Jamf Nation Community

jwojda · ‎07-27-2012

I've had a couple users get prompted for Jamf wants to use the "JAMF" keychain. Please enter the keychain password. At first i thought it was the CasperSuite deployment, but it's happening on a system that didn't get it installed. the only thing I can think of is the JSS update from 8.5x to 8.6...

bentoms · ‎07-27-2012

Same here.

Upgraded from 8.52. Thought it was just me.

bajones · ‎07-27-2012

Does re-enrolling fix this?

jhbush · ‎07-27-2012

This is related to the JAMF keychain being unlocked too long from what I'm told.

#!/bin/sh

# This will unlock the JAMF keychain temporarily
jamf log

# This will disable the autolocking feature of the JAMF Keychain
security set-keychain-settings '/Library/Application Support/JAMF/JAMF.keychain'

exit 0

If you run this all should be well. Defect D-003066

bentoms · ‎07-30-2012

Thanks Jason, seemingly working well :)

we were also seeing 401 errors when clients were running policies as a result of this.

There was an error. Could not connect to the JSS. Status - 401 Unmounting file server...

jhbush · ‎07-30-2012

Ben, I'm guessing the 401 error is still related to the keychain since you are like me and running a Recon after your policy.

bazcurtis · ‎08-02-2012

I saw this for the first time this morning. I have had 8.6 installed since the day it came out, but this is the first time I have seen it. I did upgrade to Mountain Lion last night though.

nkalister · ‎08-08-2012

does the script only need to be executed once per client, or does this need to be run periodically?

ahindistan · ‎08-08-2012

When you run recon, does it take longer than a few mins? If so, yes, using the script above seems to fix it.

ClassicII · ‎08-14-2012

Any update on this we are seeing this too. If it all ready has a defect number then I guess they are working on it. Its interesting we are only seeing this on some of the machines not all of them.

jhbush · ‎08-14-2012

The script above only needs to be run once per client. The other alternative is to dial back the amount of data you collect until JAMF releases a patch. I've also noticed the binary works better when you turn off application usage monitoring.

ClassicII · ‎08-15-2012

Thanks for the Reply Jh

I noticed that the jamf log seems to unlock the keychain for 5 min. Then the 2nd command turns off the auto lock feature.

Like you said the recon or the enroll takes some time to run. Some times over 5 min. So the data collection dial back seems like a good idea.

Thats fine, but I noticed on 8.52 and 8.4 machines the keychain is locked???

I have also noticed that this affects about half of our users on 8.6 so I am not sure why the others are just fine.

The question is would we then have to send another script out to set it to auto lock after the fix comes out?

ClassicII · ‎08-15-2012

Got the word that when updated to 8.61 it will fix the issue. Another script to relock the keychain will not be needed.

jafuller · ‎09-19-2012

Has the fix in 8.61 been confirmed?

cvgs · ‎09-26-2012

The release notes say: [D-003066] Fixed an issue that caused users to be prompted for the JAMF keychain password when inventory submission takes longer than 5 minutes.

easyedc · ‎02-06-2013

I had been getting this prompt for JAMF wanting the keychain, but now, with 8.62 release, I'm getting that prompt for various applications from Safari to Lync.

Jamf Nation Community

Jamf wants to access keychain after upgrading to 8.6