Mac Computers are reporting but not checking in.

Not applicable

Hello,

We are facing problem in our environment as some of the Macs are reporting sending inventory to JSS Server after we run QuickAdd Package but not Checking in (Calling).
I tried running recon from the terminal but it says Certificate is not trusted.
We have a valid trusted certificate installed. This problem we are facing with some of the Mac Computers.
Do anyone facing same problem?

Regards,
Vinay

4 REPLIES 4

jarednichols
Honored Contributor

Is the certificate signed by an internal Certificate Authority? If so, you'll need to install the CA on all client machines and mark it explicitly as trusted for all functions.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Not applicable

Hi Jared,

Thanks for the reply.
We have a trusted certificate which is working fine for all most all the clients we are having this Calling in (Checking in) issue is with some of the Mac Machines. I tried installing QuickAdd Package by taking remote after installation some of the Macs again started calling/reporting properly. But same QuickAdd package I am installing in some Macs I can see that Macs gives reporting date properly but not calling in. I tried running recon from the same Mac which is not calling in from the terminal it give error as follows...

Retrieving Inventory Preferences from https://jssserver:8443//...
The jamf binary could not connect to the JSS because the certificate is not trusted.
Locating Hard Drive Information...
Locating Hardware Information (Mac OS X 10.5.8)...
Locating Applications...
Locating Receipts...
Finding Extension Attributes...
Submitting data to https://jssserver:8443
The jamf binary could not connect to the JSS because the certificate is not trusted.

Regards,
Vinay

jarednichols
Honored Contributor

Vinay-

Is your output sanitized or is your server really called 'jssserver' ? If it's actually called 'jssserver' (which is fine) here's what I'm thinking:

Is your certificate only issued for the FQDN of the server? If so, your configuration (server's shortname) does not match the name issued for the server. There's two ways around this:

  1. Configure your clients to use the FQDN of the server - using FQDNs for everything everywhere is more secure than using shortnames and relying upon your DNS to provide the full name
  2. Re-issue your server's certificate with Subject Alternative Names with a DNS entry for both the FQDN and the shortname of the server.

Make sense?

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

dhowell
Contributor

I have a self signed one I have to have this in run like this sudo jamf createConf -server myserver.austinisd.org -k
the -k trust the certificate no matter what, you also don't need the port/ You may want to open the package and check the postflight script to reflect this?
D. Trey Howell ACMT, ACHDS, CCA
trey.howell at austinisd.org
Desktop Engineering
twitter @aisdmacgeek