Jamf wants to access keychain after upgrading to 8.6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2012 07:34 AM
I've had a couple users get prompted for Jamf wants to use the "JAMF" keychain. Please enter the keychain password. At first i thought it was the CasperSuite deployment, but it's happening on a system that didn't get it installed. the only thing I can think of is the JSS update from 8.5x to 8.6...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2012 07:36 AM
Same here.
Upgraded from 8.52. Thought it was just me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2012 01:04 PM
Does re-enrolling fix this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2012 02:53 PM
This is related to the JAMF keychain being unlocked too long from what I'm told.
#!/bin/sh
# This will unlock the JAMF keychain temporarily
jamf log
# This will disable the autolocking feature of the JAMF Keychain
security set-keychain-settings '/Library/Application Support/JAMF/JAMF.keychain'
exit 0
If you run this all should be well. Defect D-003066
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-30-2012 01:45 AM
Thanks Jason, seemingly working well :)
we were also seeing 401 errors when clients were running policies as a result of this.
There was an error. Could not connect to the JSS. Status - 401 Unmounting file server...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-30-2012 10:32 AM
Ben, I'm guessing the 401 error is still related to the keychain since you are like me and running a Recon after your policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-02-2012 02:11 AM
I saw this for the first time this morning. I have had 8.6 installed since the day it came out, but this is the first time I have seen it. I did upgrade to Mountain Lion last night though.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-08-2012 02:23 PM
does the script only need to be executed once per client, or does this need to be run periodically?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-08-2012 02:48 PM
When you run recon, does it take longer than a few mins? If so, yes, using the script above seems to fix it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-14-2012 10:50 AM
Any update on this we are seeing this too. If it all ready has a defect number then I guess they are working on it. Its interesting we are only seeing this on some of the machines not all of them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-14-2012 10:04 PM
The script above only needs to be run once per client. The other alternative is to dial back the amount of data you collect until JAMF releases a patch. I've also noticed the binary works better when you turn off application usage monitoring.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2012 06:22 AM
Thanks for the Reply Jh
I noticed that the jamf log seems to unlock the keychain for 5 min. Then the 2nd command turns off the auto lock feature.
Like you said the recon or the enroll takes some time to run. Some times over 5 min. So the data collection dial back seems like a good idea.
Thats fine, but I noticed on 8.52 and 8.4 machines the keychain is locked???
I have also noticed that this affects about half of our users on 8.6 so I am not sure why the others are just fine.
The question is would we then have to send another script out to set it to auto lock after the fix comes out?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2012 01:17 PM
Got the word that when updated to 8.61 it will fix the issue. Another script to relock the keychain will not be needed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-19-2012 09:37 AM
Has the fix in 8.61 been confirmed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-26-2012 02:13 AM
The release notes say: [D-003066] Fixed an issue that caused users to be prompted for the JAMF keychain password when inventory submission takes longer than 5 minutes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-06-2013 05:02 AM
I had been getting this prompt for JAMF wanting the keychain, but now, with 8.62 release, I'm getting that prompt for various applications from Safari to Lync.