Jamf Connect - Nothing happens when selecting "Change Password"

ashrimega
New Contributor

Long story, but I'll try to keep it short.

 

We have Jamf Connect in our environment linked to Azure for user authentication. We wanted this product because it has built in password change features that would synchronize the local system password with the users Azure (network) password and remove the need to bind our Macs to on-prem windows domains. Also we're a mixed environment of Windows and Mac system moving towards Azure cloud services and this would allow us to us ZTI for mac users.

 

When we click "Change Password" nothing happens. We were able to temporarily resolve this issue by updating our Jamf Connect installs, but this only resolves for maybe 2-3 weeks before we noticed the same issue return, this is effecting all our Jamf managed macs.

 

I engaged with Jamf support and they requested logs, suggested updating (again) had me try different default browsers. All the same results. Nothing happens, EXCEPT for a short time after updating the Jamf Connect client when it works as we would anticipate.

 

Fast forward a month or so, I rebuilt the Jamf Connect configuration profiles. We have Azure authentication and Kerberos built into the old profile so I thought maybe that was the problem causing conflicts as sometimes you'd get the Azure web page and other times it was just a macOS window to enter password information into. Deployed to the test group, everything seems fine at first. Again, fast forward 1 week or so, problem has returned.... This is the only Menu button that does nothing. We don't use "Reset Password" in our config.

 

Jamf support seems as a loss, wondering of anyone on here can help. We are working around it by sending the users the same link we have in the config profile and have them open it in their browser of choice.

9 REPLIES 9

bwoods
Valued Contributor

It sounds like you either don't haver your change password link configured or you're running into some sort of licensing issue.

 

bwoods
Valued Contributor

Did you configure the license with the JC Configurator app or did you create your own profile?

TheWarmAtlantic
New Contributor III

Did you every find the answer to this? This happening for us with JC 2.8+. JC 2.6.0 and below works just fine.

andrewsp
New Contributor II

Im having the same issue with JC 2.8+, still can't find a solution

I have spoken to Jamf Support about this issue they have let me know it is a reported problem. They said it will be fixed in a future release. You can rollback to 2.7 for now to resolve the issue. 

 

Their response to me:

Thank you for providing the log information. I have done some additional research and I think I have narrowed down the issue. It looks like we are running into PI109837. In this product issue, on Jamf Connect Menu (tested on 2.8 and 2.9), if a Kerberos Realm dictionary is set alongside a ChangePasswordURL key defined to Azure change password url (https://account.activedirectory.windowsazure.com/changepassword.aspx) to cover password change requests outside of the internal network or VPN, the Change Password URL menu action will be ignored. Below I have a workaround to test. - Configure Jamf connect menu with Azure IDP - add the keys ChangePasswordURL and ResetPasswordURL - set ChangePasswordURL to https://account.activedirectory.windowsazure.com/changepassword.aspx - set ResetPasswordURL to https://passwordreset.microsoftonline.com - push the config profile to a test machine, authenticate and confirm both menu items are giving access to the change password and reset password Azure web windows - add a Kerberos dictionary to the plist - make sure you CAN NOT access this Kerberos realm (fake kerberos domain or connected outside of the local network)  push this updated profile to the test machine and reopen Jamf Connect - try to open the reset password menu item - try to open the Change Password menu item Let me know how this goes and if it resolves your issue.

andrewsp
New Contributor II

So I wonder if this supposed “fix” is specific to Azure and those URL’s, because I’m using Okta and will probably have different results. I’ll go through those steps with the Okta URL’s and see what happens. For now I’ve just been downgrading to 2.7.0

dvasquez
Valued Contributor

This was good information and helpful. Thank you for sharing!

 

perryd84
Contributor II

Hi,

Still seeing this issue in 2.12. Anyone been able to fix it?

user-LYBGeLSLLt
New Contributor II

i still have the same problem on some macs...did anyone resovled it ?