Errors with Self Service and Profiles Post Migration

malexander
New Contributor II

We are currently preparing our fleet to migrate from 2018 MacBook Air's running Mojave to 2020 M1 MacBook Air's running Monterey, and we are running into a problem. 

When a new machine is set up and there is no migration of a user folder, everything works fine. 

However, if a user folder is migrated, it seems that Self Service will SOMETIMES, not all the time, stop working. Anything that tried to install will return with "an error occured". When checking the jamf binaries by doing a "sudo jamf manage" on one machine that was exhibiting this behavior, terminal says "A valid device signature is required to perform this action" which usually tells me that something got messed up with the Jamf Binaries, so here comes the second issue.

When I enter the "sudo jamf removeFramework" command in terminal, the config profiles that were installed do not go away; and, I can't remove them manually. When I try to re-enroll the machine,  it tells me to install a new MDM profile, so I do, and it says the machine is managed by Jamf, but when I do "sudo jamf manage" I am greeted with this error:
"Failed to update daemon settings with error: Error Domain=NCocoaErrorDomain Code 4099. "The connection to service named com.jamf.management.daemon.binary was invalidated from this process"

So I would like to know if anyone has experienced this, and if there is a good fix for it. Right now we have migrated about 5% of our fleet, but the bulk of it is coming soon, and I dont want a bug like this out there that could stop us dead in our tracks.

I should also probably mention that I am the acting sysadmin as the one we had quit after a few months on the job and kind of left us hanging, so I am just trying to do the best I can at the moment....any help would be greatly appreciated.

2 REPLIES 2

wkelly1
New Contributor III

Whenever I see the message "A valid device signature is required to perform this action" I have been able to clear it by running "sudo jamf enroll -prompt". This is a manual process, so it might be a bit cumbersome if you have a lot of devices.

phb
New Contributor

 

We are migrating from a department on-prem instance to a centrally managed cloud instance. I've seen this a couple of times and the solution I've found that works is to go to the device's management tab and click 'Remove MDM Profile'. That gets rid of the MDM profile and everything installed by it.

Then on the device I do "sudo profiles renew -type enrollment" to get a fresh enrollment profile from ADE. which will reinstall the MDM profile, connect to the Jamf server and start the setup again.