Issue with Jamf Pro Enrollment- 403 Forbidden Error

vaerot
New Contributor
We are currently having an issue with our Jamf Pro enrollment link. When users try to access the are receiving a 403 Forbidden Error message. No other details are included on the error page.
These are Macbooks that have not been registered with jamf previously. My coworker found that reformatting and visiting our enrollment link seemed to fix the issue. The problem is we have close to 200 laptops that would need this done, all remote.
I am trying to find another way to get this working again without walking 200 people through a reformat. I don't usually work with Jamf, but the workload right now is considerable so I'm trying to help out. Not sure where to start with this.
We do use Okta for SSO, and we do have a group that assigns jamf to a user (we did check group membership for affected users).
Any help is greatly appreciated.
4 REPLIES 4

daniel_behan
Contributor III

When I've seen that, I've run "/bin/rm /Library/Keychains/apsd.keychain" and then restarted the computer.  Re-enrollment should work after that.

channy-cl
New Contributor III

When we send enrollment link via email, the user always gets 403 error when they visit the link, however, the profile config file (.mbileconfig) do get downloaded.

We then instruct the user to double click on the config file and then click on the "Install" button for the new profile.

ortizj99
New Contributor

Having the same issue today. Trying to manually image Mac that was purchased outside our DEP and when I go to the url and click to download the package, we get the error. The profile does not download and /bin/rm /Library/Keychains/apsd.keychain didn't do anything for me. Any suggestions? I've wiped and reinstalled the OS but that didn't do anything. I'm fairly new to being a JAMF admin so not sure where I need to check and complete the steps below. 

Check the . htaccess File. 
Reset File and Directory Permissions. 
Disable WordPress Plugins. 
Upload an Index Page. 
Edit File Ownership. 
Verify the A Record. 
Scan for Malware. -New Mac, but ran a scan and it came back clean 
Clear Your Web History/Cache. -Brand new 
Mac, so only web history is getting the url. 

 

Appreciate any and all help!

The issue was our push certificate had expired. It should show up as a notification in the portal. We just had to generate a new certifcate and swap it over.