9.23 fails to enroll in MDM

chlaird
Contributor

Yesterday I cloned out 9.22 into a sandbox and updated it to 9.23. Ever since the update, we can't enroll devices in MDM with the sandboxed machine.

It just reports: The computer was not enrolled in MDM with the JSS. The device certificate did not install.

I've tried these directions, but that didn't change anything. https://jamfnation.jamfsoftware.com/discussion.html?id=8836

Running 'jamf manage' just keeps reporting the same, and failing.

Anyone else seeing this? Any fixes found yet?

17 REPLIES 17

bentoms
Release Candidate Programs Tester

On the 9.23 box, maybe try recreating the JSS CA cert?

RobertHammen
Valued Contributor II

I'm seeing exactly the same thing, created a thread on it Friday afternoon.

https://jamfnation.jamfsoftware.com/discussion.html?id=9660

rcorbin
Contributor II

As @bentoms said it sounds like you may need to recreate the JSS CA cert. I had that problem after first upgrading to 9.x from 8.x.

RobertHammen
Valued Contributor II

Tried that, made no difference. Some people have reported that MDM capability shows up "later on" down the road, but that's annoying. Going to ask the client to open a case w/JAMF Support.

chlaird
Contributor

Did a webex with jamf support today. We couldn't find the cause of the problem, everything looks how it should. We're gonna keep working until we figure it out; they said they're heard of a bunch of cases of this happening on 9.23.

chlaird
Contributor

Every time I post, it double posts. I apologize.

Hego_Damask
New Contributor

Is the MDM cert on the client? Can you see an apns token assigned to that device in the database? If both those pieces are in place the MDM should show as MDM capability Yes. If both those are in place and you are still seeing No than I would deduce a 9.23 issue. For shiggles... can you verify the status of your ports and any firewall/proxy on the sandbox? I assume no differences from your prod environment? You can still communicate with the APNS?

RobertHammen
Valued Contributor II

The MDM cert never makes it to the client - check the log snippet I posted in my thread:

https://jamfnation.jamfsoftware.com/discussion.html?id=9660

Feb 7 15:45:16 testclient.local installd[2871]: ./postinstall: The computer was not enrolled in MDM with the JSS. The device certificate did not install.

Hego_Damask
New Contributor

Saw that... just need to hear it.

Any results on sudo jamf manage? Does that pull the cert down to the client?

rcorbin
Contributor II

Will be interested to know if the Casper 9.24 update that just came out fixes this for you. I held off on upgrading to 9.23.

appledes
New Contributor III

Hello. Are all of the affected machines 10.8.x??? We had the same problem but it only affected ML machines.
We discovered that if the Mac had WiFi connected and the Ethernet port in use, it would never enroll.
We turned off the WiFi port, rebooted, ran sudo jamf manage, and the MDM enrolled just fine.

appledes
New Contributor III

Correction to my previous post. This fix DOES NOT WORK in 9.23.
The fix works in 9.21. Havent tried 9.24 yet.

appledes
New Contributor III

OK. Latest is that we renewed the JSS cert, restarted Tomcat on the 9.23 test box and enrollment will now work on all Macs and on the ML machines as long as the WiFi is turned off.

chlaird
Contributor

Has anyone tested this or had any success with Mavericks? I've been trying every suggestion I've gotten, including reenrolling with Wifi off as local admin, and it's still failing. QuickAdd fails, and jamf -manage just reports that the MDM could not be installed.

rcorbin
Contributor II

So is this issue all resolved now ? I've been kind of holding off on upgrading to 9.23 or 9.24 since reading this.

emily
Valued Contributor III
Valued Contributor III

We just set up a brand new JSS using version 9.23 and during JumpStart could not get it to work no matter what we tried. Looks to still be an issue.

cassielevett
New Contributor

It seems to still be an issue even with the update. I find completely reinstall the OS will fix it.