Posted on 03-20-2023 09:45 AM
Hello,
We have a few devices that have not checked in to Jamf pro since 9/23/23. These are active devices.
What are the reasons Macs stop check-in, and how to fix these issues?
Thanks
Posted on 03-20-2023 12:45 PM
Is it possible to try to check in manually? If you have physical access to one of the devices, or can have the user run one or both of the following commands:
sudo /usr/local/bin/jamf policy
or
sudo /usr/local/bin/jamf recon
Posted on 03-20-2023 01:27 PM
What do you see when you open Terminal and enter:
Posted on 03-22-2023 07:49 AM
JSS is available
03-22-2023 07:50 AM - edited 03-22-2023 07:53 AM
Try this on one of the Macs:
Posted on 03-22-2023 08:05 AM
What I do next after running the sudo profiles renew -type enrollment
Sorry I'm new to jamf
Posted on 03-22-2023 08:12 AM
After you enter the admin password in Terminal, did you see any profile prompts? Might depend on what OS you're on.
Try going to System Preferences/Settings, Privacy and Security, Profiles. Find MDM profile. Does it ask you to install or accept?
Posted on 03-22-2023 08:24 AM
The profiles icon is greyed out.
Posted on 03-22-2023 08:31 AM
Is this what you're seeing? https://discussions.apple.com/thread/253657493
Try to remove Jamf framework and then try to re-enroll to Jamf.
Posted on 03-22-2023 09:41 AM
I was not able to re-enroll in the device.
Posted on 03-22-2023 08:26 AM
I don't see any profile prompt after running the enrollment command
Posted on 03-22-2023 09:45 AM
Back up the data, wipe, and re-provision?
Posted on 03-22-2023 09:47 AM
Yes, I was thinking of doing that. I tried to get other solutions before doing that, so I can try if this happens again.
Posted on 05-10-2024 07:41 AM
Exactly what I was looking for, thanks!
03-20-2023 05:02 PM - edited 03-20-2023 05:03 PM
As obi-k and jcarr mentioned above, you can run
sudo jamf checkJSSconnection
to make sure that the Mac can contact your server,
sudo jamf recon
to have the Mac check-in and update inventory, and finally
sudo jamf policy
to run any pending policies that are waiting for check-in.
If the Mac is unable to check-in, however, then you may be looking at some other problems. Since it sounds like only a handful of machines are exhibiting the issue, it's safe to say that it's not a server-side issue (again, probably). Assuming that the Mac is powered on and connected to a known-good network, but is still unable to check-in, the cause could be a few things:
The best way to figure it out is to get your hands on one of the Macs with the problem and run a few terminal commands, then go from there.
Posted on 03-22-2023 07:48 AM
When I run the sudo jamf recon I get : Device Signature Error - A valid device signature is required to perform the action.
Posted on 03-22-2023 09:43 AM
How can we check these? IT will give me an idea of what was causing this issue
Posted on 03-29-2023 08:15 AM
Try redeploy the Jamf management framework https://pro4tlzz.github.io/JamfHealComputer.html
The device will reenroll and trigger enrollment policies
Posted on 09-25-2023 08:57 AM
I too recently had a bunch of machines failing to check in. What I found is that majority/all of these machines were stuck running "jamf policy", some of them went back a month or more even.
After working with support who suggested re-enrolling devices, which is not ideal in a hybrid work status or working with 30-40+ people giving them instructions. I did some trial and error on my end. What I found was that if I ran a "sudo killall jamf" on impacted devices, followed by "jamf policy" and they would start checking in again without the need to re-enroll the device(s).
I do have a 3rd party patching tool though that allows me to push out scripts and stuff to machines, so that helped bypass Jamf where it couldn't talk to machines.
Hope this help others.
Posted on 10-18-2023 04:03 PM
Interesting point! What tool is that by the way?
Posted on 10-19-2023 04:42 AM
We are using Endpoint Central Cloud UEM edition, its made by ManageEngine. They have just a patching tool the supports many 3rd party apps on windows and macs, but we went with the full suite as we also have their ticketing system so they all integrate. The full suite gives you the ability to push out scripts without needing to install another MDM, just requires a small lightweight on all machines/servers it runs on.