+23We are having a problem with devices removing themselves from Jamf (jamf server logs indicate it received a 401 error). The problem is that since it seems pretty random, we need to get an alert when it drops so we can start to narrow down times. What would be the best way to do this? I'd imagine just monitoring the MDM Profile (profiles command?) but then I need a timestamped popup and log to refer back to...
Anybody have any thoughts on how to do this (please)?
+22MDM Profile won't help because this has to do with the jamf binary.
Couple things could be possible....if your Jamf Pro isn't up to date and the jamf binary on the device up to date, it may be not renewing the device id certificate or whatever it's called. The jamf binary relies on a certificate, it used to expire and then the device would stop checking in. But in the last 6 months they set this to auto renew. This might be the culprit if these are devices that have been enrolled for like 2, 3, 5 years.
The other culprit, if you have a script running that deletes or modifies computers it's possible it isn't hitting the device you want. I haven't been able to prove it but we ran into what felt like a bug where the API was modifying the wrong computer record thus breaking the trust relationship.
+23MDM Profile won't help because this has to do with the jamf binary.
Couple things could be possible....if your Jamf Pro isn't up to date and the jamf binary on the device up to date, it may be not renewing the device id certificate or whatever it's called. The jamf binary relies on a certificate, it used to expire and then the device would stop checking in. But in the last 6 months they set this to auto renew. This might be the culprit if these are devices that have been enrolled for like 2, 3, 5 years.
The other culprit, if you have a script running that deletes or modifies computers it's possible it isn't hitting the device you want. I haven't been able to prove it but we ran into what felt like a bug where the API was modifying the wrong computer record thus breaking the trust relationship.
+16@ImAMacGuy what about an extension attribute that checks for enrollment/unenrolled devices (say in the last week) then use that indicator in a smart group that triggers the JAMF helper to send or forward a notification to your (Email) or the device of your choice and with logs. I am not going to pretend to have tested this but there has to be a way to notify you of unenrolled devices and check for the JAMF binary being present on devices. Use the capture logs script created here: https://github.com/kc9wwh/logCollection/wiki/General-Configuration to send logs to your JAMF pro for download.
Sounds crazy but is it?
+10You could use a logging server like Graylog and set it up to send email notifications. Maybe your org already has a central logging server you can send to?
+5Was this ever resolved? I am currently experiencing multiple devices getting a 401 response and having all profiles removed. have not been able to pinpoint where this 401 response is coming from or why it is being triggered.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.