- Jamf Nation Community
- Products
- Jamf Pro
- Re: Expired Push Certificate and Re Enrollment
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Expired Push Certificate and Re Enrollment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-12-2021 01:55 PM
Our institution's push certificate expired, a new one was created and uploaded.
My question is around getting the MDM profiles updated on our machines. Is there an easy way I can utilize JAMF (or even ARD?) to automatically update the MDM profile on all of our machines? We have ~200 Macs and I'm hoping we don't have to manually re-enroll them all.
Thank you in advance for any advice you can offer!
Labels:
- Labels:
-
Enrollment
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-14-2021 05:26 AM
In my experience, you will need to re-enrol. I had it happen once, the warnings came in when I was on leave. Came back to chaos.
You might be able to get ARD to run the Jamf command line enrol command.
Usage: jamf enroll [-prompt | -invitation] [-noRecon] [-noManage]
-prompt Prompts for JSS and SSH credentials.
-invitation Uses an invitation ID for credentials instead of a user name and password.
-noRecon Stops enroll from acquiring inventory.
-noManage Stops enroll from enforcing the management framework.
-noPolicy Stops enroll from checking for enrollment policies.But getting your credentials in there will be the hard bit.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-14-2021 07:34 AM
It also depends on if they were DEP/ADE enrolled originally. If they were the MDM profile may be non-removable and require a hands on re-enrollment to rid the machine of the expired one. You'll either need to attempt to remove it with the jamf binary or inside the recovery partition.
Either way I see a pair of sneakers and running from person to person in your future.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-03-2022 02:59 PM
oh man .. that suck but this command should do you
sudo profiles renew -type enrollment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-24-2023 12:58 AM
Does this also work for DEP Enrolled Macs?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-24-2023 01:26 AM
The sudo profiles renew -type enrollment command does work on DEP enrolled Macs, not sure if it will work with an expired push cert. You have to be logged in to the Mac as an administrator to make it work as there are GUI pop ups that you have to accept.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2024 06:50 AM
Unfortunately it doesn't work with an expired push cert. 🙁
