There is a product issue (
PI-008770) affecting JSSImporter and any other API requests which upload computer groups on some Jamf Cloud instances. If you try to upload to an existing computer group via the Classic API (e.g.
curl -X PUT), you may see a
502 error. The group may still appear in your instance after several minutes, but the error response breaks any automation workflows.
If you are encountering this issue, for example when using JSSImporter or any automation, PLEASE open a ticket with Jamf and quote the PI. Let’s get this solved!
This is the response when the error occurs:
curl -H "Content-type: application/xml" -H "Accept: application/xml" -k -v -u username" https://jss.company.com:8443/JSSResource/computergroups/id/377 -T "/Users/user/Desktop/SmartGroupTemplate.xml" -X PUT Enter host password for user 'username': * Trying 220.127.116.11... * TCP_NODELAY set * Connected to jss.company.com (18.104.22.168) port 8443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=jss.company.com * start date: Aug 8 00:00:00 2020 GMT * expire date: Sep 7 12:00:00 2021 GMT * issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Server auth using Basic with user 'username' * Using Stream ID: 1 (easy handle 0x7ff25700c400) > PUT /JSSResource/computergroups/id/377 HTTP/2 > Host: jss.company.com:8443 > Authorization: Basic CODE > User-Agent: curl/7.64.1 > Content-type: application/xml > Accept: application/xml > Content-Length: 641 > * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! * We are completely uploaded and fine * http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1, name: [upgrade], value: [h2,h2c] * HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1) * stopped the pause stream! * Connection #0 to host jss.company.com left intact curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1) * Closing connection 0
If you enforce HTTP/1.1, we get:
< HTTP/1.1 502 Bad Gateway
Setting a longer timeout with
curl has no effect.
We see this problem all the time since upgrading to 10.23. I just want to put this out there, that the API can never fail in any version of jamf. Integration and automation rely on the API always working. Please make this a critical blocker feature of jamf and if the API breaks it blocks the current build until fixed.
I seem to get this when just creating a Smart User Group in the Jamf Cloud website (not using API). I can only see part of the error message becase it's partially blocked by the left pane of the website, but it seems to be the same as what @grahamrpugh quoted. What I can read:
...rily Unavailable ...pears your request has timed out. Please try again shortly. ...re assistance or would like more information.