In our environment we use AD authentication for user accounts (non mobile), and apply MCX via Casper, to Macs running 10.8.3.
Yesterday I started noticing that my computer was not getting some settings I would have expected it to be getting, despite running jamf mcx and jamf mcx -username my_user, so I decided to flush my cached MCX settings. I started by using dscl to delete the local /Computers/localhost record.
Immediately, my Bluetooth mouse and keyboard were disconnected. I plugged in a USB keyboard and mouse, and went to the Bluetooth prefpane: Bluetooth was off and the checkbox for it was greyed out, as if it had been disabled via MCX. This setting, however, should never have been scoped to my computer.
I ran mcxquery -user my_user but there were no Bluetooth related items shown. I then attempted a jamf mcx, and it failed with a 401 error.
Since then, I've been unable to run jamf mcx. I've tried re-enrolling the computer via the jamf binary, removing the jamf framework, clearing the /Computers/localhost record and deleting /Library/Managed Preferences, re-enrolling the computer via Recon.app, and of course, multiple reboots.
The weird thing is that everything else seems to work, but trying to get mcx via the jamf binary gives a 401 error:
root# jamf checkJSSConnection
Checking availability of https://jss.my.org/...
The JSS is available.
root# jamf manage
Getting management framework from the JSS...
Enforcing management framework...
Checking availability of https://jss.my.org/...
The JSS is available.
Enforcing login/logout hooks...
Enforcing scheduled tasks...
root# jamf recon
Retrieving inventory preferences from https://jss.my.org/...
Finding extension attributes...
Locating hard drive information...
Locating hardware information (Mac OS X 10.8.3)...
Executing Unix applications...
Locating accounts...
Locating application details...
Locating package receipts...
Locating printers...
Locating software updates...
Locating plugins...
Submitting data to https://jss.my.org/...
<computer_id>330</computer_id>
root# jamf mcx
Checking for Computer Level Managed Preferences from https://jss.my.org//...
There is a problem with your syntax.
Error: Could not connect to the JSS. Status - 401
Type "jamf help" for more information.
root#
An http 401 error indicates an authorization problem, but I don't understand why this would be happening if other tasks that communicate with the JSS work fine. As far as I can tell, it's just my machine, and started very recently.
Next step might be to delete the computer record and enroll as a new machine, but because of policy history I'd rather avoid that... and I'd like to know what's going on...
-Robin
