Jamf Connect Sync Negative Password Expiration Time

hcgtexas
New Contributor III

I have had a few users where after they change their password with Jamf Connect, the password expiration countdown time turns into a negative number. For one user in particular, we have tried re-logging into Jamf Connect, clearing the Kerberos tickets, killing the service and restarting the app, and nothing has updated the date to the correct time. Instead of saying "Password Expires: 55 days" it counts backwards to his old expiration date with "Password Expires: -4 Days"

Does anyone know where Jamf Connect Sync v1 gets this date from/how to fix this issue?

10 REPLIES 10

erichughes
Contributor II

Is the user on network or remote? We have to have our remote users connect to the VPN and the Sign into Jamf Connect to renew the kerberos tickets to update the expiration.

hcgtexas
New Contributor III

User is connected to VPN and was able to successfully renew the ticket, still shows the same thing.

hodgesji
Contributor

We are also experiencing this - any updates on your experience @hcgtexas . Were you able to get it resolved?

user-LYBGeLSLLt
New Contributor II

i have the same Problem in our Company, does someone have a solution ? I had deleted jamf and installed again,...it doesnt help

hcgtexas
New Contributor III

@hodgesji  @user-LYBGeLSLLt It looks like our problem had to do with kerberos tickets. 

After the passwor is reset, refresh the kerberos ticket (kinit), then quit and restart Jamf Connect (sudo killall "Jamf Connect"). This ussually works for me.

how can i refresh Kerberos TIcket ? Sorrry, iam new 

Open "Terminal" and use the "kinit" command.

https://linux.die.net/man/1/kinit

Also chek out this link for general Kerberos info: https://linux.die.net/man/1/kerberos 

dvasquez
Valued Contributor

Hello. 

With the running of the kinit and restart of Jamf Connect, did you see the counter reset? Did it take time? Did you restart your computer after performing these steps?  We are seeing this behavior with a few but not all end-users. 

Troublshoot
New Contributor

Hi All,
I just started running into this while in our testing phases before rollout of Connect. Users are changing passwords successfully while connected up to the VPN, AD is updating the password, but the Expiration days in the Menu Bar never gets updated. One went into the -1 day count, the other was still listing 7 days until expiration, but AD shows 85 days until Expiration. Rebooting,Connecting to VPN, or refreshing Kerberos Tickets does nothing to change this.

In both cases we were able to remove the ~/Library/Preferences/com.jamf.connect.state.plist configuration(this contains the UserPasswordSet & ComputedPasswordExpireDate variable), reboot the computer. Join the VPN, Sign back into Jamf Connect, & it loads down a new expiration date properly by recreating the com.jamf.connect.state file. 

Other users are working just fine... should we be scripting the local user file removal with a 'OnSuccessfulPasswordChange' script for this process to work properly?
Any other ideas of what may be broken here?

dmote
New Contributor III

Hello all, stumbled upon this post looking for something else so thought I would share a script i was given by Jamf Support. I have this set in Self Service and advised my users to run whenever they see the counter not reset after they change their password. NOTE: this does force their mac to restart. 

# !/bin/bash

#Gets username of currently logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

#echo "loggedInUser"
#echo $loggedInUser
#echo "2 variable"
#echo $2
#echo "3 variable"
#echo $3

#removes the Jamf Connect state.plist file
#rm /Users/$2/Library/Preferences/com.jamf.connect.state.plist


#new code from July @ jamf
if [[ -e "/Users/$loggedInUser/Library/Preferences/com.jamf.connect.state.plist" ]]
then
echo "Deleting /Users/$loggedInUser/Library/Preferences/com.jamf.connect.state.plist [variable: loggedInUser]"
rm "/Users/$loggedInUser/Library/Preferences/com.jamf.connect.state.plist"
#Restart mac in 60 seconds
sudo shutdown -r +1
elif [[ -e "/Users/$2/Library/Preferences/com.jamf.connect.state.plist" ]]
then
echo "Deleting /Users/$2/Library/Preferences/com.jamf.connect.state.plist [variable: 2]"
rm "/Users/$2/Library/Preferences/com.jamf.connect.state.plist"
#Restart mac in 60 seconds
sudo shutdown -r +1
elif [[ -e "/Users/$3/Library/Preferences/com.jamf.connect.state.plist" ]]
then
echo "Deleting /Users/$3/Library/Preferences/com.jamf.connect.state.plist [variable: 3]"
rm "/Users/$3/Library/Preferences/com.jamf.connect.state.plist"
#Restart mac in 60 seconds
sudo shutdown -r +1
else
echo "Neither /Users/$loggedInUser/Library/Preferences/com.jamf.connect.state.plist or /Users/$2/Library/Preferences/com.jamf.connect.state.plist were found or /Users/$3/Library/Preferences/com.jamf.connect.state.plist were found"
echo "Please advise IT Support of this error message."
exit 1
fi

#Restart mac in 60 seconds
#sudo shutdown -r +1