Jamf Nation Community

homerbartlett · ‎02-20-2015

Lately when we self-enroll computers, the QuickAdd.pkg install says it failed. Self Service app is installed, but shows no content. On the JSS, the computers are there but with no name, OS info, etc. Issuing a "sudo jamf recon" on the machine resolves the issue, but would really like to resolve the underlying issue.

Once one of the computers in question goes from unmanaged to managed, we can see this error in the Management tab of that computer's profile

external image link

Anyone have any clues here?

davidacland · ‎02-20-2015

That sounds normal for the first part of the enrollment. When a computer first starts enrolling, a blank computer record is created with no info. Then, as the recon progresses the inventory record is completed. So I would guess there is some kind of interruption half way through.

homerbartlett · ‎02-23-2015

Thanks David, sounds about right. Any thoughts on where to look next?

Simmo · ‎02-23-2015

Check your /var/logs/install.log while you run the QuickAdd.pkg to see if you get any errors.

homerbartlett · ‎02-26-2015

install.log shows this:

Feb 26 15:52:00 <computername>.local installd[17904]: postinstall: There was an error.
Feb 26 15:52:00 <computername>.local installd[17904]: postinstall:      Error enrolling computer: Permission Error - The user specified does not have permission to perform the action.
Feb 26 15:52:00 <computername>.local installd[17904]: postinstall: Enrollment Failed. This PKG may be used already.

jamf.log shows this:

There was an error.

     Error enrolling computer: Permission Error - The user specified does not have permission to perform the action.

homerbartlett · ‎02-26-2015

To clarify our setup, we're using LDAP. We authenticate as the computer user on the enroll page (via LDAP) and download and run the QuickAdd.pkg.

Fveja · ‎02-26-2015

The Permission Error you are receiving is in regards to the user that was used to authenticate when creating the QuickAdd.pkg. Make sure the user has the right privileges in Casper. If all else fails, recreate the QuckAdd.pkg using Recon.

homerbartlett · ‎03-03-2015

Thanks Fveja. We're authenticating via LDAP when enrolling. I don't see a way to manipulate the permissions of LDAP users in JSS. Can you point me in the right direction?

RobertHammen · ‎03-04-2015

Settings->System Settings->JSS User Accounts & Groups->

You may need to Add Group from LDAP and give it enrollment privileges. This would be a group, either pre-existing or one you create in AD, for the users that will be enrolling their own machines.

homerbartlett · ‎03-06-2015

Thanks Robert. We have Global Management>User-Initiated Enrollment configured to enable user-initiated enrollment for OS X and under the Access tab of that setting we have the group "All LDAP Users" set to Yes for Institutional Enrollment. Shouldn't that cover it?

Also just for the record we are using a variant of OpenLDAP, not AD.

Thanks!

RobertHammen · ‎03-06-2015

Yes, that should. Wonder if there is something awry with your directory mapping or the JSS' traversal of your LDAP. I would contact JAMF Support.

homerbartlett · ‎03-06-2015

Cool thanks Robert. We are working with our JAMF rep now.

dontmakememac · ‎05-02-2018

I hate to revive a years' old thread... @homerbartlett did you find the root cause of this issue? I'm experiencing almost the same exact situation. Looking for leads before contacting Jamf Tech.

curullij · ‎10-29-2018

@crehorewp Did you find a solution? I am seeing the same thing in my setup.

Jamf Nation Community

Computers unmanaged after initial enrollment?