- Jamf Nation Community
- Products
- Jamf Pro
- Jamf Pro AD CS Connector Setup
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Jamf Pro AD CS Connector Setup
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2022 09:41 PM - edited 12-16-2022 09:48 PM
Trying to get Jamf Pro AD CS Connector working... keep seeing these the Jamf Pro logs. Does anyone know where problem is?
2022-12-17 04:23:20,017 [ERROR] [na-exec-122] [dmControllerProcessorImpl] - Could not create MDMResponseAction, returning 500
2022-12-17 04:27:58,303 [INFO ] [eralPool-11] [tionPointInventoryUpdater] - Updating inventory files
2022-12-17 04:55:48,943 [INFO ] [duledPool-0] [PendoEventPublisher ] - Failed to send Jamf Engage API Track Event to Pendo. For more info, turn on debug logs.
2022-12-17 05:01:01,016 [INFO ] [duledPool-9] [rentProfileCleanupMonitor] - Running parent profile cleanup.
2022-12-17 05:23:22,640 [INFO ] [duledPool-2] [PendoEventPublisher ] - Failed to send Jamf Engage API Track Event to Pendo. For more info, turn on debug logs.
2022-12-17 05:27:00,385 [WARN ] [na-exec-132] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
2022-12-17 05:27:00,431 [WARN ] [na-exec-132] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
2022-12-17 05:27:10,122 [WARN ] [na-exec-139] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
2022-12-17 05:27:10,160 [WARN ] [na-exec-139] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
2022-12-17 05:27:15,183 [WARN ] [na-exec-132] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
2022-12-17 05:27:15,186 [WARN ] [na-exec-132] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
2022-12-17 05:27:15,413 [WARN ] [na-exec-122] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
2022-12-17 05:27:15,451 [WARN ] [na-exec-122] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
2022-12-17 05:27:22,217 [WARN ] [na-exec-137] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
2022-12-17 05:27:22,262 [WARN ] [na-exec-137] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
2022-12-17 05:27:39,645 [INFO ] [na-exec-129] [MdmServiceImpl ] - Sending new 'InstallProfile' command to 'ComputerShell [ID=1, Name=test]' with managementID: '9a7dab3b-0cb9-4a54-b38e-670a24714bce'
2022-12-17 05:27:58,917 [INFO ] [neralPool-2] [tionPointInventoryUpdater] - Updating inventory files
2022-12-17 05:30:10,409 [ERROR] [na-exec-125] [InstallProfile ] - Error loading configuration profiles for device.
com.jamfsoftware.jss.exceptions.mdm.ConfigurationProfileException: Failed to inject certificates into the profile: d8ed9976-de7d-49d4-9d8e-b3bf08b7878d
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-18-2022 08:31 AM
Hey, have you seen the ADCS Connector video on YouTube by Daniel Maclaughlin? I recommend watching the video and trying your setup again. The video goes through the installation and set up of certificates on the CA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2022 04:36 PM - edited 12-18-2022 04:37 PM
I recently got this working after months of troubleshooting cert, firewall and F5 load balancer issues.
Take a look at this video also from JNUC it helped me a lot.
Compliance and Identity: Doing More with Certificates in Jamf Pro | JNUC 2019 - YouTube
Are you getting anything in your IIS logs? If not from my experience it was issues with the certs used not matching in Jamf Pro (we had to use different certs to auto generated ones) and ADCS server or firewall/networking issues.
Keep searching the server logs there should be some ones similar to these;
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-18-2022 10:53 PM
Only this I can see from IIS logs, 13.210.90.105 is their Sydney IP Address
POST /api/v1/certificate/request - 443 - 13.210.90.105 Java-SDK - 500 0 0 172
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-20-2022 11:06 PM
Maybe double check your configuration profile if you haven't already to make sure the template name and the variables you are using are valid. I had a 500 error on the server yesterday and it was because my SAN value of $EMAIL wasn't present in the User and location section prior to the profile been requested. You can also try this script on your mac to see if the process is working without Jamf in the workflow.
ol/Testing AD CS Connector with curl.sh at master · jamf/ol · GitHub
