Jamf Nation Community

There is a product issue (PI-008770) affecting JSSImporter and any other API requests which upload computer groups on some Jamf Cloud instances. If you try to upload to an existing computer group via the Classic API (e.g. curl -X PUT), you may see a 502 error. The group may still appear in your instance after several minutes, but the error response breaks any automation workflows.

If you are encountering this issue, for example when using JSSImporter or any automation, PLEASE open a ticket with Jamf and quote the PI. Let’s get this solved!

This is the response when the error occurs:

curl -H "Content-type: application/xml" -H "Accept: application/xml" -k -v -u username" https://jss.company.com:8443/JSSResource/computergroups/id/377 -T "/Users/user/Desktop/SmartGroupTemplate.xml" -X PUT
Enter host password for user 'username':
*  Trying 34.237.9.137...
* TCP_NODELAY set
* Connected to jss.company.com (34.237.9.137) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=jss.company.com
*  start date: Aug  8 00:00:00 2020 GMT
*  expire date: Sep  7 12:00:00 2021 GMT
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Server auth using Basic with user 'username'
* Using Stream ID: 1 (easy handle 0x7ff25700c400)
> PUT /JSSResource/computergroups/id/377 HTTP/2
> Host: jss.company.com:8443
> Authorization: Basic CODE
> User-Agent: curl/7.64.1
> Content-type: application/xml
> Accept: application/xml
> Content-Length: 641
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* We are completely uploaded and fine
* http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1, name: [upgrade], value: [h2,h2c]
* HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
* stopped the pause stream!
* Connection #0 to host jss.company.com left intact
curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Closing connection 0

If you enforce HTTP/1.1, we get:

< HTTP/1.1 502 Bad Gateway

Setting a longer timeout with curl has no effect.