Posted on 02-09-2016 12:47 PM
when using Casper Remote to do a 'Screen Share' i am getting on a certain computer, while on other computers i do not get this and am able to screen share.
test-M 192.166.225.15 Yes An incorrect Username/Password is entered for this computer
what is the Username/Password it's trying to use ? is the the Management Account that gets created when computer gets enrolled ?
is there a place i can check?
is there a way i can change it?
Solved! Go to Solution.
Posted on 02-09-2016 01:48 PM
When viewing the computer details, under the first "General" tab, look for an "Edit" button. Click that and you'll see fields for the Management account details. If you don't see the Edit button, it means you don't have the privileges to edit that information.
Posted on 02-09-2016 12:50 PM
Yes, its the management account name and password. Whatever is stored in the computer record in the JSS for the management account isn't matching up with the actual account on the Mac. If you know the local account name/password, you can update the information in the record in the JSS, refresh Casper Remote and it will try using the new information. If you don't know it, you'll need to have it reset to something else on the device and have the JSS updated simultaneously.
Posted on 02-09-2016 01:29 PM
There was a bug in an earlier version of the JSS (9.7 something?) that would cause a problem with a password if it had a '!' in it. If you, like me, rotate to a random password, you might have hit that. During a recent check, I found that 65% of my computers had a bad management account pw.
The script below tries to execute a second policy (custom trigger 'reset_password') which rotates the password. If it fails, then this script deletes the management account and re-enrolls the computer using CasperCheck's installer (you do run CasperCheck, right?).
#!/bin/sh
quickadd_installer="/var/root/quickadd/casper.pkg"
changePWPolicy=`jamf policy -event reset_password`
echo "STATUS: $changePWPolicy"
if [[ $changePWPolicy == *"Error"* ]]; then
echo "Management Account needs Fixing"
if [ -f "$quickadd_installer" ]; then
/usr/local/jamf/bin/jamf deleteAccount -username CASPER -deleteHomeDirectory
/usr/sbin/installer -pkg "$quickadd_installer" -target /
else
echo "QuickAdd is not available. Danger, Will Robinson! Danger!"
fi
else
echo "All Looks good. Closing"
fi
Posted on 02-09-2016 01:45 PM
I don't have the ! in my password, i have a @ though.
I do not see where in the JSS i can change/update the management account name/password ??
Posted on 02-09-2016 01:48 PM
where in the JSS i can change/update the management account name/password ??
If you know the password, select the computer record to view it's inventory. Under the general tab, look at the general information and notice the small EDIT button under it. You can enter a known name/password there.
Posted on 02-09-2016 01:48 PM
When viewing the computer details, under the first "General" tab, look for an "Edit" button. Click that and you'll see fields for the Management account details. If you don't see the Edit button, it means you don't have the privileges to edit that information.
Posted on 02-10-2016 07:43 AM
i see it now, thanks
Posted on 02-17-2016 02:22 AM
hi team,
I am also facing the similar kind of issue.
I am trying to connect a machine where it throws an error "An incorrect username/password is entered for this computer".
I could able to edit the machine objects management account and reset the password . But still i am unable to connect through casper remote console.
any further steps do i have missed it out here? please help
regards,
senthil
Posted on 02-17-2016 12:33 PM
Is there a way to do the "General tab click Edit" via the command-line. Maybe using some API call? We have a use scenario where the management password gets changed during a re-image, but the database doesn't get updated. I would like to script updating the database, so we don't have to retrain all of our staff with any change in the process.
Posted on 02-17-2016 12:38 PM
@musat The management account password is stored in a SHA-256 hashed format, not plain text, when accessed via the API. I won't say its impossible to update that field via the API, but I don't think anyone's been successful at doing that yet.