JAMF Pro - Running into something weird with newly prestaged Macs and not sure where to start.
After PreStage enrollment, our internal CA cert. is getting installed, but it shows as not trusted in the System keychain. We can manually trust it and it’s fine after that.
This wasn’t happening before — machines on 26.2 were fine. Started noticing it on 26.4.
At the same time, GlobalProtect won’t connect on these machines. It just throws:
“network connection is unreachable or portal is unresponsive”
+17Hello,
If you are using an internal CA sever to generate device certs, the trust chain might be broken somewhere along the way. Could you check if the Root CA is invalid/expired?
Hello,
If you are using an internal CA sever to generate device certs, the trust chain might be broken somewhere along the way. Could you check if the Root CA is invalid/expired?
Here’s what Jamf Support are saying “ it appears that your problem is related to two known product issues with Jamf Pro version 11.26.x: PI-1152 and PI-1153
“ PI-1152 involves the MDM Device Identity Certificate not being trusted on new enrollments after updating to version 11.26.
- PI-1153 concerns Device Identity Certificates being marked as untrusted in Keychain Access during enrollment in version 11.26.1.
Both issues have been confirmed by our product engineering team and are currently in "Submitted / To Do" status as of April 9, 2026. At this time, there is no documented workaround available.”
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
