Jamf Nation Community

djrory · ‎04-06-2020

I have created 3 config profiles to push out certificates for our users VPN access, however the profiles simply will not install.

I have tried, WiFi, LAN, 2 different devices, confirmed the cert templates are correct, I've even created new templates and tried those, created an entirely new config profile rather than copying an existing one, install automatically and avail in self service, putting the credentials in the policy and leaving them blank, reinstalling Self Service. Nothing works

Nothing makes any difference, the auto-install policy never installs and in avail. in self service as soon as you click install it fails and disconnects Self Service.

If I download the .mobileconfig file (from the config policy in JAMF donwload option) and install manually it works perfectly fine. Its just via JAMF the issue occurs.

Computer level profiles are wholly unaffected.

Any help much appreciated.

djrory · ‎04-06-2020

Manual install works perfectly fine, prompts for server credentials (if not provided in config profile) and installs.

djrory · ‎04-07-2020

Have just discovered that this applies to ALL user Level config profiles and that Computer Level profiles install as they should.

Phantom5 · ‎04-07-2020

I believe in order to install user level profiles you either need to have your Mac bound to Directory Services or install the Identification configuration profile first.

djrory · ‎04-13-2020

@f.deis all our machines are bound to AD, can you elaborate on the Identification configuration profile?

pabohr · ‎06-04-2020

@djrory Did you manage to solve your issue? I am experiencing the same issue since 2 weeks now.

When running ANY user level configuration profile from Self Service, it fails immediately and I get the red banner with the "Cannot connect to Jamf Pro server..." error.
It happens only with user level configuration profiles. Computer level config profiles or policies install without issue from Self Service, and user level config profiles installed automatically work as well.

I've been working with Jamf and Apple support for the past week without success.

Not all our devices are impacted, and even on the device we were using to repro the issue it was failing for one week, that all of a sudden it worked for a few hours and then it was failing again.

LovelessinSEA · ‎06-04-2020

@pabohr So we have run into something similar, are you using local accounts or are you using network accounts? Our resolution, with local accounts, was to use Enterprise Connect, this gives us a kerberos ticket and then allows us to deploy user level certificate based config profiles. Forgive me if i missed this but are you cloud or on-prem?

sdagley · ‎06-04-2020

@djrory If you want a User Level Profile to install immediately make it a Self Service installable profile. Otherwise it's not going to install until some point when the user's credentials are verified, such as login.

pabohr · ‎06-05-2020

@LovelessinSEA We are on-prem. We are using network accounts and have Enterprise Connect configured. Just to add that this has been working for the past couple of years with for us and we just started seeing this issue 2 weeks back, without any change in our environment except and upgrade from Jamf Pro 10.14 to 10.16, end of April.

djrory · ‎06-08-2020

Sorry for the delay in response here. JAMF Support said that this was a PI and that they are working on it. Their workaround is to download the profile, package and distribute it, then run it via a script. It's crude and tedious but works. Not really a solution for 99% of our profiles as they are all meticulously scoped based on LDAP and Smart User groups that change all the time. but works if you're really stuck with say a VPN certificate template.

Jamf Nation Community

All User Level Configuration Profile install fails immediately