Deploy user certificate

relemon
New Contributor II

We are trying to deploy a user certificate. We have created the configuration profile and set the scope to our test computers. We can see that the log is showing the status as pending and then cancelled so the certificate is not deploying. This is a certificate for an application that we are installing.

Is there something more that I need to do other than create the configuration profile?

 

5 REPLIES 5

nwiseman
Contributor

By "user certificate" do you mean that you're deploying to the users login.keychain?

If so, make sure that the user has MDM ability. This is especially true if you've recently converted users from mobile accounts to local accounts or used Jamf Connect to auto create the accounts.

We had an issue where after the conversion the user would show up as MDM capable when in reality it was completely broken.   We ended up creating a Self Service solution where the user could re-enroll the device which fixes the MDM problem. 

relemon
New Contributor II

Yes, we are deploying to the users login.keychain. 

Yes, the users are MDM capable.

mm2270
Legendary Contributor III

One thing about user level profiles is that they do not get deployed immediately in the way a System level profile does. It usually happens at next login, or I believe you can trigger them to push down by forcing a sudo jamf policy or sudo jamf recon on the machine. I forget now which one triggers it, but I think it's one of them that will force it to happen.

That said, it doesn't really explain why it would go from Pending to Canceled. That shouldn't be happening as far as I know. It should stay as Pending, unless there's some outside action that causes it to get canceled.

Bol
Valued Contributor

@mm2270 That should do it, you may of been thinking of;

sudo jamf policy -event login -username user.name
Usage: jamf policy [-event <event>] [-username <username>] [-id <policy_id>] [-forceNoRecon]

-eventThe event or trigger that the policy is associated with in the JSS. Historical synonyms include –trigger and –action.
Note: Running policy without an event will default to the scheduled event.

Other events include: login, logout, startup, networkStateChange, enrollmentComplete, along with custom events.

-usernameThe username to check for policies for.
-idThe ID of the policy to be executed. Used by Casper Remote and Self Service.
-forceNoReconPrevents computers from submitting inventory update when a policy is configured to update inventory.
-showStepsPrints the steps to the console.
-doNotRestartNo restart.
-offlineWill go into offline mode.
-triggerThe trigger matches the "Triggered By" field on the JSS for the policies
-actionHistorical synonym for -trigger and -event
-noInteractionWill not show any user interaction messages.
-selfServiceOnlyWill only execute policies available to Self Service.
-forceAppUpdatesWill attempt to update the JAMF Binary and other apps even if the version matches the JSS.
-skipAppUpdatesWill not attempt to update the JAMF Binary or other apps. Overrides the -forceAppUpdates option.
-retrySecondsHow many seconds this policy will attempt to run while waiting for other policies to finish executing.
-backgroundRestart the process in the background using a launch daemon.

 

relemon
New Contributor II

I have run both commands and rebooted the mac and the status is still pending. Any suggestions on what to do next?