I am unable to enroll a Mac in my company. It is literally the only one that has failed every time. I have tried to enroll this Mac via Recon, a script in ARD, and from the enrollment URL.
The logs seem to indicate it didn't work.
Here are the logs from ARD and Recon:
ARD:
[computername] (10.3.2.25)
TERM environment variable not set.
Moving to working directory at /tmp
JAMF Binary is present.
The JSS is available.
From Recon:
Recon failed to submit to the JSS. ...
Submitting data to https://jss.mycompany.net:8443/...
Failed to submit inventory
Getting management framework from the JSS...
Enforcing management framework...
Checking availability of https://jss.mycompany.net:8443/...
The JSS is available.
Enforcing login/logout hooks...
Enforcing scheduled tasks...
Creating launch daemon...
Creating launch agent...
Checking availability of https://jss.mycompany.net:8443/...
The JSS is available.
Checking for policies triggered by enrollmentComplete
There is a computer with that IP address in the JSS but there’s no information about it. If I search by computer name, no results are found.
I also tried removing the JAMF Framework and then trying again but it still fails.
Any thoughts?
Thanks in advance.
Have you checked to make sure there is not another machine sharing the same JSS ID?
check system profiler and make sure it has correct serial number listed
are you using a thunderbolt ethernet adapter?
@ifbell - no, I'm not sure how to do that. Can you tell me how?
@CasperSally - Ok. I will give that a shot.
@johanguz - I can't recall. I will check.
I'll report back my findings here. Thanks so far!
So, I am not sure how to check the JSS ID.
But, the serial number looks fine and he's not using a Thunderbolt Ethernet adapter.
Hi Rich,
Just a wild thought - try removing the existing machine from the JSS (the one with the same IP) and then re-enroll from the client
Regards,
David
Is the time/date set right? My JSS gets very cranky when its off on a client machine.
@dlondon and @jennifer_unger
I deleted that computer record in the JSS and verified that the client's mac has the correct date and time.
Enrollment still fails.
I may have to call JAMF support on this unless someone else has another suggestion.
Thanks for all the suggestions so far!
We had an issue where a user had put an emoji into the computer name (he wanted to see the smiling poo icon on his screensaver) and that caused an enrollment failure... removed the emoji and it worked fine.
@alexjdale - that's hilarious! but, there are no emojis in this problematic Mac.
I am also having a similar issue with about 1 in 70 Macs that try to enroll.
The client will run QuickAdd and it will fail. I’ll see "No Name" enrolled no information about the computer, just the user name that tried to enroll.
I was actually able to look at one of the Macs and the JSS certificate was not in Keychain, however the jamf Framework was installed. In terminal I could run all the jamf commands including sudo jamf policy and sudo jamf recon and it would actually run, but when it got to the last step of sending that to the JSS server it failed because it didn't have the certificate.
I tired sudo jamf enroll -prompt and that seemed to work, it said it acquired the certificate, but still nothing in keychain.
I tired sudo jamf removeFramework and deleting the entry from the server, restarting the Mac, running repair permissions and then enrolling, but still failed.
One thing I didn't try was from another account, but there was only one account on the Mac at the time.
I should have also done sudo jamf enroll -prompt -verbose
What version of JSS are you currently running? Also what version of Mac OS does that machine have?
Reason being is if it's 10.10 I believe versions below 9.6 have issues enrolling 10.10 as we've ran into it before. You might try grabbing the new recon, run it and see if it joins it, if so your JSS will downgrade the binary back to the current version you have.
@jjones we are running JSS 9.61 (I know a little behind). The issues we have had it on (that I have been able to see) have been Mavericks and Yosemite.
Oh yeah I also made a new QuickAdd in Recon to try as well, sorry for got to mention that step.
It's just odd that the certificate never adds to Keychain, but these are Macs that users have had... reimaging works, but users don't prefer that.
@jedfrye
What do you have in Computer Management/Inventory Collection/Software?
I had this same problem a few months ago and it came back to something I had entered in there. I since removed whatever it was, but I think I may have had the entire volume marked for scan ( / ).
As of now all I have entered is /Applications/ and /Users/ and the problem has not returned.
Edited: FUBAR path in my first line.
Hey @gskibum,
Thanks for the reply; I checked and we just have /Applications and /Users
@jedfrye
Now that I'm less under the grips of a gnarly cold virus, let me be more clear.
When I had the problem it wasn't the entry itself in inventory collection that was the cause, rather it was a corrupt app being inventoried that happened to be sitting outside of /Applications or /Users.
So maybe you've got some app (or document) that's tripping things up.
@gskibum I wouldn't doubt that at all. These are all Macs that they users has had. New & reimaged Macs are unaffected.
Thanks for the suggestion. I'll let you know what happens.
