Changing Port from 8443 to 443 on-prem hosted Windows Server clustered JSS environment running 10.41, we have been asked to make a change to the host port and currently have many devices enrolled, is there a way to preserve or re-enroll devices with a new MDM URL with minimal impact or this just wishful thinking?
Yuck. I dont see this ending well. I have a feeling you will need to reprovision your feet if you want to change your URL. DNS Shenanigans may work, but that kinda defeats the purpose.
Just for my own curiosity. Why are you being asked to change from 8443 to 443? Tomcat uses 8443 specifically to avoid conflicts. Personally I wish JAMF would move off Tomcat as its freeware and support is horrible when things get deep, but it is what it is.
I got blindsided by this request, the reason is related to our web firewall not supporting 8443 due to its cloud nature once migrated... Basically all signs point towards re-enrollment of thousands of devices which is not ideal, it appears in our lower environment for external access to work over our DMZ server I had to change the actual URL in JSS Settings and restart Tomcat. I have a request out to Jamf to see what is possible here I would assume when customers migrate from on-prem to cloud that would involve a URL change do they really ask customers to re-enroll all devices? Just trying to minimize impact.
to reiterate, yikes :).
When you migrate JAMF Servers from what i understand JAMF has you do stuff on the DNS side to make the Macs think they are talking to the same server. I have discussed the migration to JAMF Cloud a time or two but not actually done it, and that is what I remember from the calls. With any luck we will move to JAMF Cloud this year, but we will see.
Please update with your findings :).
When migrating to cloud you don't need to change the URL. We kept ours. The DNS entry has to change to wherever the Jamf Migration Engineer tells you to point it. There is a little bit of work to allow the certificate for the https to be created by them as they aren't the owners of the domain but Jamf has done this a lot so are quite competent at getting that done.
By doing it this way you don't have to re-enroll.
The downside of doing it this way is you take across any baggage you had in the server. If you re-enroll, you can make a completely new server