Help

Jamf Connect Menubar - Number of Days remaining wrong, No Kerberos Ticket - FIX

red_beard
Contributor

yesterday

TLDR: If Jamf Connect's password countdown isn't updating or Kerberos tickets aren't being received, turn off iCloud+ Private Relay.

We recently solved a puzzling issue affecting a small number of users. After password changes, their Jamf Connect Menu Bar wouldn't refresh the expiration countdown (even showing negative numbers) and they weren't receiving Kerberos tickets, despite the new passwords working correctly in Entra and AD.

After hours of investigation - trying different Jamf Connect versions, reinstalls, profile changes, and terminal commands like klist and kinit - we discovered the culprit: iCloud Private Relay was rerouting traffic, preventing proper domain resolution needed for Kerberos tickets.

The simple fix: turn off iCloud Private Relay and restart Jamf Connect. Both issues resolved instantly!

Reply
4 REPLIES 4

Msten
New Contributor II

13 hours ago

What version of Jamf Connect is installed on the device?

0 Kudos
Reply

red_beard
Contributor
In response to Msten

9 hours ago

In my experience it didn’t matter which version was installed. We are running 2.29 in general, but in our many attempts to fix the issue we even tried the latest version as I write this which is 2.44

0 Kudos
Reply

Msten
New Contributor II

9 hours ago

We experienced the same issue. Try to run defaults delete com.jamf.connect.state CustomShortName on the device, and then try to connect again in Jamf Connect. 

0 Kudos
Reply

red_beard
Contributor
In response to Msten

9 hours ago

Thanks for the suggestion. We fixed our issue as it came down to iCloud Private Relay being on. In our testing even a fresh machine setup as the affected user worked perfectly on initial setup but once they signed into their iCloud account things stopped working. As soon as Private Relay was disabled it worked again

Reply