Help

Machines losing connection with our JSS

bbot
Contributor

Posted on ‎01-06-2017 10:32 AM

Every month, we're seeing about 6-12 machines that lose their connection with our JSS.

I have a smart group that checks for machines not checked in for 30 days or more, then use a ping scanner tool to determine which machines are still active and online.

I then have to use recon to re-enroll them into the JSS.

Has anyone else seen this in their environment?

0 Kudos
Reply
10 REPLIES 10

ocla__09
Contributor

Posted on ‎01-06-2017 10:49 AM

@bbot What ping scanner tool do you use?

0 Kudos
Reply

bbot
Contributor

Posted on ‎01-06-2017 10:51 AM

@ocla&&09 It's a Window's tool called PingInfoView - http://www.nirsoft.net/utils/multiple_ping_tool.html

I export a list of the machines from the smart group, then copy and paste the entire list in there and see which machines are replying.

0 Kudos
Reply

TomDay
Release Candidate Programs Tester

Posted on ‎01-06-2017 10:55 AM

@bbot Yes we have been seeing this for nearly a year now. Same symptom and same resolution as you every month or so. Sorry I can't offer more but just wanted to let you know, yes we are in the same boat. All I've really done so far is "put it on the list" to investigate further.

0 Kudos
Reply

bbot
Contributor

Posted on ‎01-06-2017 11:00 AM

@TomDay Thanks for your input.

I also noticed that two machines are having issues re-enrolling. First time seeing this in the past 2 years. I can ping our jss from their machine, but doing a "checkjssconnection" says it can't connect due to some certificate error. I've tried re-enrolling using Recon tool and using jamf enroll -prompt locally on the machine..

0 Kudos
Reply

EliasG
Contributor

Posted on ‎01-06-2017 11:57 AM

I as well run into the same issue and have to take a drive to the schools and re-enroll them again.

0 Kudos
Reply

ocla__09
Contributor

Posted on ‎01-06-2017 01:10 PM

I have tried the Recon network scanner over the years and have never seen it be useful. All it does is re enroll machines already in inventory, even though theoretically those machines should not be re enrolled if you have "don't scan IP's already in the JSS" checked...

Have others had better results?

0 Kudos
Reply

bbot
Contributor

Posted on ‎01-06-2017 01:14 PM

@olcikas_e I have the same experience with the Recon network scanner. It re-enrolls machines that were already enrolled. The overall process for us is too long since our network range from wifi and wired is over 15,000 addresses. I found it's easier for me to manually check my Smart Group that looks for inactive machines over 30 days, then manually re-enroll them once a month using Recon.

What would be cool is a way to remotely bulk enroll machines instead of entering them in 1 by 1.

0 Kudos
Reply

ocla__09
Contributor

Posted on ‎01-06-2017 01:17 PM

How do you identify the IP's for machines that have fallen out of inventory? Search DNS?

0 Kudos
Reply

bbot
Contributor

Posted on ‎01-06-2017 01:22 PM

@ocla&&09 I export the hostnames from the Smart Group, and pop them into http://www.nirsoft.net/utils/multiple_ping_tool.html (Windows tool). You can probably find a similar tool for Mac.

The tool tries to ping all the addresses, tells me which one has IP's in DNS, and tells me which ones are currently online.

Based on the ones online, I'll re-enroll them manually using Recon. (this is the painful and time consuming part)

0 Kudos
Reply

claudiogardini
Contributor

Posted on ‎01-09-2017 03:23 AM

Casper Check by Rich Trouton might make your life easier. https://github.com/rtrouton/CasperCheck

0 Kudos
Reply