issue I have encountered so far is Casper Remote logs don't work at all.


We're actually still on 9.81. We don't use MDM, but everything we do use with Sierra works perfectly.


Reenroll devices?


Same as the others, up until a few hours ago we were running JSS 9.82 and it was working with Sierra beta and GM (generally speaking): policies (package installs and scripts). Have upgraded our instance to 9.96 to ensure full compatibility.


do you have a proxy server? or proxy settings?


@ivanlovisi Nope. No proxy at all.


the command jamf checkJSSConnection works?


"The JSS is available."



I have also used:
jamf policy
jamf recon



Does re-enrolling the same device multiple times cause issues??


you have a valid connection with JSS but the MDM command will not pushed.
Check whether the push certificate is valid and then enrollen equipment new.


@ivanlovisi The cert is valid till 7/26/17.



Will enrolling the same device more than once cause issues?



For example, when adding devices to Microsoft SCCM- if there is any kind of duplicate record, it creates a nightmare trying to manage things... Does JAMF act similarly?? Or can I just get re-enroll happy?


@cruess We re-enroll devices pretty often here for a variety of reasons, it seems to just pick up the existing record for the same machine, although I think it flushes the logs as well so you might find once per computer policies being re-run.


hi @cruess
don't worries, you can without problems re-enroll machines .
I hope after that the mdm command works.


Try the Casper recon with no one log into the system. Watch JSS and see the polices flood in those commands should install


One other thing to look at is if your in a clustered environment ensure the "Master" is actually running and connected to the Database. We ran in to this about a month ago thanks to a DNS issue where our "Master was offline" and MDM commands were very hit and miss. Mostly miss.


I usually run the command to remove the mdm profile then do a jamf manage command to bring it back. Seems to work.



#!/bin/sh
sudo jamf removemdmprofile


#!/bin/sh
sudo jamf manage


Gabe Shackney
Princeton Public Schools


I was given the command:
jamf trustJSS



Which forced a re-download of the certs, once approved- things seem to be functional again. re-enrolling was having issues..


Reply