9.4 using jamf manageand SCEP errors

jwojda
Valued Contributor II

So I was trying to figure out why it was taking so long for a config profile change to happen in my test machine on 9.4. I tried to do a sudo jamf manage and it errored out with the following...

$ sudo jamf manage Password: Sorry, try again. Password: Getting management framework from the JSS... Enforcing management framework... Checking availability of https://server:8443/... The JSS is available. Enforcing login/logout hooks... Error installing the computer level mdm profile: profiles install for file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user:'root' returned -915 (Unable to contact the SCEP server at “https://server:8443//CA/SCEP”.) Problem installing MDM profile. Problem detecting MDM profile after installation. Enforcing scheduled tasks... Creating launch daemon... Creating launch agent... $

I checked in the PKI settings, and there is nothing with scep enabled.

3 REPLIES 3

smith_kyle
New Contributor III

It sounds like you might have your JSS url also in the JSS scep url in settings > global settings > jss url. Try getting rid of that value (if you're using the built in CA) and see if that does it.

jonmacguru
New Contributor II

I was seeing the same error yesterday. After doing some digging, it turned out to be a side effect of our migration of the JSS from OS X to Linux. Under OS X, the SCEP server runs on http port 9006 by default, but on Linux, it runs on http port 8080. When we restored our JSS DB to the Linux install, the setting to use port 9006 was intact, but the SCEP server was actually running on 8080. I had to update the URL in the JSS URL (JSS URL for Enrollment Using Built-in SCEP and iPCU) and fix the port by entering 8080. Now our client Macs do not show the error when we "jamf manage".

appledes
New Contributor III

I had the same problem on a 9.51 fresh build on OS X Mavericks. Renewing the JSS Built in cert and restarting Tomcat fixed the issue for us.