Skip to main content

This morning I got an email notification that three of our computers were removed from 2 different smart groups. When I was looking into them a little more I noticed that the three computers have no smart groups attached to them including the "All Managed Clients" smart group. I also noticed that right before this time all of our configuration profiles were removed from these three computers. Two of the computers are outside of the district, so I won't be able to physically touch them to look at them, but the one that is in the district

This just happened a few hours ago and I haven't specifically looked at these computers yet, Just thought it was weird that three random computers would be removed from all of our groups and I'm hoping that it's not more widespread then just the three computers.

Just to show, here is what happened to the configuration profiles on one of the computers

ProfileList 40 minutes ago  1600243 
ProfileList Today at 9:20 AM    student 
CertificateList Today at 9:00 AM    student 
ProfileList Today at 9:00 AM    student 
Remove Configuration Profile Restrictions   Today at 9:00 AM    student 
CertificateList Today at 3:21 AM        
ProfileList Today at 3:21 AM        
Remove Configuration Profile Power Settings - Desktops  Today at 3:21 AM        
Remove Configuration Profile ACHS - Login   Today at 3:21 AM        
CertificateList Yesterday at 3:27 PM

I looked at the configuration profiles and nothing looks off, in the history nothing has changed since February.

This particular computer has a different login profile then the other two that I received notifications from.

I'm hoping they fix themselves when they reboot, but I was just curious if anyone has come across this issue before, and if so how did you fix it?

We're also still running Casper 9.65

Thanks

Uh oh, I just noticed that we have over 900 computers that are set to unmanaged, so that's what is happening... Going to try and figure out why this happened all of a sudden...

The last policy to run on any of these computers seem to just be an inventory update.

Just read your post you made right before I posted mine.

The unmanaged could be due to a certificate (mdm certificate) did not install properly due to:

Time mismatch
Previous MDM installed but not removed
Certificate expired in casper

do the computers show as managed on the general info tab?

Thanks for the replies guys!

do the computers show as managed on the general info tab?

They show as unmanaged

Just read your post you made right before I posted mine. The unmanaged could be due to a certificate (mdm certificate) did not install properly due to: Time mismatch Previous MDM installed but not removed Certificate expired in casper
  • I checked our main Casper server and it looks like the time and date is correct
  • Nothing was changed as far as I know in terms of MDM certificates, so no new ones should have been pushed out
  • Our MDM Push certificate expires in October if that's the certificate you mean.

I did just send in a support ticket, this is just a weird one for me, and I'm crossing my fingers we're not going to have to re-enroll Casper on all of our computers :D

Just for tests, if you have access to one of the systems, try running "sudo jamf manage -verbose"

What is the outcome?

What version of the JSS? Don't say 9.64...

900 showing as un-managed? Whoa. Hope you got it sorted.

Else why not jump into the #jamfnation IRC, if you have a Mac that you can SSH into.. Us there could try & help too.

Sorry to hear this. Sounds bad. We had a similar incident at the start of the year during an upgrade of Casper. Around 300 of 600 devices lost the management account password and became unmanaged.

The first sign was a mismatch of numbers in smart groups as unmanaged devices aren't members.

We added the management account password back in to the device records in the JSS and all was well.

Just for tests, if you have access to one of the systems, try running "sudo jamf manage -verbose" What is the outcome?
verbose: Timeout: 60
Checking availability of https://******.*****.***:8443/...
The JSS is available.
Enforcing login/logout hooks...
 verbose: Creating login hook...
 verbose: Enabling login hook...
 verbose: Creating logout hook...
 verbose: Enabling logout hook...
 verbose: Writing preferences for Login window...
 verbose: Creating startup item script...
 verbose: Created startup item script
 verbose: Creating launchd item for startup item...
Enforcing scheduled tasks...
 verbose: Removing existing launchd task /Library/LaunchDaemons/com.jamfsoftware.task.1.plist...
 verbose: Creating task Every 15 Minutes...
 verbose: Adding launchd task com.jamfsoftware.task.1...
Creating launch daemon...
Creating launch agent...
 verbose: Timeout: 60
Checking availability of https://******.*****.***:8443/...
The JSS is available.

That's one of the unmanaged clients

What version of the JSS? Don't say 9.64...

9.65 We did have 9.64 temporarily unfortunately, but we got them all resolved within a week or so or 9.65 being released and those issues fixed.

Still in contact with support, they've been very helpful so far

@rleatherwood Alright looks like it's talking correctly to JSS so far, how about:

sudo jamf mdm -verbose

Terms & ConditionsCookie settingsAccessibility statement