Jamf/Casper - Error enrolling computer: Connection failure: "The request timed out."

RobertAlviar
New Contributor II

Hello Jamf Nation,

We are having issues enrolling machines to casper even if i can reach the JSS server if i ran the command "checkjssconnection".

here is what happens if i try to re-enroll a machine via Terminal:



bash-3.2# date;jamf enroll -prompt -verbose;date
Mon Jan 23 14:26:28 EST 2017
JSS Username:Robert
JSS Password:
SSH Username:Robert
SSH Password:
Downloading required CA Certificate(s)...
verbose: Successfully downloaded the certificate "My Company JSS Built-in Certificate Authority".
verbose: Successfully added the certificates to the System keychain...
verbose: Restoring JAMF.keychain since an error occurred.
verbose: Unable to find a JAMF Device Identity in the JAMF Keychain.
verbose: Error submitting enrollment status to the JSS: Security Error - A security error has occurred.

There was an error.

Error enrolling computer: Connection failure: "The request timed out."

Mon Jan 23 14:28:24 EST 2017

checkjssconnection:
bash-3.2# date;jamf checkjssconnection;date
Mon Jan 23 14:29:20 EST 2017
Checking availability of https://mygreat.company.com:8443/...
The JSS is available.
Mon Jan 23 14:29:22 EST 2017


Regards,
-Robert

6 REPLIES 6

bvrooman
Valued Contributor

Does your JSS have a trusted certificate installed for Tomcat to use, or (if it's from internal PKI or self-signed) does the Mac trust the root CA?

RobertAlviar
New Contributor II

@bvrooman by the way sir i'm not directly managing the casper server. but to answer your question, i believe it has all the requirements set since there are times that systems are able to enroll successfully.

engh
New Contributor III

I am having this same issue, though only from a single computer.

We are successful enrolling other computers from multiple locations on our network. We have enrolled computers from the same subnet using the same .pkg so ACL's shouldn't be causing any issues.

I have tried a self-enroll .pkg and also sudo jamf enroll -prompt - all come back with the same error.

Just like @RobertAlviar , the JSS connection is available and I can SSH into the machine without issue either. JAMF binary is the correct version.

I found in https://www.jamf.com/jamf-nation/discussions/13861/device-signature-error a couple items to try but neither purging the user and location data or running the hidden enrollment commands worked either.

The last thing that I did was to remove the computer object from the JSS and it enrolled properly.

If these computers you are trying to enroll and running into issue with were previously in the JSS, try deleting the records.

Cheers!

-Dan

bearzooka
Contributor

My two cents on this:

When we had this issue, the JSS database was a recovery from another JSS instance, hence, the certificates wasn't matching.

We had to reupload the certificate (or recreate in case of a self-signed one), then restart Tomcat and then the following two commands on the machines:

sudo jamf removeFramework 
sudo jamf enroll -prompt

Hope this helps.

KatieE
Contributor
Contributor

@bearzooka Please note:

sudo jamf removeFramework

Will remove all management information, as well as the jamf binary itself.

sudo jamf enroll -prompt

Will therefore fail, as there is no longer a jamf binary on the client to call the enroll verb.

In short: If you're seeing this problem, please contact Jamf Support. :)

bearzooka
Contributor

@kenglish Right! I forgot to mention that I ran the corresponding QuickAdd package between those two commands.