Help

Help with policy not taking

alaiuppa
New Contributor

Posted on ‎10-18-2016 08:11 AM

Hello,

When pushing my deployment package, it all appears to work. However occasionally one of my policies seems to not take.

All it does is create another administrator account. Now I can see from the cloud management panel that the group I created for those 'Missing the Admin' account has the computer that got the deployment and not the policy. It is set to then remediate it by pushing the policy but that does not seem to happen.

The policy is set to deploy at EnrollmentComplete and Checkin-Frequency. Additionally I've tried manually jamf enroll, jamf manage, and jamf heal. The first two run and seem to show some output but I've tried checking back shortly after and there is no administrator account.

It's worth noting that a majority of the time it does create the admin account. Any advice or guidance would be much appreciated, thanks.

Labels:
0 Kudos
8 REPLIES 8

rderewianko
Valued Contributor II

Posted on ‎10-18-2016 08:21 AM

can you try running the policy as verbose?

sudo jamf policy -event -verbose

(not having anything after event would act like a reoccurring checkin)

0 Kudos

alaiuppa
New Contributor

Posted on ‎10-18-2016 10:39 AM

Absolutely, here is the output:

verbose: JAMF binary already symlinked verbose: JAMF agent already symlinked verbose: Checking for an existing instance of this application...
Checking for policies triggered by "-verbose" for user "redacted"... verbose: Checking for active ethernet connection... verbose: No active ethernet connection found... verbose: Removing any cached policies for this trigger. verbose: Parsing servers... verbose: The Management Framework Settings are up to date.
No policies were found for the "-verbose" trigger.

0 Kudos

rderewianko
Valued Contributor II

Posted on ‎10-18-2016 11:17 AM

My apologies, because we had no trigger but called -verbose, Jamf took -verbose as a policy trigger.
Lets switch them around to get a full verbose output.

sudo jamf policy -verbose -event
0 Kudos

alaiuppa
New Contributor

Posted on ‎10-18-2016 11:41 AM

Is this better?

verbose: JAMF binary already symlinked verbose: JAMF agent already symlinked verbose: Checking for an existing instance of this application...
This policy trigger is already being run: root 10446 0.0 0.1 2521904 11216 ?? Ss 2:37PM 0:00.02 /usr/local/jamf/bin/jamf policy -randomDelaySeconds 300 verbose: Policy error code: 51

I see that policy error code so I'm going to break out my Google-Fu on that.

0 Kudos

rderewianko
Valued Contributor II

Posted on ‎10-18-2016 11:42 AM

So the above, means you ran a checkin when one's already running. You could "kill that" and run your own, It's a pretty standard output.

sudo killall jamf
0 Kudos

alaiuppa
New Contributor

Posted on ‎10-18-2016 12:09 PM

Ah here we go, some real verbosity.

verbose: JAMF binary already symlinked

verbose: JAMF agent already symlinked

verbose: Checking for an existing instance of this application..

Checking for policies triggered by "recurring check-in" for user ".........."...

verbose: Checking for active ethernet connection...

verbose: No active ethernet connection found...

verbose: Removing any cached policies for this trigger.

verbose: Parsing servers...

verbose: Parsing Policy Create localadmin account (7)...

verbose: The Management Framework Settings are up to date.

verbose: Found 1 matching policies.

Executing Policy Create localadmin account

Running Recon...

verbose: Timeout: 10

verbose: Checking availability of ..........

verbose: The JSS is available.

Retrieving inventory preferences from .........

Finding extension attributes...

Locating accounts...

Locating software updates...

Locating package receipts...

Locating plugins...

Locating applications...

Locating fonts...

verbose: Running script for the extension attribute EFI Password Mode

Searching path: /Library/Internet Plug-Ins

Searching path: /Applications

Locating hard drive information...

Locating printers...

verbose: Locating running services...

Searching path: /private/var/jssadmin/Library/Fonts

Searching path: /Users/........./Library/Fonts

Searching path: /Library/Fonts

verbose: Found app: /Applications/App Store.app

verbose: Found app: /Applications/Automator.app

verbose: Found app: /Applications/Calculator.app

verbose: Found app: /Applications/Calendar.app

verbose: Found app: /Applications/Chess.app

verbose: Found app: /Applications/Contacts.app

verbose: Found app: /Applications/Dashboard.app

Searching path: /System/Library/Fonts

Searching path: /Library/Application Support/Adobe/Fonts

verbose: Found app: /Applications/Dictionary.app

.........

verbose: Finding CoreStorage information...

verbose: found CoreStorage PV disk0s2 LVG UUID:

verbose: found CoreStorage LV disk1

Locating hardware information (Mac OS X 10.11.6)...

verbose: Device is BLE capable: no

verbose: Checking AD status...

Gathering application usage information...

verbose: Looking in 2016-10-18

verbose: Reading (null).plist...

verbose: Reading user.plist...

Submitting data to .......

<computer_id>.........</computer_id>

Submitting log to ...........

0 Kudos

rderewianko
Valued Contributor II

Posted on ‎10-18-2016 01:00 PM

Executing Policy Create localadmin account <-- means its executing it..

does the jamf log say anything? /var/log/jamf.log?

Does your casper management account have admin access to the machine?

0 Kudos

alaiuppa
New Contributor

Posted on ‎10-19-2016 06:32 AM

The log just mirrors the same, a lot of Executing Policy Create localadmin. It even performs the Check-in, picks up the fact that the policy needs to be deployed and then attempts to Execute the policy.

My casper management account does have admin access to the machine, to the best of my knowledge.

0 Kudos