Am also having this issue with newly imaged Macs and we are on JSS version 10.1

Yeah, I'm getting this problem. I think I'll wipe the machine, reinstall 10.;13 and re-enroll just for giggles.

I am seeing this problem (one instance) running JAMFPRO 10.3 on a mac running 10.13.3

Just got off chat with Jamf Support, Creating a brand new Configuration Profile (do not clone!) and adding the IDs again resolved my issue. No root cause but worked like a charm for me. We're on 10.3.0 for the record.

I ran into this as well and can confirm @gleethorp's solution of creating a new config profile, rather than cloning, resolved the issue.

So is the fix for this really a fix? Are we expected to recreate Config Profiles from scratch every time this error occurs?

Creating new profiles doesn't work for us. We're running JSS 10.7.0 and on El Capitan (10.11.6) for 13 iMacs, they get "cannot decrypt encrypted profile".

For an issue created in 2014... there is still no resolution? I have completely wiped the machines, reinstalled OSX from USB, then re-enrolled only to find the same error...

Please advise...

Creating a brand new (not clone) configuration did the trick for me. Had this come up after moving to Jamf Cloud.

As with @cruess we have completely reformatted the computers and enrolled but still get this issue. Please fix this or provide a 100% reliable workaround, not just create Configuration Profiles from scratch.

macOS 10.13.x, macOS 10.14.x
JSS version 10.9.0-t1544463445

I'm also experiencing this issue, when trying to deploy a mobileconfig file that I created on my local machine and then imported to JAMF Cloud. Running Recon and Policy does nothing.

Four years later and this problem is still a problem. Creating a new config profile did not work for me.

I have since switched to Mosyle (where this is not an issue), but if I recall correctly I never found an issue for this in Jamf. Good luck!

I'm seeing this problem behavior in Jamf Pro 11.1.1-t1701704198 with 14.2.1 & 13.6.3, and it's effecting some of my VIPs.

UPDATE - I ended up editing the IP list of our Azure firewalls after I discovered the Jamf announcement of 11/13/23. 

I ended up editing the Azure firewall IP list to include new listing that they released on 11/13/23. Hope that helps. It had nothing to do with the clients themselves.

We are still getting the "Unable to decrypt encrypted profile" across all profiles. Verified with network security that all new IP addresses have been added to the firewall.

any resolution to this yet?

I'm seeing this with newly created profiles on 11.6.1 hosted: "unable to decrypt encrypted profile."

At my institution, we were experiencing the same issue. We updated the NetFramework server to version 4.8 and the connector to 1.1.

This solved the problem for us!

Using 11.9

If you are using Jamf Pro 11.9 and ADCS Connector, please read at https://learn.jamf.com/en-US/bundle/jamf-pro-release-notes-11.9.0/page/Important_Notices.html

" Integrations with Active Directory Certificate Services (AD CS) now require Jamf AD CS Connector 1.1.0.
Jamf AD CS Connector 1.1.0 requires .NET Framework 4.8 or later. "

Then take a look at https://www.rocketman.tech/post/update-your-jamf-ad-cs-connector and https://learn.jamf.com/en-US/bundle/technical-paper-integrating-ad-cs-current/page/Upgrading_the_Jamf_AD_CS_Connector.html on how to update.