Jamf Nation Community

Sclewis · ‎11-29-2022

We are migrating computers from Jamf Now to Jamf Pro. Things have been pretty smooth. I have a policy in place that prompts for a PRK reset and storage in Jamf with a smart group (unknown PRK). One computer that was enrolled about 2 weeks ago suddenly is missing the PRK, but it's really not because when I go into the computer profile, it's there. But it's still in the smart group saying the PRK is missing. It's also prompting the user at every check-in to reset the PRK, but not removing it from the smart group. It's working fine for all the other computers and I've enrolled about 20 so far. Any ideas why this keeps happening and how to stop it?

jamf-42 · ‎11-30-2022

I see devices of any age.. with everything setup correctly and key escrowed go unknown or invalid... and there does not seem to be a reason. We have policy in place to re-create the key that mostly works, but some need to do via script in self service. I had a ticket for this a while back, but got nowhere.. 'use the script' was the 'fix' .. it's not. .but we move on..

Sclewis · ‎11-30-2022

Interesting...I am using that script within the policy to prompt and reset and escrow during enrollment. I think what was happening was I had the policy set as ongoing and once I changed it to "Once per computer" it seemed to have fixed the problem. Technically the policy should work whenever there's a problem with a PRK since it's tied to a smart group for computers with no or unknown PRKs. I appreciate your insight and it's good to know what these problems just happen to everyone.

Jamf Nation Community

Jamf keeps prompting PRK reset