Help

GSX Certificate Renewal - 'Test Connection' returns Successful, but doesn't find devices

Go to solution
jkf
New Contributor III

‎04-04-2022 10:09 AM - edited ‎04-04-2022 10:11 AM

1_Test_Successful.png4_lookup_Serials_Not_Found.pngWe've just completed our annual Apple GSX Certificate renewal.

We got the new cert, converted it to a .p12, imported into Jamf, clicked 'Test', and got the 'A connection to the GSX Server was successful' result.

When we run the GSX Lookup on all devices, though, 100% of our inventory returns as "Serial Numbers Not Found"

This worked 2hrs ago on the old cert, so it seems to be a break between the cert and our GSX account.

I'm trying to work this with Apple, but getting to anyone with GSX knowledge is pretty difficult.

Apple's cert renewal instructions here: ( https://gsxapiut.apple.com/apidocs/ut/html/WSFaq.html ) have been wrong for 2+ years:
"...

The FQDN is a very important field and it's case sensitive. Please be sure to provide the following value for this field:
For test environment CSR : Applecare-APP157-[SoldTo ID].Test.apple.com
For production environment CSR : Applecare-APP157-[SoldTo ID].Prod.apple.com

For example,if your soldTo is 0000012345, the value should be Applecare-APP157-0000012345.Test.apple.com for test
and Applecare-APP157-0000012345.Prod.apple.com for production.
The leading zero's are important and the soldTo should always be 10 digits.

 per the Apple Renewal Engineer who emailed me this year (and also last year):

Checking that CSR it appears to have our legacy formatting for Common Name. Please create a new CSR and ensure the Common name is:

AppleCare-Partner-0000623133.Prod.apple.com


...so I'm hesitant to trust this process from Apple's end. I'll probably just attempt another renewal from scratch, but first wanted to see if anyone had seen this issue?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
jkf
New Contributor III

Posted on ‎04-11-2022 10:19 AM

@alexloew, I finally heard back from Jamf Support after 5 days: this is related to a recent GSX API change.

Per my Jamf Support contact:
 - Upgrading to 10.34.6 or newer will fix the issue.
- This was announced from Jamf in the 10.36 release notes here  , but nowhere else (image of relevant section follows). I suggested, and she acknowledged, that as a known issue this could be better documented.

Screen_Shot_2022-04-11_at_10_17_57_AM.png


Scheduling our upgrade now, but I'll assume this fixes it, and will update this post if that's not the case.

View solution in original post

0 Kudos
Reply
9 REPLIES 9

Go to solution
alexloew
New Contributor II

Posted on ‎04-04-2022 12:32 PM

Yup also running into this exact issue, wish I had a solution 😞

0 Kudos
Reply

Go to solution
jkf
New Contributor III

Posted on ‎04-11-2022 10:19 AM

@alexloew, I finally heard back from Jamf Support after 5 days: this is related to a recent GSX API change.

Per my Jamf Support contact:
 - Upgrading to 10.34.6 or newer will fix the issue.
- This was announced from Jamf in the 10.36 release notes here  , but nowhere else (image of relevant section follows). I suggested, and she acknowledged, that as a known issue this could be better documented.

Screen_Shot_2022-04-11_at_10_17_57_AM.png


Scheduling our upgrade now, but I'll assume this fixes it, and will update this post if that's not the case.

0 Kudos
Reply

Go to solution
MrChris
New Contributor III

Posted on ‎06-29-2022 08:33 AM

Two and a half months later - has anyone been able to identify the cause of this issue/problem - or were you able to get it resolved via the Upgrade to 10.34.6 or later?

 

I'm having the same issue at this time -- GSX connection shows green and passes it's test - but any attempt to pull purchasing information/device information results in all devices appearing in the 'Serial Number Not Found' tab.

 

The certificate was just configured in mid-may; and review shows it's formatted correctly (based on your shared info from the Apple Engineer who assisted you). Any thoughts?

0 Kudos
Reply

Go to solution
jkf
New Contributor III
In response to MrChris

Posted on ‎07-01-2022 11:06 PM

Hey @MrChris - our upgrade fixed the issue right away!

0 Kudos
Reply

Go to solution
MrChris
New Contributor III
In response to jkf

Posted on ‎07-05-2022 08:01 AM

Sadly - our upgrade to latest release last week did not resolve the error/problem. We went from 10.31.x to 10.39.1.

At this stage - I'm just trying to confirm the FQDN within the SSL is in the correct format - as it's listed different within the GSX documentation and JSS documentation: 

<AppleCare-Partner-XXXXXXXXXX.Prod.apple.com> where XXXXXXX is the company or organizations Apple-assigned sold to number, including leading zeros (GSX)

and

<AppleCare-APP157-[Soldto number].Prod.apple.com> (Jamf Nation/JSS Support).

0 Kudos
Reply

Go to solution
jkf
New Contributor III

‎07-05-2022 08:49 AM - edited ‎07-05-2022 08:50 AM

@MrChris- These are the pasted instructions from our internal KB, which worked for me earlier this year.
FQDN: Apple is very specific about the Fully Qualified Name for the certificate, and the instructions on their site are incorrect.

As of March 2020, you should use the following:

AppleCare-Partner-0000123456.Prod.apple.com    (where '123456' is the company's Apple-assigned "sold to" number)


(for reference, the incorrect format still shown on Apple's website in 2022 is: || Applecare-APP157-[SoldTo ID].Prod.apple.com || ← don't use this format )

Reply

Go to solution
MrChris
New Contributor III

Posted on ‎07-05-2022 09:20 AM

Thanks @jkf - I've submitted for a new certificate from the GSX API folks using the 'AppleCare-Partner-0000123456.Prod.apple.com' formatting. 

 

When I get the response and upload - will hope that clears up the issue. Thanks for your time!

0 Kudos
Reply

Go to solution
brent_david
New Contributor II

Posted on ‎04-04-2023 06:47 AM

@MrChris   did that resolve your issue?

0 Kudos
Reply

Go to solution
jkf
New Contributor III
In response to brent_david

Posted on ‎04-04-2023 06:49 AM

Yes - updating Jamf fixed our issue.

0 Kudos
Reply