Help

Mac Computers are reporting but not checking in.

Not applicable

Posted on ‎12-05-2011 09:11 AM

Hello,

We are facing problem in our environment as some of the Macs are reporting sending inventory to JSS Server after we run QuickAdd Package but not Checking in (Calling).
I tried running recon from the terminal but it says Certificate is not trusted.
We have a valid trusted certificate installed. This problem we are facing with some of the Mac Computers.
Do anyone facing same problem?

Regards,
Vinay

0 Kudos
4 REPLIES 4

jarednichols
Honored Contributor

Posted on ‎12-05-2011 09:25 AM

Is the certificate signed by an internal Certificate Authority? If so, you'll need to install the CA on all client machines and mark it explicitly as trusted for all functions.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 Kudos

Not applicable

Posted on ‎12-06-2011 04:03 AM

Hi Jared,

Thanks for the reply.
We have a trusted certificate which is working fine for all most all the clients we are having this Calling in (Checking in) issue is with some of the Mac Machines. I tried installing QuickAdd Package by taking remote after installation some of the Macs again started calling/reporting properly. But same QuickAdd package I am installing in some Macs I can see that Macs gives reporting date properly but not calling in. I tried running recon from the same Mac which is not calling in from the terminal it give error as follows...

Retrieving Inventory Preferences from https://jssserver:8443//...
The jamf binary could not connect to the JSS because the certificate is not trusted.
Locating Hard Drive Information...
Locating Hardware Information (Mac OS X 10.5.8)...
Locating Applications...
Locating Receipts...
Finding Extension Attributes...
Submitting data to https://jssserver:8443
The jamf binary could not connect to the JSS because the certificate is not trusted.

Regards,
Vinay

0 Kudos

jarednichols
Honored Contributor

Posted on ‎12-06-2011 06:41 AM

Vinay-

Is your output sanitized or is your server really called 'jssserver' ? If it's actually called 'jssserver' (which is fine) here's what I'm thinking:

Is your certificate only issued for the FQDN of the server? If so, your configuration (server's shortname) does not match the name issued for the server. There's two ways around this:

  1. Configure your clients to use the FQDN of the server - using FQDNs for everything everywhere is more secure than using shortnames and relying upon your DNS to provide the full name
  2. Re-issue your server's certificate with Subject Alternative Names with a DNS entry for both the FQDN and the shortname of the server.

Make sense?

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 Kudos

dhowell
Contributor

Posted on ‎12-06-2011 07:14 AM

I have a self signed one I have to have this in run like this sudo jamf createConf -server myserver.austinisd.org -k
the -k trust the certificate no matter what, you also don't need the port/ You may want to open the package and check the postflight script to reflect this?
D. Trey Howell ACMT, ACHDS, CCA
trey.howell at austinisd.org
Desktop Engineering
twitter @aisdmacgeek

0 Kudos