Jamf Nation Community

chlaird · ‎02-08-2014

Yesterday I cloned out 9.22 into a sandbox and updated it to 9.23. Ever since the update, we can't enroll devices in MDM with the sandboxed machine.

It just reports: The computer was not enrolled in MDM with the JSS. The device certificate did not install.

I've tried these directions, but that didn't change anything. https://jamfnation.jamfsoftware.com/discussion.html?id=8836

Running 'jamf manage' just keeps reporting the same, and failing.

Anyone else seeing this? Any fixes found yet?

bentoms · ‎02-08-2014

On the 9.23 box, maybe try recreating the JSS CA cert?

RobertHammen · ‎02-08-2014

I'm seeing exactly the same thing, created a thread on it Friday afternoon.

https://jamfnation.jamfsoftware.com/discussion.html?id=9660

rcorbin · ‎02-11-2014

As @bentoms said it sounds like you may need to recreate the JSS CA cert. I had that problem after first upgrading to 9.x from 8.x.

RobertHammen · ‎02-11-2014

Tried that, made no difference. Some people have reported that MDM capability shows up "later on" down the road, but that's annoying. Going to ask the client to open a case w/JAMF Support.

chlaird · ‎02-11-2014

Did a webex with jamf support today. We couldn't find the cause of the problem, everything looks how it should. We're gonna keep working until we figure it out; they said they're heard of a bunch of cases of this happening on 9.23.

chlaird · ‎02-11-2014

Every time I post, it double posts. I apologize.

Hego_Damask · ‎02-11-2014

Is the MDM cert on the client? Can you see an apns token assigned to that device in the database? If both those pieces are in place the MDM should show as MDM capability Yes. If both those are in place and you are still seeing No than I would deduce a 9.23 issue. For shiggles... can you verify the status of your ports and any firewall/proxy on the sandbox? I assume no differences from your prod environment? You can still communicate with the APNS?

RobertHammen · ‎02-12-2014

The MDM cert never makes it to the client - check the log snippet I posted in my thread:

https://jamfnation.jamfsoftware.com/discussion.html?id=9660

Feb 7 15:45:16 testclient.local installd[2871]: ./postinstall: The computer was not enrolled in MDM with the JSS. The device certificate did not install.

Hego_Damask · ‎02-12-2014

Saw that... just need to hear it.

Any results on sudo jamf manage? Does that pull the cert down to the client?

rcorbin · ‎02-14-2014

Will be interested to know if the Casper 9.24 update that just came out fixes this for you. I held off on upgrading to 9.23.

appledes · ‎02-17-2014

Hello. Are all of the affected machines 10.8.x??? We had the same problem but it only affected ML machines.
We discovered that if the Mac had WiFi connected and the Ethernet port in use, it would never enroll.
We turned off the WiFi port, rebooted, ran sudo jamf manage, and the MDM enrolled just fine.

appledes · ‎02-17-2014

Correction to my previous post. This fix DOES NOT WORK in 9.23.
The fix works in 9.21. Havent tried 9.24 yet.

appledes · ‎02-17-2014

OK. Latest is that we renewed the JSS cert, restarted Tomcat on the 9.23 test box and enrollment will now work on all Macs and on the ML machines as long as the WiFi is turned off.

chlaird · ‎02-18-2014

Has anyone tested this or had any success with Mavericks? I've been trying every suggestion I've gotten, including reenrolling with Wifi off as local admin, and it's still failing. QuickAdd fails, and jamf -manage just reports that the MDM could not be installed.

rcorbin · ‎02-27-2014

So is this issue all resolved now ? I've been kind of holding off on upgrading to 9.23 or 9.24 since reading this.

emily · ‎03-28-2014

We just set up a brand new JSS using version 9.23 and during JumpStart could not get it to work no matter what we tried. Looks to still be an issue.

cassielevett · ‎09-12-2014

It seems to still be an issue even with the update. I find completely reinstall the OS will fix it.

Jamf Nation Community

9.23 fails to enroll in MDM