Device Signature Error on All macOS Mojave (10.14.6) Machines

MNussbaum
New Contributor III

We just discovered that the portion of our fleet still running macOS Mojave (10.14.6) are no longer checking in, updating their inventory, or of course executing any policies or receiving any patches.

When manually triggering a policy check-in or recon, we get this error:

There was an error.

Device Signature Error - A valid device signature is required to perform the action.

This appears to have happened to all of these machines around the same time, all showing a last check-in/update on Friday 8/12 or Monday 8/15. It doesn't appear to be happening on any of our machines on 10.15 or later.

The computers all still show they are managed, supervised, enrolled, and have MDM profile expiration dates far in the future.

Initial spot testing using the Jamf binary self-heal with Jamf API seems to get it reenrolled successfully. Unfortunately we're unsure if this will stick since we have no idea what the cause was, nor do we know if there will be any other ill effects from this error or from the self-heal. Hoping to figure out what is going on so we can be confident in a solution and a plan moving forward.

(Note that we have macOS upgrades for all of these machines planned for the coming weeks to get away from these old versions of macOS, but we now need to solve this to be able to roll them out!)

I spent some time on a call with Jamf support this morning and have an open case with them, but wanted to see if anyone else has experienced this and may have some insight while they try to track down a cause.

1 ACCEPTED SOLUTION

sdagley
Honored Contributor III

@MNussbaum Sounds like PI110463. As posted on MacAdmins Slack:

"Thank you for contacting Jamf Support about this issue. Sorry about that problem! We have opened Product Issue PI110463 for this. It seems that some work was done in 10.40 to improve the enrollment experience with 10.14 machines, but something caused a side effect to break existing enrollments when the binary was upgraded. Re-enrolling the machines via the sudo jamf enroll method or via the API method to re-deploy the framework are the suggested workarounds. Sorry for the inconvenience on this! Please let us know if there are further questions."

View solution in original post

5 REPLIES 5

sdagley
Honored Contributor III

@MNussbaum Sounds like PI110463. As posted on MacAdmins Slack:

"Thank you for contacting Jamf Support about this issue. Sorry about that problem! We have opened Product Issue PI110463 for this. It seems that some work was done in 10.40 to improve the enrollment experience with 10.14 machines, but something caused a side effect to break existing enrollments when the binary was upgraded. Re-enrolling the machines via the sudo jamf enroll method or via the API method to re-deploy the framework are the suggested workarounds. Sorry for the inconvenience on this! Please let us know if there are further questions."

MNussbaum
New Contributor III

Thank you so much! The timing of it and the fact that it only effected the one version of macOS made it seem likely that something very specific caused it as a one time thing. I really appreciate you digging that up and replying with it so quickly!

orlandinim
New Contributor II

Hi @sdagley ,

re-rolling each machine is not a viable solution except in very small realities.
We have hundreds of systems out of order, it's a very serious problem that Jamf has to solve very quickly if he wants to see his contract renewed!
Is it possible that these things are not tried before an update is distributed? we are talking about an obvious and blocking problem, not a detail. Such lightness in behavior is inadmissible, it is a sign of lack of attention and seriousness.

sdagley
Honored Contributor III

@orlandinim I'm simply relaying the info on the problem. You should contact your Jamf rep with your concerns regarding the impact and why the issue wasn't discovered until after JSS 10.40 was released since macOS 10.14.4 or later is still listed in the Minimum Supported section of the 10.40 release notes.

orlandinim
New Contributor II

Yeah sorry @sdagley, obviously I wasn't mad at you!
Of course we have already involved our dealer, but I am very annoyed by the current situation caused by Jamf.