Jamf Nation Community

Hiya!!

Yeah, I was expecting to see it but I never saw the Preference Pane of Profiles.

Just ran sudo jamf enroll:
On the 10.7.4 machine i get:

Downloading the JSS CA Certificate...
There were (1) previous JAMF device identities found on this computer. Removing...
This computer was successfully enrolled to the JSS with the following device certificate: "F76FB8F8-A69F-594E-A70C-A5CA8B858931"
Retrieving inventory preferences from https://my.jss.nl:8443/...
Locating hard drive information...
Locating hardware information (Mac OS X 10.7.4)...
Executing Unix applications...
Locating accounts...
Locating applications...
Locating package receipts...
Gathering application usage information...
Locating printers...
Submitting data to https://my.jss.nl:8443/...
<computer_id>2</computer_id>
Getting management framework from the JSS...
Enforcing management framework...
Checking availability of https://my.jss.nl:8443/...
The JSS is available.
Enforcing login/logout hooks...
Enforcing scheduled tasks...
Creating launch daemon...
Creating launch agent...

and the Console reads:

Enforcing management framework...
jamf[6170]: Enforcing scheduled tasks...
jamf[6170]: Removing existing launchd task /Library/LaunchDaemons/com.jamfsoftware.task.1.plist...
jamf[6170]: Adding launchd task com.jamfsoftware.task.1...
jamf[6170]: Creating launch daemon...
jamf[6170]: Creating launch agent...

No profiles prefs pane. Nothing.
Rebooted
No change

On the 10.8.2 machine I get:

Downloading the JSS CA Certificate...
There were (1) previous JAMF device identities found on this computer. Removing...
This computer was successfully enrolled to the JSS with the following device certificate: "0A0A8329-6F73-5C19-A640-2EF05721727D"
Retrieving inventory preferences from https://my.jss.nl:8443/...
Locating hard drive information...
Locating hardware information (Mac OS X 10.8.2)...
Executing Unix applications...
Locating accounts...
Locating applications...
Locating package receipts...
Gathering application usage information...
Locating printers...
Submitting data to https://my.jss.nl:8443/...
<computer_id>1</computer_id>
Getting management framework from the JSS...
Enforcing management framework...
Checking availability of https://my.jss.nl:8443/...
The JSS is available.
Enforcing login/logout hooks...
Enforcing scheduled tasks...
Creating launch daemon...
Creating launch agent...

and the Console reads:

jamf[4930]: Enforcing management framework...
jamf[4930]: Enforcing scheduled tasks...
jamf[4930]: Removing existing launchd task /Library/LaunchDaemons/com.jamfsoftware.task.1.plist...
jamf[4930]: Adding launchd task com.jamfsoftware.task.1...
jamf[4930]: Creating launch daemon...
jamf[4930]: Creating launch agent...

No profiles prefs pane. Nothing.
Rebooted
No change

:(

do you have an APNS cert properly set up on your JSS?

I believe I do...

From my original post

In the Push Notification Certificate, I went through the process of obtaining an APN certificate from Apple and that will expire Oct 2013.

So again, I believe I do. How do I verify it? But what confuses me is

In the Inventory I see both machines 'Enrolled' but MDM Capable says 'No' on both.
On the 10.7.4 MacPro inventory details page, I see in the Management History I see Management Commands (1 Pending - to fire at 2 am this morning which is now 9 hours ago) which is indeed one Configuration Profile I have made to set Energy Saver that is Scoped to this machine.

On the laptop though which is running 10.8.2, none of the other Configuration Profiles which I have Scoped to it are appearing anywhere. Not Pending nor Failed. I see nothing in the Console. Rebooted quite often.

Have you checked that any firewalls are allowing the correct ports through to Apple? The details of all ports used is here: https://jamfnation.jamfsoftware.com/article.html?id=34

The JSS needs I be able to connect outbound to Apple on ports 2195 and 2196 and the client machines need to connect to Apple on 5223.

Also, I suggest checking the JAMFSoftwareServer log file (in /Library/JSS/Logs on OS X). That's where I found out I'd forgotten to open port 2196 when I was having this same issue.

Hi Pat,

If you have 10.7/10.8 server running you can spin up Profile Manager and see if you experience the same issue(communicating to Apple) with it.
This will help you troubleshoot the possible firewall problem.

Also, you can use to Ext Attributes to help you with troubleshooting:
Verify Certificate Based Communication
This attribute verifies that the client has certificate based communication enabled for communications with the JSS. Results returned are "Enabled" or "Not Enabled" based on whether the client has certificate based profile supplied by the JSS.

Verify MDM Enrollment This attribute verifies that the client has enrolled to the JSS. Results returned are "Enabled" or "Not Enabled" based on whether the client has an MDM profile supplied by the JSS.

Hope it helps you troubleshoot the issue.

Hi all,

@ UTS: need to ask the Firewall peeps that.. but I believe those ports are open already cause I was able to do this successfully on my older 8.52 jss.

@DZM: No don't have Lion/ML server.. just SL Server

@ Matt: It says Issuer is Self-Signed and Expiring Jan 2013

@ Matt: You is one wicked geezer mate!
Booyakasha!!

thanks all...

Of course it was something so simple ;)
Thanks again!!

Of course it was something so simple ;)

@pvader: Will you please share what you found wrong in your environment? I'm experiencing similar issues with MCX and 10.8.x clients. They are not reliably receiving MCX settings.

Thank you in advance.

@ecublake:

My problem was that I was using the Self-Signed Certificate instead of the JSS Built-in Certificate Authority as Matt_Fjerstad pointed out. As soon as I changed that... bang, profiles pushed in the blink of an eye!

I haven't done any MCX's yet with 10.8 clients. I was hoping that Config Profiles would do away with MCX entirely but I am seeing that that isn't the case.

For example to Disable TimeMachine asking for disks, I see that I still have to do MCX.

-pat