Edit: FYI - Working off of 10.9 - moving to 10.11.1 this Thursday. I also want to note we don't see this behavior with the other profiles, just our 802.1x profile
Hey everyone -
We have just started experiencing a weird behavior with our 802.1x MDM profile. What we are seeing is users having their profile "stripped" and then re'pushed at random times.
Checking the logs, there is a visible removal being sent from the JSS, followed by an install for the very same profile within the same minute. If the device is off campus, or can't communicate with the CA at this time, the profile cant reinstall and the user is left with no 802,1x payload - ie no wireless :(
I checked the scoping, and the devices are remaining in scope for the profile, so I am not sure what could be causing my Jamf server to even send a removal action to the device. I am just about out of ideas, and wondering if anyone else has seen something like this before?
This is getting interesting -- My question is how are you implementing an updated Root/Intermediate if the profile is local without a wired connection? ie you need to push an updated certificate?
One of the reasons we decided to make the jump to MDM 802.1x is because we are looking at updating the Root/Intermediate which is in that 802.1x payload. We were hoping to make this seamless by pushing it out through Jamf... wouldn't you need to reinstall the profile for it to get its new certificates if its running as a local profile? ie creating a chicken before the egg problem by dropping off the old profile to install the new one?
I am actually rather surprised to hear so many are doing 802.1x with a local profile, but now I am starting to wonder if switching to MDM was the right move :(