Posted on 12-08-2015 06:40 PM
Hello,
I've been asked to change our JSS URL without migrating our server. Is this possible?
Current: jss.crop.domain.com
Outcome needed jss.domain.com
What I was thinking:
If anyone has done this before, would this work? In my mind, it seems like it would.
Thank you.
Solved! Go to Solution.
Posted on 12-09-2015 02:35 AM
I had to do this before we added in the DMZd JSS and the steps I followed were exactly as you stated.
In hindsight, I probably would have preferred to create a new JSS and migrate over to it so I could make sure everything was okay and got to clean out the cruft from my 'old' JSS.
Posted on 12-09-2015 03:54 AM
1. Add a DNS entry = jss.domain.com 2. Create a policy changing the URL on the clients: defaults write /Library/Preferences/com.jamfsoftware.jamf.plist jss_url https://new.jss.url:8443 3. Change the URL in the JSS settings and change Tomcat certificate.
1) correct.
2) you don't have to do this, skip this step and proceed with 3)
As long as your JSS is reachable with the old DNS name, this will work.
Posted on 12-09-2015 05:53 AM
That would work
Posted on 12-08-2015 07:44 PM
I believe you'll have to re-enroll all of your Macs and iOS devices in this scenario.
Posted on 12-09-2015 02:35 AM
I had to do this before we added in the DMZd JSS and the steps I followed were exactly as you stated.
In hindsight, I probably would have preferred to create a new JSS and migrate over to it so I could make sure everything was okay and got to clean out the cruft from my 'old' JSS.
Posted on 12-09-2015 03:54 AM
1. Add a DNS entry = jss.domain.com 2. Create a policy changing the URL on the clients: defaults write /Library/Preferences/com.jamfsoftware.jamf.plist jss_url https://new.jss.url:8443 3. Change the URL in the JSS settings and change Tomcat certificate.
1) correct.
2) you don't have to do this, skip this step and proceed with 3)
As long as your JSS is reachable with the old DNS name, this will work.
Posted on 12-09-2015 05:53 AM
That would work
Posted on 12-09-2015 05:54 AM
@jonnydford I would also like to migrate, but this will work. Thanks!
@m.entholzner Thanks, the old DNS will still be active.
Posted on 12-09-2015 01:53 PM
If you leverage MDM on your computers, the URL is hard-coded into that profile so if you change this in the JSS you will break MDM communication. Its also hard-coded in your SSL cert as well so that would need to be replaced as well if you want enrollment to work correctly. If the tomcat ssl cert doesnt match the url, trying to get the new mdm profile will fail.
The only way to change the value in the profiles is to remove the old MDM profile (sudo jamf removeMdmProfile) which would in turn remove all all MDM pushed profiles, e.g. Wifi. And then re-do mdm (sudo jamf mdm).
The issue being is you typically wont have internet to run the last command since the WIFI profile was removed so you have to get network in place prior. I have seen some people push out another wifi profile prior to removing the MDM, but do it manually via pkg with postinstall script so its not tied to MDM, JSS still gathers the UUID of the profiles so you can send out a removal command for that profile once the updated MDM gets pushed and the subsequent WIFI profile is sent.
If you manage iOS you are out of luck for a smooth change of url. Re-enroll is the answer.
JDS's would also have to be re-enroled if used as well.
TLDR: Create new DNS entry, keep old dns entry so clients can still hit jss, push wifi via non-mdm method, change url in JSS, fix ssl cert so CN=new url, sudo jamf removeMdmProfile to remove old mdm profile with old url, sudo jamf mdm to download updated mdm profile with new url.
Posted on 12-09-2015 02:05 PM
Thanks @mike.paul
My new plan:
Posted on 05-25-2018 12:12 PM
@Poseiden Raising an old post from the grave I know but.... did the final plan work for you?
Posted on 07-02-2019 10:14 AM
We discovered that we can't enroll iPads because the URL is not using the FQDN.
Thinking if we added an entry in the host file for the FQDN, then run jamf createconf the machines could still contact the JSS.
We're running JAMF 10.11, so any help is appreciated.
Posted on 02-26-2021 07:09 AM
Hi All,
I know this is old post.. But I am having issue in changing the Jamf url. I have followed the below steps.
1) DNS entry created for New URL. Both old and new url are getting resolved.
2) Changed the url in Jamf Pro settings - Jamf Pro URL and changed the tomcat certificate then restarted tomcat.
3) I am using Jamf inbuilt certificates for both old and new url.
Now when devices trying to connect to Jamf I am getting "The jamf binary could not connect to the JSS because the web certificate is not trusted."
Any clues on how to resolve these situation will be helpful.
Posted on 08-11-2021 11:12 PM
Issue Resolved and were able to migrate all clients to New url without re-enrolment..
Adding to above steps. Created Public certificate with Both New and old urls and clients started communicating with Jamf Server.
Posted on 10-27-2021 08:22 AM
How Did you get the cert down to the computers?
Posted on 04-14-2022 10:58 AM
@vfsupport_mac did you check the MDM profile renewal after migration ?
Posted on 04-19-2022 03:12 AM
@karthikeyan_mac MDM profile is going to expire in few devices in this month and I am seeing MDM renewal issue on few devices.