Help

Configuration Profile help

Sean_M_Harper
Contributor

Posted on ‎08-19-2012 08:09 AM

Hello everyone,

In a great attempt to remove our lion servers profile manager, we would like to use the JSS to push configuration profiles. We are doing this only for one simple reason; our secure network (for staff and teachers requires certs to be present).

This used to be handled by our Lion server running profile manager. When I create a config profile and set the scope to be all machines, it only seems to stick on a few machines. If I tweak the profile and select "all machines" as a deployment option, it still seems only a few machines are getting the profile.

Is there a way to check what went wrong? or to force the profile to a certain machine? or even to download a .config file (created by the JSS) to manually attach it to the machine that is refusing?

Thanks in advance.

0 Kudos
8 REPLIES 8

Cem
Valued Contributor

Posted on ‎08-19-2012 10:40 AM

Try to push a newly created blank profile in JSS to one those Macs that don't play nice. See if it's getting the profile.
I mean blank as no payload. Then just scope the desired Mac.

If stil doesn't get it. I will be looking into APN and Casper PKI certs etc... But try the above first.

0 Kudos

ernstcs
Contributor III

Posted on ‎08-19-2012 02:27 PM

Also need to make sure that firewall ports 2195 (out) and 2196 (in) are open on the JSS to talk to APN servers. You can see on an inventory record for a system that has a profile assigned what the status is, or why a profile did not apply. Look under the Management History section.

For some reason after reimaging, in order to get a nice green verified message for even the base MDM configuration profiles in System Preferences, I had to do a 'jamf enroll' command and reboot.

0 Kudos

Sean_M_Harper
Contributor

Posted on ‎08-19-2012 05:00 PM

is there a handly list of command line commands somewhere? such as "jamf enroll"

0 Kudos

ernstcs
Contributor III

Posted on ‎08-19-2012 06:52 PM

jamf help

0 Kudos

Sean_M_Harper
Contributor

Posted on ‎08-19-2012 06:57 PM

The empty profile never pushed. It will push to my other devices, but not the machine in question. All it ever seems to have is the MDM JSS profile.

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎08-20-2012 12:39 AM

Sean, it sounds like the mac can contact the JSS to get the MDM profile... But not Apple's APNS servers, (ports 2195,2196 & 5223)... & so it cannot get the profiles.

Verify those ports are open to 17.0.0.0/8 then you should be good to go.

0 Kudos

ernstcs
Contributor III

Posted on ‎08-20-2012 10:09 AM

As it relates to the computer not properly enrolling after imaging until you run an additional 'jamf enroll' command, here's the confirmation of that from JAMF. You won't get a verified MDM status in System Preferences until you do the command again, and THEN you should get profiles if that piece is setup properly.

"I wanted to let you know that I have submitted a defect for this. It seems as though imaging with Autorun is consistently not working in properly having the MDM Enrollment profile installed. The ID for this is D-003103"

0 Kudos

clifhirtle
Contributor II

Posted on ‎09-26-2012 06:30 AM

Thanks for posting this Ernstcs. Can you confirm if this bug affects all computers post-imaging? We just completed our Jumpstart and cannot get machines automatically managed, even when running the JSS QuickAdd package as part of the imaging process.

0 Kudos