Jamf Nation Community

MadPossum · ‎04-13-2018

Hi All,

I keep getting the following in the jamf.log after a DEP enrollment. I'm on JPS 10.2.2. The machine in question is an iMacPro. the OS is a vanilla 10.13.4 freshly installed using Greg's installinstallmacos.py

The machine is indeed not enrolled. However the Prestage applies whatever payloads I devise. Binding, for instance works, correctly.

I have been able to successfully enroll machines through my DEP workflow in the past and I can enroll the machine using sudo jamf enroll -prompt

Enrolling computer...
Fri Apr 13 16:26:41 iMac Pro jamf[516]: Restoring JAMF.keychain since an error occurred.
Fri Apr 13 16:26:41 iMac Pro jamf[516]: Error Domain=com.jamf.jamfsecurity.error Code=-25300 "searchForItems:conversionBlock:error: : The specified item could not be found in the keychain." UserInfo={NSLocalizedDescription=searchForItems:conversionBlock:error: : The specified item could not be found in the keychain.}
Fri Apr 13 16:26:41 iMac Pro jamf[516]: Error submitting enrollment status to the JSS: Security Error - A security error has occurred.
Fri Apr 13 16:26:41 iMac Pro jamf[516]: 
There was an error.

     Error enrolling computer: Invalid Message - The message could not be parsed.

Is this common? I'm pretty sure I'm missing something obvious.

mapurcel · ‎05-02-2018

Seeing this for the first time today with 10.13.4 and Jamf Pro 10.4 during DEP. All the profiles are there but looks like the device needs to be manually enrolled..

Error Domain=com.jamf.jamfsecurity.error Code=-25300 "searchForItems:conversionBlock:error: : The specified item could not be found in the keychain." UserInfo={NSLocalizedDescription=searchForItems:conversionBlock:error: : The specified item could not be found in the keychain.}

MadPossum · ‎05-24-2018

I can confirm that this is still happening with 10.13.4 and JPS 10.4.1

mapurcel · ‎06-28-2018

Seeing this on 10.3.1 and 10.13.4, anyone come across a fix?

Error Domain=com.jamf.jamfsecurity.error Code=-25300 "searchForItems:conversionBlock:error: : The specified item could not be found in the keychain." UserInfo={NSLocalizedDescription=searchForItems:conversionBlock:error: : The specified item could not be found in the keychain.}

thedanielmatt · ‎07-19-2018

Just in case it helps anyone in the future:

Ran into it after a new iMac's DEP enrollment didn't complete successfully; the device was unmanaged in the JSS and was seeing very similar errors. Turning on management didn't resolve the issue.

jamf enroll -prompt

Re-enrollment via the binary took care of it for me.

rustymyers · ‎08-29-2018

We saw the first instance of this yesterday. Not sure what the issue is, but the workflow used was Recovery OS install -> DEP. I'm attempting to recreate the error to see if it's a wider issue, but hopefully just a one-time error.

Here are our logs, which may be slightly different. In our case we got a warning saying "The Internet connection appears to be offline". I'm unsure of the connection, but it was likely ethernet with DHCP, so perhaps something on the network glitched out at the wrong time?

Tue Aug 28 09:35:25 iMac jamf[740]: The SSL Certificate for https://jamf.server.us:8443/ must be trusted for the jamf binary to connect to it. 
Enrolling computer... 
Tue Aug 28 09:35:32 iMac jamf[773]: Error Domain=com.jamf.jamfsecurity.error Code=-25300 "searchForItems:conversionBlock:error: : The specified item could not be found in the keychain." UserInfo={NSLocalizedDescription=searchForItems:conversionBlock:error: : The specified item could not be found in the keychain.} 
Tue Aug 28 09:35:32 iMac jamf[773]: Error submitting enrollment status to the JSS: Connection failure: "The Internet connection appears to be offline." 
Tue Aug 28 09:35:32 iMac jamf[773]: 
There was an error.

curullij · ‎10-29-2018

Hi @rustymyers

Did you get a resolution for this issue? I am seeing the same thing.

Thanks,
Jacob

rickgmac · ‎11-26-2018

@rustymyers & @curullij

I came across this today for DEP Devices.

After speaking with JAMF if you disable the the following. It resolved the issue in our scenario

Settings > Global Management > User-Initiated Enrollment > General > Restrict re-enrollment to authorized users only
Disable the the following - As Per Screen shot

rqomsiya · ‎05-25-2019

Anyone been able to gain traction on this? I’m seeing the same issues on JAMF pro cloud instance 10.12 and machines I’m DEP enrolling are 10.14.5 TMB.

apizz · ‎07-25-2019

Just saw this issue the first time today on 10.14.6 Jamf Pro on-prem 10.12.0

apizz · ‎08-30-2019

Ultimately, I had to either manually reenroll or completely delete the computer record from the JSS and reenroll via DEP.

dthoma81 · ‎10-23-2019

@thedanielmatt Your method to run "jamf enroll -prompt" worked for me! Thank you

vic-ama · ‎01-06-2022

It's 2022 and I am seeing this too! Although sudo profiles renew -type enrollment seems to resolve the issue, it still breaks my automation workflow 😭